Review of Chapter 21

Author: lcharette

app/pages/6.0/21.going-live/01.hosting/docs.md

@@ -1,13 +1,8 @@
 ---
 title: Hosting Your Site
-description:
-    metadata: UserFrosting can easily be deployed to any server with PHP 7.3 or higher, a compatible database, and a webserver application (nginx, Apache, or IIS).
-obsolete: true
+description: UserFrosting can easily be deployed to any server with PHP 8.1 or higher, a compatible database, and a webserver application (nginx, Apache, or IIS).
 ---
 
-> [!NOTE]
-> This page needs updating. To contribute to this documentation, please submit a pull request to our [learn repository](https://github.com/userfrosting/learn/tree/master/pages).
-
 Nowadays, there is little reason not to use a VPS (virtual private server) for hosting your application. Prices have fallen considerably, to the point where they are as affordable as shared hosting.
 
 It is true that a VPS requires a little more effort to set up than shared hosting. However, companies like DigitalOcean have gone to great effort to produce a [huge collection of tutorials](https://www.digitalocean.com/community/tutorials) so that even someone with zero devops experience can set up a webserver on a VPS and deploy their application.
@@ -27,14 +22,18 @@ A few reasons that we suggest that you **_not_** use shared hosting:
 
 DigitalOcean is a popular VPS hosting service that offers a flat monthly rate. They call their virtual machines "Droplets", which are priced based on memory, processing power, disk storage, and bandwidth. Each Droplet is essentially a dedicated IP address and computer that you have root access to, and on which you can install whatever operating system and software you like.
 
-Their cheapest option is a USD $4/mo server, which provides 512MB memory, 10GB storage, and 500GB bandwidth per month. This is more than enough to run a typical UserFrosting application - as a matter of fact, we host all of the documentation and the demo site for UserFrosting on a slightly larger $6/month Droplet (1GB memory, 25GB storage, 1TB monthly bandwidth).
+Their entry-level Droplets start at around $6/month (pricing as of 2026), which provides 1GB memory, 25GB storage, and 1TB bandwidth per month. This is sufficient to run a typical UserFrosting application.
+
+> [!NOTE]
+> Pricing and specifications may vary. Check [DigitalOcean's pricing page](https://www.digitalocean.com/pricing/droplets) for current offerings.
 
 They also provide a convenient web-based control panel, which lets you perform some basic administrative tasks and monitor your Droplet's resource usage:
 
 ![Droplet control panel](/images/droplet.png)
 
 ### Promotions
 
-DigitalOcean offers a number of discounts and promotions. If you are a student, you can get $100 in free credit (good towards first 60 days) when you register for the [GitHub student pack](https://education.github.com/pack) (requires a `.edu` email address).
+DigitalOcean offers various discounts and promotions:
 
-If you don't have a `.edu` address, DigitalOcean often offers $100 free credit towards your first 30 days by using our [referral link](https://m.do.co/c/833058cf3824). This is also a great way to support UserFrosting - if you use this link, _we'll_ also get $25 in credit for our own hosting once you've spent $25.
+- **Students**: Get free credit through the [GitHub Student Developer Pack](https://education.github.com/pack) (requires `.edu` email)
+- **New users**: Often receive credit via [referral links](https://m.do.co/c/833058cf3824) - this also supports UserFrosting!

app/pages/6.0/21.going-live/02.mail-providers/docs.md

@@ -1,7 +1,7 @@
 ---
 title: Mail Providers
 description: Email is essential for many of UserFrosting's account features, including account verification and password reset requests.
-obsolete: true
+outdated: true
 ---
 
 By default, UserFrosting is configured to use an external SMTP mail server of your choice.
@@ -53,26 +53,41 @@ Use our [referral link](https://elasticemail.com/account#/create-account?r=a4a35
 
 #### Gmail
 
-If you have a Gmail account, you can use Gmail's SMTP servers to send mail from your application. The main limitation, though, is that you can only send _as_ your Gmail account user (and not, for example, `webmaster@owlfancy.com`), and you can't send more than 99 messages per day.
+Gmail can be used for sending mail from your application with some limitations: you can only send as your Gmail account (not custom addresses like `webmaster@owlfancy.com`), and you're limited to approximately 500 messages per day.
 
-You should also be aware that Google may deem your application as "less secure", and so you will need to [allow less secure applications](https://support.google.com/accounts/answer/6010255) to connect with your Gmail credentials. Please note that the label "less secure" does not mean that UserFrosting has security flaws; rather this label is triggered [because you are allowing third parties to authenticate with your Gmail password rather than a revokeable API key](https://security.stackexchange.com/a/72371/74909).
+> [!IMPORTANT]
+> Google deprecated "less secure app" access. You must now use **App Passwords** to authenticate third-party applications.
 
-| Setting             | Value                 |
-| ------------------- | --------------------- |
-| SMTP server address | `smtp.gmail.com`      |
-| SMTP user name      | [Your Gmail address]  |
-| SMTP password       | [Your Gmail password] |
-| SMTP port           | `465`                 |
+**Setup steps:**
 
-For more information, see [this guide](https://www.digitalocean.com/community/tutorials/how-to-use-google-s-smtp-server).
+1. Enable [2-Factor Authentication](https://myaccount.google.com/security) on your Google account
+2. Generate an [App Password](https://myaccount.google.com/apppasswords) specifically for your UserFrosting application
+3. Use the generated 16-character App Password (not your regular Gmail password) in your configuration
+
+| Setting             | Value                           |
+| ------------------- | ------------------------------- |
+| SMTP server address | `smtp.gmail.com`                |
+| SMTP user name      | [Your Gmail address]            |
+| SMTP password       | [16-character App Password]     |
+| SMTP port           | `587` (TLS) or `465` (SSL)      |
+
+For detailed setup instructions, see [Google's App Password guide](https://support.google.com/accounts/answer/185833).
 
 ### Zoho Mail
 
 [Zoho mail](https://www.zoho.com/mail/) provides a simple [paid](https://www.zoho.com/mail/zohomail-pricing.html) mail hosting solution for business, but they also offers a free plan. The free plan gives you up to five users, 5GB/User and 25MB attachment limit for single domain.
 
 ### Paid services
 
-To contribute to this documentation, please submit a pull request to our [learn repository](https://github.com/userfrosting/learn/tree/master/pages).
+For production applications with higher email volumes, consider these professional SMTP providers:
+
+- **[SendGrid](https://sendgrid.com/)** - Up to 100 emails/day free, then paid plans from $15/month
+- **[Mailgun](https://www.mailgun.com/)** - First 5,000 emails free for 3 months, then pay-as-you-go
+- **[Amazon SES](https://aws.amazon.com/ses/)** - $0.10 per 1,000 emails (requires AWS account)
+- **[Postmark](https://postmarkapp.com/)** - Starting at $15/month for 10,000 emails
+- **[Brevo (formerly Sendinblue)](https://www.brevo.com/)** - 300 emails/day free, then paid plans
+
+These services typically offer better deliverability, detailed analytics, and webhook support for tracking bounces and opens.
 
 ### Running your own mail server
 

app/pages/6.0/21.going-live/03.vps-production-environment/01.server-setup/docs.md

@@ -1,35 +1,57 @@
 ---
 title: Server Setup
 description: No matter which VPS option you choose, you'll need to make sure that you have the required software installed and properly configured for UserFrosting.
-obsolete: true
+outdated: true
 ---
-<!-- [plugin:content-inject](/modular/_updateRequired) -->
 
-> [!NOTE]
-> This page needs updating. To contribute to this documentation, please submit a pull request to our [learn repository](https://github.com/userfrosting/learn/tree/master/pages).
+We recommend starting with a 1GB+ memory VPS and installing a LEMP stack (Ubuntu 24.04 LTS, nginx, MariaDB, and PHP 8.1+). You can use a pre-configured [one-click LEMP stack](https://marketplace.digitalocean.com/apps/lemp) or manually install the components. While Apache is also supported, nginx offers superior performance and requires less configuration.
 
-We recommend that you start with a $4/month Droplet and [install a LEMP stack](https://marketplace.digitalocean.com/apps/lemp) (Ubuntu 20.04, nginx, MariaDB, and PHP 8.1). If you prefer you may [install Apache instead](https://marketplace.digitalocean.com/apps/lamp), but nginx offers superior performance and requires less configuration.
+> [!NOTE]
+> UserFrosting requires PHP 8.1 or higher. Make sure your server stack includes a compatible PHP version.
 
-When you go to create your Droplet, DigitalOcean will ask you some initial configuration questions. Choose Ubuntu 22.04 as your distribution, and select a datacenter that is nearest to you and your customers. **Do NOT set up SSH keys at this time** - if you do, DigitalOcean won't email you a root user password. We will set up SSH later, after we've logged in with a password first.
+When creating your VPS, select **Ubuntu 24.04 LTS** (or 22.04 LTS) as your distribution, and choose a datacenter that is geographically close to you and your users for optimal latency. **Do NOT set up SSH keys at this time** - if you do, DigitalOcean won't email you a root user password. We will set up SSH later, after we've logged in with a password first.
 
 From here, you can follow DigitalOcean's tutorials to set up your server:
 
-## Initial Server Setup with Ubuntu 22.04
+## Initial Server Setup with Ubuntu
 
-First, follow [**this tutorial**](https://www.digitalocean.com/community/tutorials/initial-server-setup-with-ubuntu-22-04).
+Follow [**this tutorial for Ubuntu 24.04**](hhttps://www.digitalocean.com/community/tutorials/how-to-install-linux-nginx-mysql-php-lemp-stack-on-ubuntu) or [Ubuntu 22.04](https://www.digitalocean.com/community/tutorials/initial-server-setup-with-ubuntu-22-04).
 
-Some notes:
+Key configuration steps:
+
+1. **SSH Keys**: On Windows, use [Windows Terminal](https://aka.ms/terminal) or [PuTTY](https://www.putty.org/) to generate SSH keys. Modern Windows includes OpenSSH by default.
+
+2. **User Groups**: Add your non-root user to the `www-data` group so both your account and the webserver can access application files:
+   ```bash
+   sudo usermod -a -G www-data <your-username>
+   ```
 
-1. On Windows, you may find it easier to generate an SSH key in Putty and manually copy it to the `authorized_keys` file on your Droplet.
-2. When you create your non-root user account in Ubuntu, we recommend adding them to the `www-data` group, which is the group to which your webserver belongs. That way, you can set the group owner of your UserFrosting application files to `www-data`, and both your account _and_ the webserver account will have ownership. To do this, do `sudo usermod -a -G www-data alex`, replacing `alex` with your user account name.
-3. Their instructions for the `ufw` firewall only have you open up the `ssh` port by default. Obviously for a web server, you will also need to open up ports 80 or `http` and/or 443 or `https`. See [this guide](https://www.digitalocean.com/community/tutorials/how-to-set-up-a-firewall-with-ufw-on-ubuntu-20-04#step-5-allowing-other-connections) for help opening up additional ports. DigitalOcean also provides a [cloud firewall](https://docs.digitalocean.com/products/networking/firewalls/) which can be set up through the dashboard, rather than the commandline.
-4. For additional security, you may also want to disable root login via SSH by setting `PermitRootLogin` to `no` in your `/etc/ssh/sshd_config` file.
+3. **Firewall Configuration**: Configure `ufw` to allow web traffic:
+   ```bash
+   sudo ufw allow 'Nginx Full'  # Allows both HTTP (80) and HTTPS (443)
+   sudo ufw allow OpenSSH
+   sudo ufw enable
+   ```
+   
+   Alternatively, use your hosting provider's cloud firewall dashboard.
+
+4. **Disable Root Login**: For security, set `PermitRootLogin no` in `/etc/ssh/sshd_config` and reload SSH:
+   ```bash
+   sudo systemctl reload sshd
+   ```
 
 ## Additional server configuration
 
-### Set your server's **timezone**
+### Set your server's timezone
+
+Configure your server to use the correct timezone:
+
+```bash
+sudo timedatectl set-timezone America/New_York  # Replace with your timezone
+timedatectl  # Verify the change
+```
 
-See [**this guide from DigitalOcean**](https://www.digitalocean.com/community/tutorials/how-to-set-up-time-synchronization-on-ubuntu-22-04).
+For more details, see [**this DigitalOcean guide**](https://www.digitalocean.com/community/tutorials/how-to-set-up-time-synchronization-on-ubuntu-22-04).
 
 ### Configure the `nano` command-line editor to convert tabs to spaces
 

app/pages/6.0/21.going-live/03.vps-production-environment/02.git-for-deployment/docs.md

@@ -1,14 +1,10 @@
 ---
 title: Using Git for Deployment
 description: Once you've set up a remote repository in your production environment, deployment can be as simple as a single `git push` command.
-obsolete: true
+outdated: true
 ---
-<!-- [plugin:content-inject](/modular/_update5.0) -->
 
-> [!NOTE]
-> This page needs updating. To contribute to this documentation, please submit a pull request to our [learn repository](https://github.com/userfrosting/learn/tree/master/pages).
-
-As we explained earlier, `git` is a good tool for deployment because it keeps track of the changes to your codebase between commits. Once you've set up a remote repository in your production environment, deployment can be as simple as a single `git push` command. Git will automatically determine which files need to be updated on the live server.
+Using `git` for deployment is efficient because it tracks changes between commits and only transfers modified files. Once you've set up a remote repository in your production environment, deployment can be as simple as a single `git push` command. Git will automatically determine which files need to be updated on the live server.
 
 We can also use the git `post-receive` hook to run additional build tasks after the code base is updated, like clearing the cache and recompiling assets.
 

app/pages/6.0/21.going-live/03.vps-production-environment/03.application-setup/docs.md

@@ -1,14 +1,10 @@
 ---
 title: Application Setup
 description: This section covers installing and using Composer, running Bakery, and configuring the webserver in the production environment.
-obsolete: true
+outdated: true
 ---
-<!-- [plugin:content-inject](/modular/_updateRequired) -->
 
-> [!NOTE]
-> This page needs updating. To contribute to this documentation, please submit a pull request to our [learn repository](https://github.com/userfrosting/learn/tree/master/pages).
-
-To actually get our application up and running, we need to do a few more things on the remote server:
+To get your application running on the production server, complete these steps:
 
 1. Set the base URL.
 2. Run Composer to install PHP dependencies;
@@ -44,11 +40,11 @@ cd /var/www/<repo name>
 composer install
 ```
 
-If you get errors related to the `php-zip` package, you may need to install it:
+If you get errors related to the `php-zip` package, install it for your PHP version:
 
 ```bash
-sudo apt-get install zip unzip php7.0-zip
-sudo service nginx restart
+sudo apt-get install zip unzip php8.1-zip  # Or php8.2-zip, php8.3-zip, etc.
+sudo systemctl restart nginx
 ```
 
 We can add the following line to our `post-receive` hook to automatically rerun `composer install` each time we push changes:
@@ -84,15 +80,16 @@ server_name owlfancy.com;
 
 Again, `<repo name>` should be replaced with your project repo name, and `owlfancy.com` should be changed to your site's planned domain or subdomain.
 
-Next, we'll tell nginx to run our application with PHP 7. Why? Because it's super fast! Find the lines that say "For FPM". Comment out the line for PHP 5, and _uncomment_ the line for PHP 7:
+Next, we'll tell nginx to run our application with PHP-FPM. Find the lines that say "For FPM" and ensure you're using PHP 8.1 or higher:
 
 ```
-# For FPM (PHP 5.x)
-#fastcgi_pass unix:/var/run/php5-fpm.sock;
-# For FPM (PHP 7)
-fastcgi_pass unix:/run/php/php7.0-fpm.sock;
+# For FPM (PHP 8.1+)
+fastcgi_pass unix:/run/php/php8.1-fpm.sock;
 ```
 
+> [!NOTE]
+> The exact socket path may vary depending on your PHP version (e.g., `php8.2-fpm.sock` or `php8.3-fpm.sock`). Check your installed PHP version with `php -v`.
+
 Save your changes. We can now use `scp` to copy this file from your local machine to nginx's configuration directory on the remote repository. Since we disabled remote root login, and only the root user can write to `/etc/nginx/sites-available` by default, we'll first copy to our home directory on the remote server, and then use `sudo` on the remote server to move it into nginx's directory.
 
 In your local development environment:

app/pages/6.0/21.going-live/03.vps-production-environment/04.ssl/docs.md

@@ -1,14 +1,13 @@
 ---
 title: SSL/HTTPS
-description: It is extremely important to use an SSL certificate when you go live.  Using SSL will prevent malicious agents on unsecured networks from intercepting your users' passwords when they log in to your application, as well as other sensitive information.
-obsolete: true
+description: It is extremely important to use an SSL certificate when you go live. Using SSL will prevent malicious agents on unsecured networks from intercepting your users' passwords when they log in to your application, as well as other sensitive information.
+outdated: true
 ---
-<!-- [plugin:content-inject](/modular/_updateRequired) -->
 
-> [!NOTE]
-> This page needs updating. To contribute to this documentation, please submit a pull request to our [learn repository](https://github.com/userfrosting/learn/tree/master/pages).
+> [!IMPORTANT]
+> **Always use HTTPS in production.** Modern browsers flag HTTP sites as "Not Secure", and search engines penalize non-HTTPS sites.
 
-Let's Encrypt has put an enormous amount of effort into making `certbot` very user-friendly.  Most problems that come up when installing an SSL certificate with `certbot` can be traced back to file permissions issues.  Make sure that you understand how Linux file permissions work before attempting this task.
+Let's Encrypt provides free SSL certificates, and `certbot` makes the installation process straightforward.  Most problems that come up when installing an SSL certificate with `certbot` can be traced back to file permissions issues.  Make sure that you understand how Linux file permissions work before attempting this task.
 
 ## Confirm that the webserver can serve acme challenges
 

app/pages/6.0/21.going-live/03.vps-production-environment/05.additional-recommendations/docs.md

@@ -1,14 +1,13 @@
 ---
 title: Additional Recommendations
 description: Additional recommended configuration steps to get the most out of your VPS production server.
-obsolete: true
+outdated: true
 ---
-<!-- [plugin:content-inject](/modular/_updateRequired) -->
 
 > [!NOTE]
-> This page needs updating. To contribute to this documentation, please submit a pull request to our [learn repository](https://github.com/userfrosting/learn/tree/master/pages).
+> Google's PageSpeed module for nginx has been deprecated as of 2021. Modern alternatives include using Cloudflare CDN or nginx's built-in optimization features. This section is kept for reference but may not reflect current best practices.
 
-## Install and configure Google's Pagespeed module
+## Install and configure Google's Pagespeed module (Legacy)
 
 To ensure the best possible experience for your users, we highly recommend that you install Google's [Pagespeed module](https://developers.google.com/speed/pagespeed/module/) on your production server. This module will automatically optimize your web pages for speed and performance before they are served to the client.