What we've been doing for Server Care customers
A rolling log of the work GetPageSpeed has shipped to servers under active maintenance.
Pulled directly from the ops repo and refreshed daily. Package upgrades and out-of-band CVE
patches happen on top of everything listed here.
See Server Care plans →
Content Security Policy Updates
Allowed legitimate embeds from trusted sources like WordPress and Twitter.
Updated form actions for secure self-POSTs to the client dashboard.
Maintained Report-Only mode for monitoring before full enforcement.
Deployment Efficiency Improvements
Adjusted deployment process to reduce unnecessary pulls.
Ensured timely handling of new commits during deployment.
Introduced restricted SSH users for secure access.
Whitelisted Sangatta in fail2ban to prevent abuse.
Enabled logging for pulpcore/reposync probes on treeinfo.
Adjusted error handling to maintain consistent 404 responses.
New Configuration Capabilities
Added support for dynamic XML extensions in NGINX configuration.
Introduced immutable caching settings for improved static file handling.
Initial setup for podcast configurations implemented.
Installed the cyrus-sasl base package to resolve SMTP authentication issues.
Enabled Gmail Send-As functionality via port 587 with SASL authentication.
Increased UDP buffers to 7.5MB for improved QUIC/HTTP3 performance.
Enabled HTTP/3 support in NGINX configuration for faster connections.
Adjusted rate limiting settings to better handle traffic spikes.
Updated Percona repository GPG key for secure package management.
Moved inactive hosts to a separate directory for better organization.
Switched NGINX Amplify agent repositories for streamlined updates.
Introduced a new repository for packages to streamline deployments.
Enabled support for custom jails and filters in Fail2Ban.
Performance Optimizations
Unified PHP execution limits across all locations for consistency.
Updated request limits for admin-ajax.php to enhance performance.
Configured findtime for nginx limit request filter in Fail2Ban to improve security.
Updated API URL and replaced API key for Amplify integration.
Routine Maintenance Tasks
Updated execution guidelines for better server management.
Improved URL handling with normalized redirects.
Enabled HTTP/2 chunk size configuration for better data handling.
Commented out unused support domains in production.ini for clarity.
Updated SSH settings for better API access.
Refactored certbot handling for stability.
Removed outdated campaign configurations from site settings.
Streamlined YAML files for better management.
Backup Script Enhancements
Updated backup scripts to use centralized backup paths.
Improved consistency in backup directory management.