Skip to content

Commit 70ec392

Browse files
emjay0921emjay0921
committed
[IMP] context on security
1 parent 3c2fce3 commit 70ec392

1 file changed

Lines changed: 26 additions & 5 deletions

File tree

docs/user_guide/administration/security_tuning.md

Lines changed: 26 additions & 5 deletions
Original file line numberDiff line numberDiff line change
@@ -13,13 +13,13 @@ This guide provides essential recommendations for securing your OpenSPP instance
1313

1414
### 1. Database Security Configuration
1515

16-
After initial setup and database creation, it's strongly recommended to:
16+
After initial setup and database creation, it's strongly recommended to modify the configuration file:
1717

1818
```bash
1919
sudo nano /etc/openspp/odoo.conf
2020
```
2121

22-
Set list_db to False for production
22+
Set `list_db` to `False` for **Production** environments:
2323
```ini
2424
list_db = False
2525
```
@@ -43,22 +43,42 @@ sudo systemctl restart openspp
4343

4444
### 2. Firewall Configuration
4545

46+
**Install ufw**
4647
```bash
4748
sudo apt-get install -y ufw
49+
```
50+
51+
**Allow SSH (adjust port if needed)**
52+
```bash
4853
sudo ufw allow 22/tcp
54+
```
55+
56+
**Allow OpenSPP web interface**
57+
```bash
4958
sudo ufw allow 8069/tcp
59+
```
60+
61+
**Allow OpenSPP longpolling (if using real-time features)**
62+
```bash
5063
sudo ufw allow 8072/tcp
64+
```
65+
66+
**Enable firewall**
67+
```bash
5168
sudo ufw enable
5269
```
5370

5471
### 3. SSL/TLS with Nginx (Recommended for Production)
5572

73+
Run the following commands to install nginx, certbot and create a file in `/etc/nginx/sites-available/openspp`:
74+
5675
```bash
5776
sudo apt-get install -y nginx certbot python3-certbot-nginx
5877
sudo nano /etc/nginx/sites-available/openspp
5978
```
6079

61-
Add this configuration:
80+
Add this configuration changing **your-domain.com** to your domain:
81+
6282
```nginx
6383
server {
6484
listen 80;
@@ -108,14 +128,13 @@ server {
108128
}
109129
```
110130

111-
Enable the site and get SSL certificate:
131+
Enable the site and get SSL certificate (Change **your-domain.com** to your domain):
112132
```bash
113133
sudo ln -s /etc/nginx/sites-available/openspp /etc/nginx/sites-enabled/
114134
sudo nginx -t
115135
sudo systemctl reload nginx
116136
sudo certbot --nginx -d your-domain.com
117137
```
118-
119138
### 4. Regular Backups
120139

121140
Create a backup script:
@@ -124,6 +143,8 @@ Create a backup script:
124143
sudo nano /usr/local/bin/openspp-backup.sh
125144
```
126145

146+
Add the following content:
147+
127148
```bash
128149
#!/bin/bash
129150
BACKUP_DIR="/var/backups/openspp"

0 commit comments

Comments
 (0)