-
Notifications
You must be signed in to change notification settings - Fork 21
Security
Alfred Gutierrez edited this page Dec 22, 2019
·
5 revisions
openencoder is built with security in mind. However, it is still recommended to run openencoder behind a firewall with access restrictions.
Below are some recommendations and configuration for this project.
- It is highly recommended to run on a private network, only exposing the ports necessary.
- Port 80 and 8080 for web access
- Port 5432 for database
- Port 6379 for redis
Update configuration via environment variables for production: https://github.com/alfg/openencoder/blob/master/config/default.yml
Environment variables will override defaults set in config/default.yml
- Set
JWT_KEYandKEYSEEDenvironment variables to a secure value. These are used for JWT authentication and encrypting user settings.
You can generate one via hexdump:
$ hexdump -n 16 -e '4/4 "%08X" 1 "\n"' /dev/random
In the event where JWT_KEY or KEYSEED are compromised. Reset these values.
- Set
DATABASE_USERandDATABASE_PASSWORD - Set
CLOUDINIT_DATABASE_USERandCLOUDINIT_DATABASE_PASSWORD.