🔐 Security hardening: auth, rate limiting, brute force protection
- Add comprehensive security package with: - API Key generation and validation (SHA256 hash) - Password policy enforcement (min 12 chars, complexity) - Rate limiting with presets (auth, api, ingest, export) - Brute force protection (5 attempts, 15min lockout) - Security headers middleware - IP whitelisting - Audit logging structure - Secure token generation - Enhanced auth middleware: - JWT + API Key dual authentication - Token revocation via Redis - Scope-based authorization - Role-based access control - Updated installer with: - Interactive setup for client customization - Auto-generated secure credentials - Docker all-in-one image - Agent installer script - Added documentation: - SECURITY.md - Complete security guide - INSTALL.md - Installation guide - .env.example - Configuration reference
This commit is contained in:
26
deploy/docker/supervisord.conf
Normal file
26
deploy/docker/supervisord.conf
Normal file
@@ -0,0 +1,26 @@
|
||||
[supervisord]
|
||||
nodaemon=true
|
||||
logfile=/app/logs/supervisord.log
|
||||
pidfile=/tmp/supervisord.pid
|
||||
user=ophion
|
||||
|
||||
[program:ophion-server]
|
||||
command=/app/bin/ophion-server
|
||||
directory=/app
|
||||
autostart=true
|
||||
autorestart=true
|
||||
stdout_logfile=/app/logs/server.log
|
||||
stderr_logfile=/app/logs/server.error.log
|
||||
environment=PORT="%(ENV_SERVER_PORT)s"
|
||||
|
||||
[program:ophion-web]
|
||||
command=npm start
|
||||
directory=/app/web
|
||||
autostart=true
|
||||
autorestart=true
|
||||
stdout_logfile=/app/logs/web.log
|
||||
stderr_logfile=/app/logs/web.error.log
|
||||
environment=PORT="%(ENV_DASHBOARD_PORT)s"
|
||||
|
||||
[group:ophion]
|
||||
programs=ophion-server,ophion-web
|
||||
Reference in New Issue
Block a user