Does CapRover's Web UI offer any kind of 2FA? It feels a bit scary to have the keys to the kingdom just hanging out in on a public IP address, for anyone to brute force the admin password.
No, but that's mainly because I still have to manage the server running Dokku I believe?
edit: For context what I was already using was manual docker on a DO box. While I recognized that Dokku would make it more seamless and easier, my issue was managing and securing the DO VM itself. I didn't see how Dokku would help that scenario
I would suggest reading about Ansible and working on an initial collection of Ansible playbooks that might help on that. Check out https://www.thecloud.coach/ansible-crash-course. Of course nothing beats a dedicated devops but some playbooks regarding main security compliances might do a great job. Anyone correct me if I am wrong but I am seeing it as a good base practice for these cases.
Possibly. I use Serverless as well but I prefer to keep my options open when playing with a new project, than trying to force everything into the same tool. If he is lean to learn something, Ansible might be good for setting some servers up, but there are some nice other suggestions in the thread if he doesn't want to.
One-click for initial setup, but what about maintenance? I like DO, but those easy setups seem like a recipe for vulnerable machines. If it's complicated to maintain, it shouldn't be too easy to setup.
It's definitely not as simple as you have to maintain the server yourself. But being able to run multiple applications/containers on a server for the price of one dyno really makes up for it for personal projects!
If I were working on a project with a corporate budget then using Heroku or a different style of architecture like serverless would be a no-brainer
[0] https://github.com/dokku/dokku