-
Notifications
You must be signed in to change notification settings - Fork 2
Security
This page documents several security aspects/features of tagbase-server. The documentation covers various areas and levels of the codebase.
tagbase-server employs NGINX; an extremely popular HTTP and reverse proxy server (amongst other things) in a reverse proxy configuration to manage all in and out-bound traffic. The docker composition is configured such that the latest version of NGINX is utilized for each tagbase-server deployment.
By default NGINX is configured to forward traffic on any port to port 443 (HTTPS) which enforces Transport Layer Security (TLS). This ensures that client requests and the resulting connections are secure and that any data being sent between two systems is safeguarded. TLS does this by making sure that any data transferred between users and tagbase-server remains impossible to read. It uses encryption algorithms to scramble data in transit, preventing anyone from reading it as it is sent over the connection. This is accomplished through the use of TLS certificates (Certs).
In order to successfully deploy tagbase-server it is necessary to first generate TLS certificates. This documentation does not aim to provide an entire tutorial on this topic. For that level of detail the user would be better consulting letsencrypt.org or similar. Instead, for non-production deployment purposes, TLS Certificates can generated as follows
openssl req -x509 -nodes -newkey rsa:2048 -keyout key.pem -out cert.pem -sha256 -days 365 -subj "/C=GB/ST=London/L=London/O=Alros/OU=IT Department/CN=localhost"
The resulting key.pem and cert.pem must then be placed into ${TAGBASE_SERVER_HOME}/services/nginx/ssl/. The TLS certs will then be interpreted within the docker composition and used when NGINX is deployed.