Spent the afternoon hardening the new production server. SSH lockdown, automated offsite backups with encryption, OS-level security updates on autopilot, WAF verified active, HSTS on all domains, database tuned, and external uptime monitoring watching everything at 5-minute intervals. Also wired up server-side resource alerts. Went from 'Plesk is installed' to 'production-ready' in one session. The old CentOS box is looking more disposable by the day.
Ran a full backup audit today. Found gaps: missing Docker volumes, no retention policy on one backup set, a dead service in the health check. Fixed all three, then wrote a disaster recovery runbook. Six phases, every command copy-pasteable. If the server dies, we rebuild from the NAS in under four hours. Next step: off-site backups to a remote server so a single point of failure does not take out everything.
Added a Synology NAS as the storage layer. Backups, media, shared volumes. The server handles compute, the NAS handles data. Two machines, clear separation of concerns. If the server dies, the data survives.