Many members in this community rely on DIY to deploy their production instances of ErpNext, some knows what they are doing and have knowledge about linux and securing servers … etc and thats awesome, but others have minimalistic knowledge when it comes to linux and server patching, upgrading, and securing. You can see that if you follow post in here for people seeking help in upgrading, installing and dealing with basic errors. You will see logs of systems that never been patched, vulnerable libraries, lack of ssl … …etc. they even leave their public ip in the error logs … it makes you really wonder especially with product like erp that handles sensitive information.
ErpNext team did a great job simplifying the installation and updating process; however, ErpNext is only as secure as the server thats is deployed on, so when your instance is working and no breach yet doesn’t mean everything is fine.
All I’m saying is if you are going to host your own instance learn the basics of linux and securing servers, or at least hire a freelancer to do the initial installation, securing, and patching
I’m not a provider and also I don’t offer any kind of freelance, I’m only posting this because I don’t want those who deployed their production erpnext without knowing exactly what they are doing to blame ErpNext as a product when s*** hit the fan.