You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
This policy is for customers that wish to perform an external penetration test on their own hosting environment. For Unaffiliated third-parties that wish to test the Hypernode platform itself, we have a separate [Responsible Disclosure Policy](responsible-disclosure-policy.md).
13
+
```
14
+
15
+
At Hypernode, we support responsible security testing practices that help customers improve the safety and resilience of their hosted application, and our platform. Customers may conduct penetration tests on their own hosting environments under the following conditions and guidelines.
16
+
17
+
## Scope of Testing
18
+
19
+
Penetration testing is only permitted on the customer's *own* hosting space. Testing must not extend to, or affect, any other part of the platform or infrastructure managed by either Hypernode, or other Hypernode customers..
20
+
21
+
## Requirements
22
+
23
+
Penetration testing is allowed under the following conditions:
24
+
25
+
- All pentests must be performed by a reputable, experienced, party.
26
+
- You will [inform us](https://www.hypernode.com/en/support/) at least 72 hours ahead of time, and let us know the time, source IP(s) and target of the pentest.
27
+
- If the pentest causes, or discovers, any server side issues, you will share the full report of the pentest with us afterwards. You will keep these findings confidential, until we've had the opportunity to assess and address the issue.
28
+
29
+
We do not allow pentests that:
30
+
31
+
- Rely on Social Engineering.
32
+
- Perform Brute Force testing.
33
+
- Test (D)DoS protection or -resilience.
34
+
- Test Physical Security of Datacenters, Offices, etc.
35
+
- May cause permanent damage to hardware or equipment.
36
+
37
+
You may wish to add the source IP's of the pentest to the [Hypernode WAF allowlist](./../../best-practices/firewall/ftp-waf-database-allowlist.md), to prevent our automated systems from affecting the test.
38
+
39
+
## Security Waivers
40
+
41
+
Hypernode explicitly gives its customers permission to test their own Hypernode hosting environment. If your penetration testing partner still requires a signed waiver, please [contact us](https://www.hypernode.com/en/support/).
42
+
43
+
# Hypernode's Own Pentest Policy
44
+
45
+
Hypernode performs regular penetration tests of both the Hypernode hosting platform, and its internal applications like the Hypernode Control Panel. Details about these penetration tests are available for customers [upon request](https://www.hypernode.com/en/support/).
However, for advanced configurations you can override most steps and variables set my Hypernode Deploy:
35
+
However, for advanced configurations you can override most steps and variables set by Hypernode Deploy:
36
36
37
37
### Static Content Locales
38
38
39
-
When the deployer runs `bin/magento static-content:deploy` it will require locales to know what to build, this variable is set for this. It is included when you run `new ApplicationTemplate\Magento2` or can be overriden with:
39
+
When the deployer runs `bin/magento static-content:deploy` it will require locales to know what to build, this variable is set for this. It is included when you run `new ApplicationTemplate\Magento2` or can be overridden with:
For large stores with multiple themes and locales, you can use `setMagentoThemes()` to define specific themes and enable split static deployment for better build performance:
48
+
49
+
```php
50
+
<?php
51
+
52
+
namespace Hypernode\DeployConfiguration;
53
+
54
+
$configuration = new ApplicationTemplate\Magento2(['en_US']);
55
+
56
+
// Option 1: Simple theme list (uses all configured locales)
If you're using custom admin themes or need to deploy backend static content separately, use the `setMagentoBackendThemes()` method:
76
+
77
+
```php
78
+
<?php
79
+
80
+
namespace Hypernode\DeployConfiguration;
81
+
82
+
$configuration = new ApplicationTemplate\Magento2(['en_US']);
83
+
84
+
// Set frontend themes
85
+
$configuration->setMagentoThemes([
86
+
'Vendor/theme1' => 'nl_NL en_US',
87
+
'Vendor/theme2' => 'de_DE'
88
+
]);
89
+
90
+
// Set backend themes separately
91
+
$configuration->setMagentoBackendThemes([
92
+
'Vendor/admin-theme' => 'nl_NL en_US'
93
+
]);
94
+
95
+
return $configuration;
96
+
```
97
+
98
+
This automatically enables split static deployment for optimal build performance.
99
+
45
100
### Defining custom steps
46
101
47
102
You potentially need to add custom steps to the deployment, for example to build npm assets or do server actions after deployment.
@@ -83,3 +138,28 @@ If you add these folders be aware that your new folders will be empty on your fi
83
138
```php
84
139
$configuration->addSharedFolder('var/reports');
85
140
```
141
+
142
+
### OPcache Clearing
143
+
144
+
By default, Hypernode Deploy does **not** automatically clear the OPcache after deployment. This is because the Hypernode platform has `validate_timestamps` enabled, which automatically invalidates cached PHP files when they change.
145
+
146
+
If you're deploying to a Hypernode server which has `validate_timestamps` disabled, you can manually enable OPcache clearing by adding the following to your `deploy.php`:
147
+
148
+
```php
149
+
<?php
150
+
151
+
namespace Hypernode\DeployConfiguration;
152
+
153
+
use function Deployer\after;
154
+
155
+
$configuration = new ApplicationTemplate\Magento2(['en_US']);
156
+
157
+
// Enable automatic OPcache clearing after deployment
On Hypernode, OPcache is automatically managed via `validate_timestamps`. You typically don't need to enable manual clearing unless you experience caching issues after deployment.
Copy file name to clipboardExpand all lines: docs/hypernode-deploy/getting-started/configure-ci-cd.md
+10Lines changed: 10 additions & 0 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -92,6 +92,16 @@ We assume you have an `auth.json` file in either your project directory or your
92
92
93
93
Then go to your Github repository on Github.com and go to **Settings -> Secrets -> Actions**. Click the **New repository secret**, fill in `DEPLOY_COMPOSER_AUTH` as the name, paste the contents of your `auth.json` file and press **Save**.
94
94
95
+
````{note}
96
+
The `DEPLOY_COMPOSER_AUTH` variable accepts both raw JSON and base64-encoded JSON. If you're having trouble with special characters in your CI/CD system, you can base64-encode the contents:
97
+
98
+
```bash
99
+
base64 -w0 < auth.json
100
+
```
101
+
102
+
This produces a single-line encoded string that's safer for environment variables.
Copy file name to clipboardExpand all lines: docs/services/control-panel/how-to-use-2fa-on-the-control-panel.md
+35-28Lines changed: 35 additions & 28 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -13,46 +13,53 @@ redirect_from:
13
13
14
14
# How to Use 2FA on the Control Panel
15
15
16
-
Two factor authentication, also known as two-step verification, is a more secure way of logging in than logging in with just a password, because everyone receives a unique code to log in. In this article we explain how to use two factor authentication on the Control Panel.
16
+
Two-Factor Authentication (2FA), also called two-step verification, adds an extra layer of security to your Hypernode Control Panel account. Instead of signing in with only a password, you also confirm your identity with a one-time code from your authentication app.
17
17
18
-
How 2FA Works:
18
+
This makes it significantly harder for unauthorized users to access your account, even if your password is compromised.
19
19
20
-
- You'll need access to your mobile device when signing in to the Control Panel.
21
-
- You'll enter a verification code each time you sign in. You can also select the **Remember this device for 30 days** option to receive a verification code prompt only once every 30 days.
22
-
- You'll need a verification app to receive the verification code.
20
+
## How 2FA Works:
23
21
24
-
## How to Enable 2FA
22
+
- You need access to your mobile device when signing in.
23
+
- After entering your password, you are asked for a 6-digit verification code.
24
+
- The code is generated by an authentication app on your phone.
25
+
- You can choose **“Remember this device for 30 days”** to avoid entering a code on that device for the next 30 days.
25
26
26
-
First, you need to download and install an authentication app. A few options are Google Authenticator, Duo Mobile, 1Password or Authy.
27
+
## What You Need Before Enabling 2FA
27
28
28
-
Then, you can turn on 2FA for your Hypernode Control Panel:
29
+
You must install an authentication app on your mobile device. Common options include:
29
30
30
-
1. Sign in to the Hypernode Control Panel.
31
-
1. Hover over your username in the upper right corner.
32
-
1. Click on Account settings.
33
-
1. Click**Manage 2FA** to manage your 2FA settings.
34
-
1. Click the **Activate 2FA**button and click on **Start now**.
35
-
1. Add a new account in your authentication app. In most apps, you can do this by tapping the + icon.
36
-
1. Scan the QR code by using your device's camera. If you prefer, you can choose to enter the code by hand.
37
-
1. On Hypernode's 2FA configuration page, enter the 6-digit verification code that your authentication app generates.
38
-
1. To finish, click **Confirm**.
31
+
- Google Authenticator
32
+
- Okta Verify
33
+
- Duo Mobile
34
+
- Authy
35
+
- 1Password
39
36
40
-
You'll receive an email when you enable 2FA and this will also be shown in the logs.
37
+
Any app that supports time-based one-time passwords (TOTP) will work.
41
38
42
-
## How to Disable 2FA
39
+
## How to Enable 2FA
43
40
44
41
1. Sign in to the Hypernode Control Panel.
45
-
1. Hover over your username in the upper right corner.
46
-
1. Click on Account settings.
47
-
1. Click**Manage 2FA** to manage your 2FA settings.
48
-
1. Click on **Disable Two-Factor Authentication** and enter the verification code to confirm.
42
+
1. Hover over your username in the top-right corner.
43
+
1. Select **Account settings**.
44
+
1. Click **Manage 2FA**.
45
+
1. Scan the QR code using your authentication app. You can also choose to enter the setup key manually.
46
+
1. Enter the 6-digit verification code generated by your app.
47
+
1. Click **Confirm** to finish setup.
49
48
50
-
You'll receive an email when you disable 2FA and this will also be shown in the logs.
49
+
Once enabled, you will receive a confirmation email and the action will be logged in your account activity.
51
50
52
-
## Troubleshooting
51
+
## Disabling 2FA
52
+
53
+
For security reasons, 2FA can no longer be disabled directly from the Control Panel.
53
54
54
-
### Backup Codes
55
+
If you need to disable 2FA, please contact Hypernode Support at **support@hypernode.com**.
56
+
57
+
## Recovery from Lost Authentication App
58
+
59
+
If you lose access to your authentication app, contact **support@hypernode.com** for assistance.
60
+
61
+
## Troubleshooting
55
62
56
-
If you lose your phone or you've deleted your authentication app, you can use one of the backup codes to sign in. Each code can only be used once. Your backup codes were provided at the time you set up 2FA, but you can always find them on your Account page. We highly recommend you to save these codes somewhere safe.
63
+
### Cannot Verify TOTP Code
57
64
58
-
If you receive a verification code you didn't request, there is a possibility that there's been an attempt to compromise your account. We recommend accessing your account and changing your password as soon as possible. If you lose access to your 2FA code generator, contact support@hypernode.com.
65
+
If you cannot verify the TOTP code, and getting "Entered token is not valid." message, please check your time settings on your mobile device. TOTP codes are time-sensitive, and incorrect time settings can lead to verification failures. If your device time is incorrect, you can try to sync it with the Internet.
0 commit comments