Upgrade to Pro — share decks privately, control downloads, hide ads and more …

Brightsource web hosting overview

Andy Beak
December 09, 2015
0
23

Brightsource web hosting overview

Presented to National Trust on 2015-12-09

Andy Beak

December 09, 2015
Tweet

More Decks by Andy Beak

See All by Andy Beak
Migrating to PHP7
andybeak
1
8
Web application authentication
andybeak
0
31
Online Payments
andybeak
0
37
Introduction to Programming
andybeak
1
47
Software Engineering
andybeak
0
36
Instinctiv team meeting
andybeak
0
59

Featured

See All Featured
Infographics Made Easy
chrislema
238
18k
Designing on Purpose - Digital PM Summit 2013
jponch
111
6.5k
Typedesign – Prime Four
hannesfritz
36
2.1k
The World Runs on Bad Software
bkeepers
PRO
61
6.7k
Robots, Beer and Maslow
schacon
PRO
155
7.9k
Scaling GitHub
holman
457
140k
Writing Fast Ruby
sferik
622
60k
VelocityConf: Rendering Performance Case Studies
addyosmani
321
23k
[Rails World 2023 - Day 1 Closing Keynote] - The Magic of Rails
eileencodes
7
1.3k
A better future with KSS
kneath
231
16k
Fontdeck: Realign not Redesign
paulrobertlloyd
76
4.9k
ParisWeb 2013: Learning to Love: Crash Course in Emotional UX Design
dotmariusz
104
6.6k

Transcript

  1. Brightsource Raffle Hosting Overview of environment 11 December 2015

  2. Data  is  encrypted  in  transit  with  TLS   Live  sites

     hosted  in  Ireland   Backup  are  stored  in  Frankfurt   Amazon  vs.  Customer  responsibility   (shared  responsibility  model)    
  3. None

  4. Site  is  served  from  its  own  EC2  instance   Database

     is  on  RDS  in  a  private  subnet  

  5. Ubuntu  LTS  patched  with  security  updates     Each  client

     (site)  is  on  its  own  instance     Nginx,  PHP5-­‐FPM  are  installed  -­‐  no  addiQonal  services  run  on  the  box     Port  80  and  443  are  exposed  by  Amazon  security  group,  all  other  ports   are  blocked  to  the  public  Internet.     Security  cerQficate  installaQon  uses  custom  Diffie-­‐Hellmen  and  receives   an  A+  raQng  on  ssllabs.com     SSH  login  restricted  to  Brightsource  network  and  is  by  cerQficate  only.       Fail2Ban  is  installed   CerQficate  is  not  shared  outside  of  our  team.