The Stack

Spent the afternoon hardening the new production server. SSH lockdown, automated offsite backups with encryption, OS-level security updates on autopilot, WAF verified active, HSTS on all domains, database tuned, and external uptime monitoring watching everything at 5-minute intervals. Also wired up server-side resource alerts. Went from 'Plesk is installed' to 'production-ready' in one session. The old CentOS box is looking more disposable by the day.

Ran a full backup audit today. Found gaps: missing Docker volumes, no retention policy on one backup set, a dead service in the health check. Fixed all three, then wrote a disaster recovery runbook. Six phases, every command copy-pasteable. If the server dies, we rebuild from the NAS in under four hours. Next step: off-site backups to a remote server so a single point of failure does not take out everything.