9. Make sure to renew your certificate ON TIME. Someone needs to be responsible and this person needs to have it in their calendar. If you're not up to that, because it is in fact your church group and you're not sure you'll be there in a year, don't do this.
Also:
> 4. Use a strong cipher suite such as this one
Check out Mozilla's best practice. They'll give you configs for different levels of support.
> 5. Use nginx, at least for front-end proxy. Your life will be easier.
Be careful. It's tricky to configure and if you cut and paste your configuration from the Internet you will open up to arbitrary code execution.
I was specifically thinking of the php matching issue, which I've seen a few too many times to be comfortable with. People shouldn't copy and paste configuration from the Internet, but they do, and I wish nginx wouldn't make it downright dangerous.
Also:
> 4. Use a strong cipher suite such as this one
Check out Mozilla's best practice. They'll give you configs for different levels of support.
> 5. Use nginx, at least for front-end proxy. Your life will be easier.
Be careful. It's tricky to configure and if you cut and paste your configuration from the Internet you will open up to arbitrary code execution.