Refactored Readme
This commit is contained in:
Khwezi Mngoma
@@ -1 +1,43 @@
|
|||||||
# LiteCharmsSecurity
|
# LiteCharmsSecurity
|
||||||
|
|
||||||
|
An enterprise-grade Identity and Access Management (IAM) solution built on top of **Skoruba Duende IdentityServer**. This repository houses the entire security architecture for the Lite Charms ecosystem, providing Single Sign-On (SSO), OAuth 2.0, and OpenID Connect (OIDC) capabilities.
|
||||||
|
|
||||||
|
---
|
||||||
|
|
||||||
|
## 🌐 Infrastructure Architecture
|
||||||
|
|
||||||
|
This solution is optimized for production-grade self-hosting behind a secure reverse-proxy tunnel.
|
||||||
|
|
||||||
|
* **Identity Provider (STS):** `sts.security.khongisa.co.za` (Port `8083`)
|
||||||
|
* **Management Console (Admin UI):** `admin.security.khongisa.co.za` (Port `8081`)
|
||||||
|
* **Management Backend (Admin API):** `api.security.khongisa.co.za` (Port `8082`)
|
||||||
|
|
||||||
|
### Deployment Stack
|
||||||
|
* **Reverse Proxy / Edge Router:** Pangolin (Handles full external SSL termination).
|
||||||
|
* **Container Orchestrator:** Dockhand VM (Automated GitOps deployments pulled directly from Gitea).
|
||||||
|
* **Database Layer:** Dedicated PostgreSQL running in an isolated Proxmox LXC Container (`192.168.1.170`).
|
||||||
|
|
||||||
|
---
|
||||||
|
|
||||||
|
## 🛠️ Environment Variables Configuration
|
||||||
|
|
||||||
|
Do not check production secrets into Git. Define the following environment variables within the **Dockhand UI** before launching or updating the stack:
|
||||||
|
|
||||||
|
| Variable | Description | Example / Default |
|
||||||
|
| :--- | :--- | :--- |
|
||||||
|
| `DB_PASSWORD` | Master password for the Postgres LXC container database instance. | *[Secure Sensitive Value]* |
|
||||||
|
| `SMTP_PASSWORD` | Password for the outbox notification transactional mail provider. | *[Secure Sensitive Value]* |
|
||||||
|
| `SMTP_HOST` | Outbound mail relay server domain. | `mail.litecharms.co.za` |
|
||||||
|
| `SMTP_LOGIN` | Corporate security transactional system email account. | `security@litecharms.co.za` |
|
||||||
|
| `APPLY_MIGRATIONS` | Toggles automatic Entity Framework database migrations on startup. | `true` (First Run Only) |
|
||||||
|
| `APPLY_SEED` | Seeds baseline system roles, client configurations, and default admin users. | `true` (First Run Only) |
|
||||||
|
|
||||||
|
---
|
||||||
|
|
||||||
|
## 🚀 Deployment Instructions via Dockhand
|
||||||
|
|
||||||
|
### 1. First-Time Setup (Initialization Mode)
|
||||||
|
When deploying this stack for the absolute first time onto a blank database instance, ensure both flags are explicitly enabled in the Dockhand dashboard:
|
||||||
|
```env
|
||||||
|
APPLY_MIGRATIONS=true
|
||||||
|
APPLY_SEED=true
|
||||||
Reference in New Issue
Block a user