Skip to content

Security Guide

Christian Blank edited this page Nov 8, 2024 · 1 revision

Security Guide

Basic Security Measures

API Key Protection

  1. Never share your API keys
  2. Use unique API keys for each service
  3. Regularly rotate API keys
  4. Store keys securely in config.ini

Access Control

Telegram User Authentication

[telegram]
# Only allow specific users
admin = YOUR_TELEGRAM_ID
additional_admins = ID1,ID2,ID3

IP Restrictions

[security]
# Limit access to specific IPs/networks
allowed_ips = 192.168.1.0/24,10.0.0.0/8

Network Security

HTTPS Configuration

Sonarr/Radarr HTTPS

[sonarr]
host = https://sonarr.example.com
verify_ssl = true

[radarr]
host = https://radarr.example.com
verify_ssl = true

Reverse Proxy Setup

Nginx Configuration Example

server {
    listen 443 ssl;
    server_name sonarr.example.com;

    ssl_certificate /path/to/cert.pem;
    ssl_certificate_key /path/to/key.pem;

    location / {
        proxy_pass http://localhost:8989;
        proxy_set_header Host $host;
        proxy_set_header X-Real-IP $remote_addr;
    }
}

Docker Security

Container Isolation

version: '3'
services:
  addarr:
    # ... other config ...
    security_opt:
      - no-new-privileges:true
    read_only: true
    tmpfs:
      - /tmp

Minimal Permissions

    environment:
      - PUID=1000
      - PGID=1000
    volumes:
      - /path/to/config:/config:ro

File System Security

Configuration File Permissions

# Set restrictive permissions
chmod 600 config.ini
chown user:user config.ini

Log File Security

# Secure log directory
chmod 700 /path/to/logs
chown user:user /path/to/logs

Secure Communication

SSL/TLS Configuration

[security]
verify_ssl = true
cert_file = /path/to/cert.pem
key_file = /path/to/key.pem
min_tls_version = TLSv1.2

Certificate Management

  1. Use trusted certificates
  2. Keep certificates up to date
  3. Monitor expiration dates
  4. Use strong key sizes

Monitoring and Logging

Security Logging

[logging]
# Enable security logging
security_log = true
log_level = INFO
log_file = /path/to/security.log

# Log format
log_format = %(asctime)s - %(levelname)s - %(message)s

Alert Configuration

[alerts]
# Enable security alerts
notify_on_unauthorized = true
notify_on_failed_login = true
notify_on_config_change = true

Best Practices

Password and Key Management

  1. Use strong, unique passwords
  2. Store credentials securely
  3. Regular key rotation
  4. Audit access regularly

Network Security

  1. Use HTTPS everywhere
  2. Enable firewall rules
  3. Restrict network access
  4. Monitor traffic

System Security

  1. Keep systems updated
  2. Regular security audits
  3. Monitor system logs
  4. Backup configuration

Security Checklist

Initial Setup

  • Secure API keys
  • Configure user authentication
  • Set up HTTPS
  • Configure firewalls
  • Set file permissions

Regular Maintenance

  • Update certificates
  • Rotate API keys
  • Review access logs
  • Update software
  • Backup configuration

Incident Response

Security Breach Steps

  1. Revoke compromised keys
  2. Change all passwords
  3. Review access logs
  4. Update security measures
  5. Document incident

Recovery Process

  1. Deploy new API keys
  2. Verify system integrity
  3. Restore from backup
  4. Update documentation
  5. Implement new security measures

Additional Resources

Security Tools

  • SSL/TLS testers
  • Network monitoring tools
  • Log analyzers
  • Security scanners

Documentation

  • API security guides
  • Docker security docs
  • Network security best practices
  • System hardening guides

Clone this wiki locally