Sorry that I was down for a while. I underestimated the effort it took to migrate to a new server and I had barely time to do it. The upgrade was troublesome, because virtual servers are hardly upgradeable once they’re out of the support period and I could barely re-use any of the old stuff. Also, originally I wanted to build a docker layer into the system’s architecture to enable an easier migration in the future. As it turned out, running a virtual server it’s sometimes just not possible to use docker, because of kernel sharing limitations. For the time being it’s actually not doable within my hosting company’s virtualization solution.
While planning the migration, my main goal was to get rid of Plesk, because it digs way to deep into the system. It’s basically impossible to configure anything by hand if Plesk is installed on a server. It completely breaks apache, mail, SSL and cron administration. Plesk actively tries to make it impossible for users to understand how the system is configured below the surface and how it can be improved manually. It is also almost impossible to purge the installation afterwards. Using Plesk is a really bad idea for intermediate users that want to tweak their server by hand, even partially, and to get a better understanding of how things are set up properly in regular ways.
Other improvements are:
- SSL is now enforced
- SSL certs are now provided by the Let’s Encrypt Certification Authority
- Implemented cron maintenance jobs to keep the patch level up to date
- Introduced Fail2Ban as intrusion prevention agent for applications and services
- Dropped fwknop ssh guard because of essentially redundant protection
- Replaced Open-Xchange with Roundcube
I’m not sure whether I want to stick with WordPress as CMS, so that could change as well. Also, I’m not sure whether or not to restore posts from my old website. Or to what extent. Time will tell.