Fix predefined catalog visibility and port security must-know guidance
This commit is contained in:
75
README.md
75
README.md
@@ -75,34 +75,69 @@ docker compose down
|
||||
|
||||
## Security Must-Know Before Real User Deployment
|
||||
|
||||
This repository starts in a development-friendly mode. Before exposing it to real users or untrusted networks, verify these controls:
|
||||
The items below port the `MUST KNOW User-Dependent Risks` from `REPORT.md` into explicit operator actions.
|
||||
|
||||
1. Environment mode and host binding:
|
||||
### High: Development-first defaults can be promoted to production
|
||||
|
||||
Avoid:
|
||||
- Set `APP_ENV=production`.
|
||||
- Keep `HOST_BIND_IP=127.0.0.1` and publish through an HTTPS reverse proxy instead of broad host bind.
|
||||
- Set `PROVIDER_BASE_URL_ALLOW_HTTP=false`.
|
||||
- Set `PROVIDER_BASE_URL_ALLOW_PRIVATE_NETWORK=false`.
|
||||
- Set a strict non-empty `PROVIDER_BASE_URL_ALLOWLIST` for approved provider hosts only.
|
||||
- Set `PUBLIC_BASE_URL` to HTTPS.
|
||||
- Restrict `CORS_ORIGINS` to exact production frontend origins.
|
||||
- Use `REDIS_URL` with `rediss://`.
|
||||
- Set `REDIS_SECURITY_MODE=strict`.
|
||||
- Set `REDIS_TLS_MODE=required`.
|
||||
- Keep `HOST_BIND_IP=127.0.0.1` and expose services only through an HTTPS reverse proxy.
|
||||
|
||||
2. Bootstrap credentials:
|
||||
- Replace all `AUTH_BOOTSTRAP_*` values with strong unique passwords before first public deployment.
|
||||
- Disable optional bootstrap user credentials unless they are needed.
|
||||
Remedy:
|
||||
- Immediately correct the values above and redeploy `api` and `worker` (`docker compose up -d api worker`).
|
||||
- Rotate `AUTH_BOOTSTRAP_*` credentials, provider API keys, and Redis credentials if insecure values were used in a reachable environment.
|
||||
- Re-check `.env.example` and `docker-compose.yml` before each production promotion.
|
||||
|
||||
3. Processing log text persistence:
|
||||
- Keep `PROCESSING_LOG_STORE_MODEL_IO_TEXT=false` and `PROCESSING_LOG_STORE_PAYLOAD_TEXT=false` unless temporary debugging is required.
|
||||
- Enabling these values can store sensitive prompt, response, and payload text.
|
||||
### Medium: Login throttle IP identity depends on proxy trust model
|
||||
|
||||
4. Provider outbound restrictions:
|
||||
- Keep `PROVIDER_BASE_URL_ALLOW_HTTP=false` and `PROVIDER_BASE_URL_ALLOW_PRIVATE_NETWORK=false`.
|
||||
- Set a strict `PROVIDER_BASE_URL_ALLOWLIST` containing only approved provider hosts.
|
||||
Current behavior:
|
||||
- Login throttle identity currently uses `request.client.host` directly.
|
||||
|
||||
5. Public URL and CORS posture:
|
||||
- Use HTTPS in `PUBLIC_BASE_URL`.
|
||||
- Restrict `CORS_ORIGINS` to exact production frontend origins only.
|
||||
Avoid:
|
||||
- Deploy so the backend receives true client IP addresses and does not collapse all traffic to one proxy source IP.
|
||||
- Validate lockout behavior with multiple client IPs before going live behind a proxy.
|
||||
|
||||
6. Redis transport security:
|
||||
- For live deployments, use `REDIS_URL` with `rediss://`, set `REDIS_SECURITY_MODE=strict`, and set `REDIS_TLS_MODE=required`.
|
||||
Remedy:
|
||||
- If lockouts affect many users at once, temporarily increase `AUTH_LOGIN_FAILURE_LIMIT` and tune lockout timings to reduce impact while mitigation is in progress.
|
||||
- Update network and proxy topology so client IP identity is preserved for the backend, then re-run lockout validation tests.
|
||||
|
||||
7. Development compose defaults:
|
||||
- Review `.env.example` and `docker-compose.yml` security-related defaults before deployment.
|
||||
- Do not promote development defaults unchanged into production.
|
||||
### Medium: API documentation endpoints are exposed by default
|
||||
|
||||
Avoid:
|
||||
- Block public access to `/docs`, `/redoc`, and `/openapi.json` at the reverse proxy or edge firewall.
|
||||
- Keep docs endpoints reachable only from trusted internal/admin networks.
|
||||
|
||||
Remedy:
|
||||
- Add deny rules for those paths immediately and reload the proxy.
|
||||
- Verify those routes return `403` or `404` from untrusted networks.
|
||||
|
||||
### Medium: Bearer token is stored in browser `sessionStorage`
|
||||
|
||||
Avoid:
|
||||
- Enforce strict CSP and disallow inline script execution where possible.
|
||||
- Avoid rendering untrusted HTML or script-capable content in the frontend.
|
||||
- Keep dependencies patched to reduce known XSS vectors.
|
||||
|
||||
Remedy:
|
||||
- If XSS is suspected, revoke active sessions, rotate privileged credentials, and redeploy frontend fixes before restoring user access.
|
||||
- Treat exposed browser sessions as compromised until revocation and credential rotation are complete.
|
||||
|
||||
### Low: Typesense transport defaults to HTTP on internal network
|
||||
|
||||
Avoid:
|
||||
- Keep Typesense on isolated internal networks only.
|
||||
- Do not expose Typesense service ports directly to untrusted networks.
|
||||
|
||||
Remedy:
|
||||
- For cross-host or untrusted network paths, terminate TLS in front of Typesense (or use equivalent secure service networking) and require encrypted transport for all clients.
|
||||
|
||||
## Common Operations
|
||||
|
||||
|
||||
Reference in New Issue
Block a user