-
-
Notifications
You must be signed in to change notification settings - Fork 3
Security Guide
Christian Blank edited this page Nov 8, 2024
·
1 revision
- Never share your API keys
- Use unique API keys for each service
- Regularly rotate API keys
- Store keys securely in config.ini
[telegram]
# Only allow specific users
admin = YOUR_TELEGRAM_ID
additional_admins = ID1,ID2,ID3[security]
# Limit access to specific IPs/networks
allowed_ips = 192.168.1.0/24,10.0.0.0/8[sonarr]
host = https://sonarr.example.com
verify_ssl = true
[radarr]
host = https://radarr.example.com
verify_ssl = trueserver {
listen 443 ssl;
server_name sonarr.example.com;
ssl_certificate /path/to/cert.pem;
ssl_certificate_key /path/to/key.pem;
location / {
proxy_pass http://localhost:8989;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
}
}version: '3'
services:
addarr:
# ... other config ...
security_opt:
- no-new-privileges:true
read_only: true
tmpfs:
- /tmp environment:
- PUID=1000
- PGID=1000
volumes:
- /path/to/config:/config:ro# Set restrictive permissions
chmod 600 config.ini
chown user:user config.ini# Secure log directory
chmod 700 /path/to/logs
chown user:user /path/to/logs[security]
verify_ssl = true
cert_file = /path/to/cert.pem
key_file = /path/to/key.pem
min_tls_version = TLSv1.2- Use trusted certificates
- Keep certificates up to date
- Monitor expiration dates
- Use strong key sizes
[logging]
# Enable security logging
security_log = true
log_level = INFO
log_file = /path/to/security.log
# Log format
log_format = %(asctime)s - %(levelname)s - %(message)s[alerts]
# Enable security alerts
notify_on_unauthorized = true
notify_on_failed_login = true
notify_on_config_change = true- Use strong, unique passwords
- Store credentials securely
- Regular key rotation
- Audit access regularly
- Use HTTPS everywhere
- Enable firewall rules
- Restrict network access
- Monitor traffic
- Keep systems updated
- Regular security audits
- Monitor system logs
- Backup configuration
- Secure API keys
- Configure user authentication
- Set up HTTPS
- Configure firewalls
- Set file permissions
- Update certificates
- Rotate API keys
- Review access logs
- Update software
- Backup configuration
- Revoke compromised keys
- Change all passwords
- Review access logs
- Update security measures
- Document incident
- Deploy new API keys
- Verify system integrity
- Restore from backup
- Update documentation
- Implement new security measures
- SSL/TLS testers
- Network monitoring tools
- Log analyzers
- Security scanners
- API security guides
- Docker security docs
- Network security best practices
- System hardening guides