Beginner's guide to server administration with bedrock-ansible

Hello, first I need to say that the Roots projects are amazing. I began using them a month ago after using VVV for local WordPress themes development for a year and the Bedrock, bedrock-ansbile and Sage combination made me learn so much already. Thanks!

I provisioned a 512mb DO droplet and deployed a website with bedrock-ansible and the site is online and fine. As I am totally new to cloud servers and VPS, I would like to get a head start by asking what other steps would be recommended to update/maintain/optimize/secure my DO droplet that’s already in « production ».

The website won’t have hundreds of visitors at the same time but should get at least a hundred per day during the summer.

Here is a list of questions that could help me further my research :

1. Is provisioning a DO droplet with the bedrock-ansible scripts makes it good enough for production?
2. Can I or should I update the DO server by provisioning it again?
3. Other than removing root ssh to secure the droplet, is there other security steps I should take?
4. If I try the nginx built-in caching method described here (Best Caching Practices) or if I make any change to the server, would it be a good idea to add the steps to my bedrock-ansible scripts?
5. If I want to monitor usage of the website (google analytics already in use) and load on the servers at different time of the day and weeks, where should I look?

Any suggestions for a beginner sysadmin is appreciated.

I’m also very interested in this. Thank you for your very good questions.

Great questions!

1. That’s our goal and we believe it’s currently good enough. There’s a few things missing like monitoring but the important things are there.
2. You can re-provision your server whenever you want an update we make to bedrock-ansible. Some of these don’t matter for existing servers so it’s mostly up to you.
3. There’s a few already taken care of like fail2ban and ferm (firewall). That should take care of the most common/important security issues.
4. Yes any change you make to the server should be done through Ansible. That way you can always re-create your server or scale and add more.
5. There’s nothing built-in for this but there’s a ton of software you could install. Services like http://newrelic.com/ are also good since they provide WordPress/application monitoring as well.

Thanks for the quick answer. That’s helpful! It confirms my assumptions and I understand that if I want to customize the server, I should do it through the ansible scripts.

Another question came to my mind by reading other articles on the Digital Ocean website… Is there a reason why there is no swapfile setup on the server provisioned by bedrock-ansible?

About monitoring : my concern is to look at the performance of the website on a 512mb server. I installed the New Relic agent for APM and Server monitoring (thanks for the suggestion). Everything seems to work fine, although New Relic provides a lot of data and it’s taking me time to digest it all. I will see how useful it is after the 14 day trial as their services is too expensive for my client. But it’s a good start to see what kind of monitoring I find useful and I might try to find open source software that I could install on the server eventually.

I actually thought there was a swapfile since it was brought up over a month ago. I just did a new PR here so that will be merged in very soon.

New Relic is expensive. Unfortunately most other services like it are expensive too.