I’m using Trellis and it’s awesome. I’m interested in what the next steps/best practice should be for ongoing server maintenance, security etc should be. Kinda like the Sage book, but for Trellis…
I know one option is to use a managed host like Kinsta, but I want to learn rather than just offload it.
Is it assumed that there are next steps to take outside of what is in the documentation or is re-provisioning occasionally enough to keep the server safe and stable?
Should all changes to the server be done through Trellis rather than sshing directly to the server and doing (for example) apt-get upgrade?
What resources other than this discourse and the docs would be good to read?
I don’t know of any resources that can be looked at but there are a fair amount of videos on YouTube around it.
As for point 2, you shouldn’t ever make changes manually over SSH. For adding Ubuntu packages, you can define them in your Trellis configurations like so:
depends on your solution of course so not too much we can do. 2. we might be able to handle, but don’t yet. I’d recommend at least trying to run/automate the dist upgrades. 3. I’d suggest setting up warnings for this at least. Many cloud providers offer it (like DO).
I’ll be honest. I try to log into my various instances every month or so and run software updates from the admin account to try and keep things secure and up to date. It is something I’d be interested in seeing some better automated management of, but I’m not sure if that’s possible without a lot of caveats?