Strong family

http://www.atheistmovie.com/about/

  1. hear the word.

God must be first in your life.

  1. Love the Lord fervently
  2. Teach the young diligently

Sharpen your children.

You shall teach them diligently to your children, and shall talk of them when you sit in your house, and when you walk by the way, and when you lie down, and when you rise.
Deuteronomy 6:7 ESV

4.Fear the Lord

It is the Lord your God you shall fear. Him you shall serve and by his name you shall swear.
Deuteronomy 6:13 ESV

And he said to man, ‘Behold, the fear of the Lord, that is wisdom, and to turn away from evil is understanding.'”
Job 28:28 ESV
https://bible.com/bible/59/job.28.28.ESV

Advertisements

Carry everything to God in prayer

2kings8

Knowledge is not the same as obedience.

Dont force a set of Christian morals on a non-believer. When they come to faith they will know. Tell them of your personal relationship with Jesus Christ.

Mark8

Where do you go in dispear? Carry everything to God in prayer.

Vv52 After death there is another life that only Jesus Christ can speak into.

How to CodeIgniter on Azure

I like to follow this naming structure:

project-grp

project-lb

project-app1

project-app2

project-db

project-con

Create a resource group

Everything created needs to live in the same group.

App servers

Create the app server:

  • B1MS size
  • Ubuntu Linux

Point domain name to server:

  • A record: @
  • CNAME www

Network

  • port 22 restrict to our office
  • Can connect to the cache server

Database

Create a new Azure Database for MySQL server within the same resource group:

Allow access to Azure services.

Turn off SSL connection.

Network:

  • Port 3306
  • Navigate to it’s security group and allow the app servers to connect inbound
  • Allow our office to connect inbound

Container

Create a new container within the resource group.

Deploy your repo

Create a production branch.

This shell script will help you create a project home and clone your repo.

Create SSL cert

If Let’s Encrypt is already installed then just run:

certbot-auto

If you require www in the cert then follow this guide:

https://jianliyow.wordpress.com/2016/09/26/lets-encrypt/

Database

Create a new MYSQL user.

How to Forge Laravel

Forge.laravel.com manages AWS for us. This guide is based off this video series over at serversforhackers.com

Setup

Let’s create the following:

  • project-lb
  • project-cache
  • project-app1
  • project-app2
  • project-db (not managed by Forge)

Load balancer

Create the server:

  • Spec: t2.small size
  • No database
  • Select Provision As Load Balancer

Cache

Create the Redis cache server:

  • Spec: t2.small size
  • Reference the server specs here
  • No database
  • Restrict port 22 to forge servers and your static IP
  • Run cache recipe.

App servers

Create the app servers:

  • Spec: t2.small size
  • No database
  • Run app recipe

Network Cache server

  • Restrict port 22 to forge servers and your static IP

Network App servers

  • can connect to the cache server
  • Restrict port 22 to forge servers and your static IP

Database

Go to the AWS management console and create an RDS instance:

  • Spec: db.t2.small

Navigate to it’s security group and allow the app servers to connect inbound.

Office IP should be automatically added.

I suggest you create a new MYSQL user.

Bucket

Create a new S3 bucket and a new IAM user:

https://jianliyow.wordpress.com/2017/08/23/aws-s3-bucket-policy-and-iam-policy/

Deploy the project

Point domain name to load balancer:

  • A record: @
  • CNAME www

Inside the load balancer page add a new site.

Add a new site.

Navigate into the site and select the servers you want to balance.

Redis

In our sites .env edit the following:

CACHE_DRIVER=redis
SESSION_DRIVER=redis
REDIS_HOST=local_ip

Sites

Inside the app servers, add a new site.

Connect the Bitbucket repository to the site.

Create the SSL cert with LetsEncrypt (Beta).

Deploy WPengine

WPengine

Create a new site

The admin password will be sent to your email, if you did not receive it reset it:

  • Go to phpmyadmin in the WPengine site admin sidebar
  • Look for the wp_users table and change the email

Staging

Now that you are logged in I suggest creating a staging site. In the WP dashboard sidebar find WPengine and go into the staging tab.

Git

Setup

In the WPengine site admin page look for git push in the sidebar.

Add your public key. If you added your public key to a previous project you do not need to add it again.

Test your key and then add the remote servers to your git. Go here for help.

Repository

You can use this as a boilerplate:

https://github.com/jianliyow/wpengine-startup

It will grab all the core files, some essential plugins and install gulp.

You can push to WPengine like this:

sh wpengine.sh staging

 

Joash

2kings6
Axe head. God is personal.

King of Syria. The Christian hope is certain. We need to believe before we can see. God is merciful.

As we grow as a Christian we move from milk to solid food.

Exodus 17:1-7
We will encounter trials in our lives. Our Rephadim. Live by faith and God’s provision.

It is for discipline that you have to endure. God is treating you as sons. For what son is there whom his father does not discipline?
Hebrews 12:7 ESV
https://bible.com/bible/59/heb.12.7.ESV

UnattendedUpgrades

Let the computer do the work and email if it breaks anything.

 

Postfix

sudo apt-get install mailutils postfix

sudo dpkg-reconfigure postfix (just enter the default values)

Open aliases:

sudo vim /etc/aliases

Append:

root: email@example.com

Reload aliases:

sudo newaliases

Test send email:

echo "This is the body of the email" | mail -s "This is the subject line" root

UnattendedUpgrades and apt-listchanges

Download and install the two packages:

https://wiki.debian.org/UnattendedUpgrades

#servers

server hardening

Apache

https://gist.github.com/jianliyow/e89630afe8c90c112490641245dc97b2

Hide Apache Version

Disable Trace HTTP Request

Disable server Signature

Disable server Banner

Apply unattended upgrades

only key access

no root login

restrict inbound ports

Nginx

https://www.tecmint.com/hide-nginx-server-version-in-linux/

Application

no 777 permission

Disable Directory Listing

forge.laravel.com

Has basic hardening:

https://laracasts.com/discuss/channels/forge/what-does-forge-in-terms-of-security

Database

restrict port 3306 to app server (login via SSH)