Slightly adjacent, but I found the excitement of actually getting the ‘Congratulations, you installed discourse! ’ screen made me forget about the rest of the guide. I did remember the Post-Install Maintenance eventually, but perhaps there’s space for a ‘Prepare your Cloud Server (optional)’ section inbetween “Access Your Cloud Server” and “Install Discourse”? That could include the dpkg-reconfigure -plow unattended-upgrades, apt install libpam-cracklib, and fail2ban info, and maybe the apt-get update/upgrade?
I have to bow down to your greater experience on this, but my original thought was to just move these from the existing Post-Install Maintenence to a new section above Install Discourse to make them more obvious/harder to miss. (for me at least, as soon as I saw the on my screen I instantly forgot about the server, and wanted to explore my new toy )
Preparing Your Cloud Server (optional)
We strongly suggest you turn on automatic security updates for your OS. In Ubuntu use the dpkg-reconfigure -plow unattended-upgrades command. In CentOS/RHEL, use the yum-cron package.
If you are using a password and not a SSH key, be sure to enforce a strong root password. In Ubuntu use the apt install libpam-cracklib package. We also recommend fail2ban which blocks any IP addresses for 10 minutes that attempt more than 3 password retries.
Ubuntu: apt install fail2ban
CentOS/RHEL: sudo dnf install fail2ban
If you need or want a default firewall, turn on ufw for Ubuntu or use firewalld for CentOS/RHEL.