vrr/DockFlare
2
0
Fork 0
mirror of https://github.com/ChrispyBacon-dev/DockFlare.git synced 2026-04-28 03:39:32 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions

Support for Redis DB Index / isolation for shared Redis

Browse source
This commit is contained in:
ChrispyBacon-dev 2025-09-25 19:06:37 +02:00
parent 49e9e128a9
commit 85da990f3f
9 changed files with 29 additions and 45 deletions
Download patch file Download diff file Expand all files Collapse all files

2
dockflare/app/templates/docs/Security-Architecture.md
View file

@ -45,7 +45,7 @@ This document explains how DockFlare secures both the Master node and enrolled A
| Area | Recommendation |
| --- | --- |
| Docker Volumes | Persist `/app/data` (encrypted config, keys, state). Persist `/app/logs` if file logging is enabled, and ensure host mounts are writable by UID/GID 65532 or your overridden build args. |
| Redis | Run `redis:7-alpine` alongside DockFlare on a private network (`dockflare-internal`) or point `REDIS_URL` to a hardened instance (auth/TLS). Avoid exposing Redis publicly. |
| Redis | Run `redis:7-alpine` alongside DockFlare on a private network (`dockflare-internal`) or point `REDIS_URL` to a hardened instance (auth/TLS). Avoid exposing Redis publicly. Use `REDIS_DB_INDEX` to isolate DockFlare data from other containers sharing the same Redis instance. |
| Backups | Download the `.zip` regularly and store it with `dockflare.key`. Both files are required to decrypt the configuration on restore. |
| Agents | Treat API keys like credentials. Deploy them with the socket proxy so only required Docker endpoints are exposed, and remember the container runs as the unprivileged `dockflare` user (UID/GID 65532); align host permissions or rebuild with matching `DOCKFLARE_UID/DOCKFLARE_GID`. |
| Reverse Proxy | Place DockFlare behind Cloudflare Access or another trusted IdP. If you disable password login, ensure upstream authentication is always enforced. |