# Overview

Offering ongoing hosting, maintenance and support to our clients has benefits all around. In this document we will explain our normal process for hosting client websites at Harvest Media. Of course, the fluid nature of the web and changing technology means there are always exceptions! But we try to follow these guidelines as strictly as we can so that we can minimize surprises, work efficiently, and serve our clients faster.

# Harvest Media's Webmaster

Mike Moreau Jr (MJ) is primarily responsible for our web department.

The preferred admin email for all web-related services is "webmaster@harvestmedia.com."

This account is monitored by Mike Jr.

Logins and passwords for the web-related services we use and for our client websites should all be found within 1 Password. There is a vault specifically for webmaster passwords.

Development files for our client's sites are on Mike Jr's computer in the /Users/mikemoreaujr/Sites folder, but they are also in BitBucket due to the beauty of Git repositories!

# Our Main Business Google Account

We have set up the account "harvestmedia.hub@gmail.com" to be the central account we use for any time Harvest Media needs to access some service related to Google.

Business Listings
Analytics
Search Console
Ads

# Version Control with Git

Harvest Media version controls every site we build using a tool called Git. Git is the industry standard version control tool and is universally adopted.

You can find all of our site projects (also known as repositories) on a service called Bitbucket. (https://bitbucket.org/ (opens new window)) The login for Bitbucket will be in 1 Password.

# Documenting Every Site We Build

Every website Harvest Media builds will have a README.md file at the root level of the Git repository. It will explain what the site is about and what you need to know. Check it out, and hopefully many of your questions will be answered already.

# Storing Sensitive Data

Each client has a "secure note" in the 1Password Webmaster vault.

# Domains and DNS

As a general rule, we recommend that a client owns their own domain. It's better for them to be in the driver seat with such a valuable asset as their domain, because clients can come and go quickly. The income we get from owning client's domains usually doesn't even cover the time to manage them in the long run.

We will occasionally make exceptions and purchase a domain on behalf of a client. When we do this, we buy domains for them (and every other client) at AIT (https://www.ait.com/). AIT is where all of our domains are registered.

Domains should be locked and set to auto-renew, unless we intend for them to expire (if we don't want to own them any more).

If we own the domain, we use the nameservers at our preferred host, Linode. Set the nameservers to the following:

ns1.linode.com
ns2.linode.com
ns3.linode.com
ns4.linode.com
ns5.linode.com

The DNS management interface at Linode is easy to use, and we can leverage their caching as well. The log in information for Linode is in 1 Password.

# Hosting

Typically we host websites in one of a few locations:

Liquid Web (with WHM and cPanel)
Linode (using Laravel Forge to provision VPS servers)
Media Files (like sermons) at Amazon S3

# Liquid Web

Critical client sites (that would benefit from immediate phone support) are hosted at Liquid Web. (https://www.liquidweb.com/ (opens new window))

Their help portal is available here:

https://login.liquidweb.com

Liquid Web Tech support is available by phone:

Phone: 1-800-580-4985
Support Passphrase: active raspberry foolishly loading

# Admin on Liquid Web

With the exception of a few static sites, nearly all the websites use PHP/MYSQL.

The WHM and Cpanel interface at liquid web allow each site to have it's own version of PHP. But most use the default version 7.

# Firewall and Brute Force

Repeated failed login attempts can block an IP address in the server firewall or the bruteforce tool. If clients have trouble accessing a site at Liquid Web, check to see if their external IP address is being blocked. (Find their external IP here: http://ip.liquidweb.com/)

# Linode and Laravel Forge

For most sites, we use the affordable VPS servers at Linode combined with the management tool Laravel Forge to roll host sites.

Linode provides a simple, no frills server.
Laravel Forge, install the software we need and provides a minimal management tool.

Hosing with Linode and Forge, takes a little more technical know now, but how to go guides are available.

Linode also offers automatic deployments which makes rolling out updates a lot easier.

Linode and Forge offer ticket support when logged into their platforms. Login information is available in 1 Password.

Linode Admin - https://login.linode.com/login (opens new window)
Forge Admin - https://forge.laravel.com/auth/login (opens new window)

# Amazon S3

Harvest Media uses Amazon S3 (Simple Storage Service) to host large audio and video files such as sermons. The login for the Amazon account uses the email "webmaster@harvestmedia.com" and is available in 1Password.

# Website Statistics with Google Analytics

We recommend clients create their own Google Account to set up:

Search Console
Local Business Listing
And Google Analytics

Harvest Media has a central Google account that we use as a Hub to access and serve clients.

The client can than great access to use by making the email address "harvestmedia.hub@gmail.com" an admin on their Google account. See: https://support.google.com/analytics/answer/1009702?hl=en (opens new window)

# Serving Sites Securely with SSL

SSL is important to do for every site if possible. Fortunately, both Liquid Web and Laravel Forge allow you to set up SSL certificates for free with the "Let's Encrypt" tool built into their admin interfaces.

When you need to purchase a different SSL certificate, such as a wildcard certificate or a major ecommerce site, we recommend purchasing from https://cheapsslsecurity.com/ (opens new window)

Harvest Medi login for Cheap SSL is in 1 Password.

# Sending Transactional Email with SendGrid

Transactional email, like confirmation and contact form (basically any non-marketing email) is sent with a 3rd party tool called Send Grid (https://app.sendgrid.com/login (opens new window)). The major benefits are better email security and better deliverability. It also separates transactional email from our client's personal email.

We recommend Authenticating every client domain by adding CNAME and SPF records to give the email the highest possible change of being delivered. See

https://sendgrid.com/docs/glossary/spf/
https://sendgrid.com/docs/ui/account-and-settings/how-to-set-up-domain-authentication/

An example SPF record might look like:

v=spf1 a mx include:spf.protection.outlook.com include:sendgrid.net ~all

We also recommend that each site have its own separate API key (Do not share Send Grid API keys across sites).

# External Uptime Monitoring

Every paid website should have outside uptime monitoring configured. We are currently using a free service to monitor uptime:

Uptime Robot - https://uptimerobot.com/ (opens new window)

# Quarterly Check-Ins

When we invoice, we should do quarterly check-ins to see how things are going.

# Project Manager - Check In

How are things going?
Any questions or problems we should know about?
Are you happy with your service?
Do you have any goals or updates you'd like to accomplish? (Design, SEO, Social, other marketing services)

# Technical Check In

In addition to our project manager questions above, the developer should check on the following technical things:

Is the software up to date (Craft CMS)
Is the host software up to date (ssh into the VPS)
Should the host be rebooted?
Are backups running
Is the site documentation current?
What todos are in the docs to follow up on?

# Troubleshooting Process

Is your website down right now?
- Confirm down time yourself. (or try https://downforeveryoneorjustme.com/)
- Contact the host to see why the server is down.
- If the server is up for you, find out why it's not reachable for them.
Could be a Firewall or network issue
Get the best contact person for the person who reported the problem.
Describe the problem in detail.
Write it down in an email and start an email thread with the client.
Connect with the best person to fix the issue.
Check in with the contact person every day at least.

# In a Website Emergency

Should a situation arise when Mike Jr is unreachable, here are the key contacts to know (in the order you would likely need them):

# Nathan Bate - Primary

Nate has access to everything MJ has access to. He understands our set up and should be able to either resolve an issue or point you in the right direction. Especially:

Talk to Nate about:

General Questions
Technical Questions
Job Tracker
Craft CMS
Key clients
90 North Schaumburg

Expression Engine and CraftCMS both run in the same environment as Wordpress, so any server with PHP 7.1+ and MYSQL should be able to host your sites. There are a few hosting companies who claim to specialize in EE hosting such as: https://www.nexcess.net/expressionengine/hosting/

If TL works with an agency they may provide the hosting as part of their service. In talking with an agency, one could consider asking questions like the following:

Hi, I'm looking for an agency partner to provide hosting and support for two websites, one Expression Engine site with ecommerce and our main brand site on Craft CMS. There may be some occasional development work on the sites too. We're looking for providers who: