init local package repo
This commit is contained in:
MacPro
+32
@@ -0,0 +1,32 @@
|
||||
# Venture CRM Go-Live Security Checklist
|
||||
|
||||
## 1) Secrets and environment
|
||||
- Set `CRM_ENV=production`.
|
||||
- Set a strong `CRM_SECRET_KEY` (required in production mode).
|
||||
- Set `CRM_CORS_ORIGIN` to your exact app origin (not `*`).
|
||||
- Optional rate limits:
|
||||
- `CRM_LOGIN_RATE_LIMIT_PER_MIN` (default `20`)
|
||||
- `CRM_WRITE_RATE_LIMIT_PER_MIN` (default `300`)
|
||||
|
||||
## 2) Network access
|
||||
- Preferred: Tailscale private access.
|
||||
- Run app on local host machine; share via tailnet only.
|
||||
- Restrict OS firewall to Tailscale interface where possible.
|
||||
|
||||
## 3) TLS/HTTPS
|
||||
- If app is exposed beyond tailnet, place behind HTTPS reverse proxy (Caddy/Nginx/Traefik).
|
||||
- Do not expose raw HTTP directly to the internet.
|
||||
|
||||
## 4) Accounts and auth
|
||||
- Keep invite-only user creation through admin settings.
|
||||
- Rotate temporary passwords after onboarding.
|
||||
- Disable/deactivate stale users.
|
||||
|
||||
## 5) Backups and restore safety
|
||||
- Keep scheduled backups enabled.
|
||||
- Run backup verification after major updates.
|
||||
- Test restore in a non-primary copy before production restore.
|
||||
|
||||
## 6) Operational monitoring
|
||||
- Review activity feed and audit log regularly.
|
||||
- Watch `429` responses as early abuse/misconfiguration signal.
|
||||
Reference in New Issue
Block a user