Deployment and security considerations for CLAW-playbook

[Natkeeran]

We are targeting a single machine bare metal Ubuntu VM environment for a project. More info about deployment steps here. Below are some issues related to deployment and security provided by our system admin Irfan

• Create a single configuration file where sysadmin can override defaults such as ports and passwords.
• Take the domain and add it to Drupal's $settings['trusted_host_patterns'].
• Webserver_app_jwt_key_path is looking for info in the /home/ubuntu/ folder. Use generic folder available in all operating systems such as opt.
• Currently drupal folder has ansible user as the owner-group. For Ubuntu, the drupal folder should use www-data!. Otherwise, you cannot install module/themes from the web interface. Need to use appropriate users (ex www-data, wheel) when installing and running applications.
• Provide optional ufw security playbook