Jeffin
Well-known member
About the site
Build a modern, secure, fast, easy-to-upgrade environment on a fresh DigitalOcean Ubuntu 24.04 LTS droplet, migrate XenForo, harden it, and hand over clear docs so my team can maintain it going forward. No in-place Centmin changes; this is a side-by-side migration.
I am usually free over the weekend, so if I don't reply immediately, I will certainly reply over the weekend. Thanks very much!
- Domain: christianforumsite.com
- Host: DigitalOcean droplet, fronted by Cloudflare (Free plan currently)
- Traffic (last 30 days from Cloudflare): ~10.26M requests, 148 GB served, 1.2M unique visitors, ~19% cached
- Current stack (old): Centmin Mod on an ageing distro (nginx 1.21.x, PHP 8.0.24, MariaDB 10.4.x, OpenSSL 1.0.2k etc.)
Build a modern, secure, fast, easy-to-upgrade environment on a fresh DigitalOcean Ubuntu 24.04 LTS droplet, migrate XenForo, harden it, and hand over clear docs so my team can maintain it going forward. No in-place Centmin changes; this is a side-by-side migration.
Scope of work (deliverables)
1) Provision & base hardening
- New DigitalOcean droplet (Premium CPU) in same region.
- Suggested starting size: 4 vCPU / 8 GB RAM / 160 GB SSD (can right-size after tuning).
- Create non-root sudo user; SSH keys only, disable password/root logins.
- Install and configure:
- nginx, PHP-FPM 8.3 (8.2 only if an add-on blocks), extensions: mbstring, intl, gd or imagick, zip, curl, redis, opcache.
- MariaDB 10.6+ (or I can opt for DO Managed DB—quote both options).
- Redis (object cache).
- certbot, UFW, fail2ban, unattended-upgrades, logrotate.
- Security baseline: UFW (22 from admin IPs, 80/443 open), fail2ban ssh + nginx auth jails.
2) Web/PHP/DB tuning
- nginx vhost for christianforumsite.com (+ www) with pretty URLs, HTTP/2/3, TLS 1.3, sensible security headers; client_max_body_size set to match XF attachments.
- PHP-FPM pool tuned for RAM (e.g., pm=ondemand, reasonable max_children).
- Opcache enabled with sane limits.
- MariaDB tuned for utf8mb4; reasonable innodb_buffer_pool_size (on 8 GB RAM, 2–3 GB), slow query log enabled.
3) Cloudflare (keep zone)
- SSL mode Full (strict); origin cert or Let’s Encrypt on the droplet.
- If on Pro (preferred for forums): enable Managed WAF; add rate-limits:
- /login & /register: ~20 req / 60 s per IP → block/challenge.
- /admin.php: challenge by default; allowlist office IPs.
- Cache rules: bypass for logged-in cookies; cache static (/styles/, /js/, /attachments/*) with long TTL.
- If staying on Free, implement equivalent basic protection + nginx/fail2ban throttling.
4) Email deliverability
- Configure transactional SMTP (SES/SendGrid/Mailgun).
- SPF/DKIM/DMARC records validated; test from XenForo.
5) Staging, migration & cutover
- Set up staging.christianforumsite.com on the new droplet for rehearsal.
- Copy codebase, data/ and internal_data/ (correct permissions; only these two writable).
- Dump DB on old → import on new.
- Update src/config.php (DB creds, Redis, salts).
- Test: guest + logged-in flows, posting, uploads, image proxy, cron, sitemap, mail.
- Lower DNS TTL, put old site in maintenance, final rsync & DB dump, switch DNS via Cloudflare, purge cache, monitor.
6) Backups & monitoring (must have)
- Nightly DB dump (mysqldump --single-transaction) → gzip → upload to DO Spaces (S3) with 7–14-day retention.
- Nightly rsync of data/ & internal_data/ to Spaces.
- Weekly droplet snapshot.
- External uptime check + Healthchecks for backup jobs.
- Prove a restore on staging (show steps and a successful login).
7) Documentation & handover
- Paths and owners, nginx/PHP/MariaDB/Redis configs, cron jobs, Cloudflare rules, backup locations and restore runbook, and a simple SOP for:
- Monthly apt security updates,
- PHP minor upgrades when XF/add-ons support it,
- XenForo upgrade checklist (staging first, then prod).
8) Optional (quote separately)
- Offload attachments to DO Spaces (S3) via XenForo to lift cache % and reduce origin I/O.
- Elastic/Opensearch setup only if I’m using Enhanced Search (confirm during discovery).
Constraints / notes
- Prefer PHP 8.3 if add-ons allow; otherwise launch on 8.2 and note blockers.
- No Centmin Mod; standard Ubuntu 24.04 packages for maintainability.
- I’m in Sydney (AEST/AEDT). I’ll provide DO & Cloudflare admin invites and current server SSH access.
- Maintenance window can be arranged for low-traffic hours.
Please private message
- Fixed-price quote (itemised base scope + optional items).
- ETA and availability window.
- 2-3 relevant migrations you’ve done (LEMP/PHP 8.x; XenForo or comparable PHP apps).
- Your approach to backups and rollback, and a sample nginx vhost (redact secrets).
- Post-cutover hyper-care period (e.g., 7 days) included in price.
I am usually free over the weekend, so if I don't reply immediately, I will certainly reply over the weekend. Thanks very much!