Clarify private deployment hardening docs
Document safer defaults and deployment guidance for network-accessible Odysseus installs. The guidance emphasizes keeping auth enabled, disabling localhost bypass outside development, using secure cookies for HTTPS/reverse-proxy deployments, and exposing only the authenticated Odysseus entrypoint through a trusted proxy or private access layer. Also clarify that bundled services, databases, vector stores, notification services, and raw model/provider APIs should remain internal-only. This is documentation and config-example only. It does not change runtime behavior.
This commit is contained in:
Alexandre Teixeira
committed by
GitHub
GitHub
parent
eda99360d1
commit
e129378014
12
SECURITY.md
12
SECURITY.md
@@ -8,16 +8,20 @@ Security fixes are handled on the default branch until formal releases are cut.
|
||||
|
||||
## Deployment Guidance
|
||||
|
||||
- Keep `AUTH_ENABLED=true`.
|
||||
- Keep `AUTH_ENABLED=true` for any network-accessible deployment.
|
||||
- Keep `LOCALHOST_BYPASS=false` outside local development.
|
||||
- Set `SECURE_COOKIES=true` when Odysseus is served through HTTPS by a trusted reverse proxy or private access gateway.
|
||||
- Use HTTPS when exposing the app beyond localhost.
|
||||
- Put the app behind a trusted reverse proxy or private network.
|
||||
- Protect `.env`, `data/`, logs, uploaded files, generated media, and database files.
|
||||
- Put the authenticated Odysseus web/API entrypoint behind a trusted reverse proxy or private access layer such as Cloudflare Access, Tailscale, or a VPN.
|
||||
- Keep ChromaDB, SearXNG, ntfy, Ollama, vLLM, llama.cpp, databases, and raw model/provider APIs internal-only.
|
||||
- Protect `.env`, `data/`, `logs/`, uploads, generated media, backups, auth/session files, database files, API keys, and model/provider tokens.
|
||||
- Disable open signup unless you intentionally want new accounts.
|
||||
- Keep demo/test users non-admin, and remove them entirely on serious deployments.
|
||||
- Give admin accounts strong passwords and enable 2FA where possible.
|
||||
- Leave high-risk agent tools restricted to admins: shell, Python, file read/write, email send/read, MCP, app API, task/skill/memory management, settings, tokens, and model serving.
|
||||
- Rotate API keys, webhook secrets, and Odysseus API tokens if they appear in logs, screenshots, demos, or shared chats.
|
||||
- Treat shell, model-serving, MCP, email, calendar, and vault features as privileged admin functionality.
|
||||
- Common internal-only ports are Odysseus `7000`, SearXNG `8080`, ntfy `8091`, ChromaDB `8100`, Ollama `11434`, and local model/provider APIs such as `8000-8020`.
|
||||
|
||||
## Publishing A Fork
|
||||
|
||||
@@ -29,7 +33,7 @@ git check-ignore -v .env data/auth.json data/app.db logs/compound.log odysseus.d
|
||||
git grep -n -I -E "(sk-[A-Za-z0-9_-]{20,}|xox[baprs]-|AIza[0-9A-Za-z_-]{20,}|Bearer [A-Za-z0-9._~+/-]{20,})" -- . ':!static/lib/**' ':!package-lock.json'
|
||||
```
|
||||
|
||||
Only `.env.example`, docs, source, tests, and static assets should be committed. Never commit live `data/` contents, local databases, uploaded files, generated media, logs, backups, API keys, password hashes, or personal documents.
|
||||
Only `.env.example`, docs, source, tests, and static assets should be committed. Never commit live `.env` values, `data/` contents, local databases, uploaded files, generated media, logs, backups, auth/session files, API keys, model/provider tokens, password hashes, or personal documents.
|
||||
|
||||
## Reporting
|
||||
|
||||
|
||||
Reference in New Issue
Block a user