This restores a static website into Apache. A few risk management controls are implemented: backup/restore on AWS S3, logging on loggly.com. https://www.youtube.com/watch?v=eNxd7qoc8cA
Getting this going on e.g. Digital Ocean requires the following steps:
- starting a machine with the Docker daemon (on Digital Ocean, take one of the one-click apps that has Docker)
- installing docker-compose: https://docs.docker.com/compose/install/ (you need a version 1.6 or better), if needed
- git clone https://github.com/pve/5caaws.git
- restore the secrets from your stash into the .dist files
- run docker-compose up
- validate that you got the full restore, this can take a while; you are looking for the line that says "Job get finished" or "exited with code 0" in the logfiles that you see on loggly or the console
- restrict the Docker machine login to two jumphosts
- /etc/hosts.deny sshd: All
- /etc/hosts.allow sshd: your subnets
- additionally, you might want to log the docker machine itself. i.e. https://XXXX.loggly.com/sources/setup/linux-setup-base
Upgrading the underlying machine (not to mention the containers) can be done by just reinstalling everything on a fresh machine. This will restore the backup.