Provisioning
During the initial provisioning of your server, Forge will connect as theroot
user over SSH. This is so that Forge is able to add repositories, install dependencies and configure new services, firewalls, and more.
The provisioning process can take upwards of 15 minutes, but will depend on a variety of factors including the speed of your server, the speed of your network connection, and the number of services that need to be installed.
Post-Provisioning
After initially provisioning your server, Forge continues to use root access so that it can manage your server’s software, services, and configuration. For example, root access is needed to manage:- Firewalls
- Daemons
- Scheduled tasks
- Isolated users
- PHP configuration and management
- Other operating system dependencies
Security
We take security very seriously and ensure that we do everything we can to protect customer’s data. Below is a brief overview of some of the steps we take to ensure your server’s security:- Forge issues a unique SSH key for each server that it connects to.
- Password based server SSH connections are disabled during provisioning.
- Each server is issued a unique root password.
- All ports are blocked by default with UFW, a secure firewall for Ubuntu. We then explicitly open ports: 22 (SSH), 80 (HTTP) and 443 (HTTPS).
- Automated security updates are installed using Ubuntu’s automated security release program.