litecharms/security
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
68ee0ad3b74c410792c0a18df5c422cbcc1a15e6
security/README.md
T
Khwezi Mngoma 36944d6655 Refactored Readme
2026-06-05 23:06:38 +02:00

43 lines
2.2 KiB
Markdown
Raw Blame History

# LiteCharmsSecurity
An enterprise-grade Identity and Access Management (IAM) solution built on top of **Skoruba Duende IdentityServer**. This repository houses the entire security architecture for the Lite Charms ecosystem, providing Single Sign-On (SSO), OAuth 2.0, and OpenID Connect (OIDC) capabilities.
---
## 🌐 Infrastructure Architecture
This solution is optimized for production-grade self-hosting behind a secure reverse-proxy tunnel.
* **Identity Provider (STS):** `sts.security.khongisa.co.za` (Port `8083`)
* **Management Console (Admin UI):** `admin.security.khongisa.co.za` (Port `8081`)
* **Management Backend (Admin API):** `api.security.khongisa.co.za` (Port `8082`)
### Deployment Stack
* **Reverse Proxy / Edge Router:** Pangolin (Handles full external SSL termination).
* **Container Orchestrator:** Dockhand VM (Automated GitOps deployments pulled directly from Gitea).
* **Database Layer:** Dedicated PostgreSQL running in an isolated Proxmox LXC Container (`192.168.1.170`).
---
## 🛠️ Environment Variables Configuration
Do not check production secrets into Git. Define the following environment variables within the **Dockhand UI** before launching or updating the stack:
| Variable | Description | Example / Default |
| :--- | :--- | :--- |
| `DB_PASSWORD` | Master password for the Postgres LXC container database instance. | *[Secure Sensitive Value]* |
| `SMTP_PASSWORD` | Password for the outbox notification transactional mail provider. | *[Secure Sensitive Value]* |
| `SMTP_HOST` | Outbound mail relay server domain. | `mail.litecharms.co.za` |
| `SMTP_LOGIN` | Corporate security transactional system email account. | `security@litecharms.co.za` |
| `APPLY_MIGRATIONS` | Toggles automatic Entity Framework database migrations on startup. | `true` (First Run Only) |
| `APPLY_SEED` | Seeds baseline system roles, client configurations, and default admin users. | `true` (First Run Only) |
---
## 🚀 Deployment Instructions via Dockhand
### 1. First-Time Setup (Initialization Mode)
When deploying this stack for the absolute first time onto a blank database instance, ensure both flags are explicitly enabled in the Dockhand dashboard:
```env
APPLY_MIGRATIONS=true
APPLY_SEED=true
Reference in New Issue View Git Blame Copy Permalink