Initial commit - QBPOS Help

2026-01-27 18:07:54 -06:00
commit e3d556b732
2307 changed files with 219842 additions and 0 deletions
--- a/docs/DEPLOYMENT_GUIDE.md
+++ b/docs/DEPLOYMENT_GUIDE.md
@@ -0,0 +1,256 @@
+# QuickBooks POS Help Server - Security & Deployment Guide
+
+## Current Setup Status
+
+✅ Secure production server created
+✅ Auto-restart service configured
+✅ HTTPS preparation complete
+⏳ DNS setup (pending)
+⏳ HTTPS enabled (pending)
+
+## Security Features Implemented
+
+### 1. IP Whitelist
+
+- Located in `secure_production_server.py`
+- Edit `ALLOWED_IPS` list to restrict access
+- Example: `ALLOWED_IPS = ['192.168.10.0/24', '10.0.0.1']`
+- Default: Empty list = Allow all (update before production)
+
+### 2. Rate Limiting
+
+- 1000 requests per minute per IP
+- Prevents DDoS attacks
+- Configurable via `RATE_LIMIT_REQUESTS`
+
+### 3. Security Headers
+
+- X-Content-Type-Options: nosniff
+- X-Frame-Options: SAMEORIGIN
+- X-XSS-Protection: enabled
+
+### 4. Logging
+
+- All requests logged to `/tmp/qbpos_help_server.log`
+- Errors and security events tracked
+- Use `sudo journalctl -u qbpos-help -f` for live logs
+
+## Installation Steps
+
+### Step 1: Stop Current Server
+
+```bash
+pkill -9 python3
+```
+
+### Step 2: Install as System Service (Auto-Restart on Reboot)
+
+```bash
+cd /home/pts/Documents/QBPOS_Help_Web
+chmod +x install_service.sh
+sudo bash install_service.sh
+```
+
+### Step 3: Verify Service is Running
+
+```bash
+sudo systemctl status qbpos-help
+```
+
+### Step 4: Test Access
+
+```bash
+curl http://localhost:8888/POS_Help.html
+```
+
+## Service Management Commands
+
+```bash
+# Start service
+sudo systemctl start qbpos-help
+
+# Stop service
+sudo systemctl stop qbpos-help
+
+# Restart service
+sudo systemctl restart qbpos-help
+
+# Check status
+sudo systemctl status qbpos-help
+
+# View logs
+sudo journalctl -u qbpos-help -f
+
+# Enable auto-start on boot (already done)
+sudo systemctl enable qbpos-help
+
+# Disable auto-start
+sudo systemctl disable qbpos-help
+```
+
+## HTTPS Setup (When Ready with DNS)
+
+### Prerequisites
+
+1. Domain name (e.g., qbpos.prompttech.com)
+2. Domain DNS pointing to server IP: 192.168.10.130
+3. Ports 80 and 443 open in firewall
+
+### Setup HTTPS
+
+```bash
+cd /home/pts/Documents/QBPOS_Help_Web
+chmod +x setup_https.sh
+sudo bash setup_https.sh
+```
+
+Follow prompts to enter domain name. Script will:
+
+- Install Certbot
+- Obtain Let's Encrypt SSL certificate
+- Configure server for HTTPS
+- Enable auto-renewal
+- Change port from 8888 to 443
+
+## Security Hardening Checklist
+
+### Before Production
+
+- [ ] Update `ALLOWED_IPS` in secure_production_server.py
+- [ ] Review and adjust `RATE_LIMIT_REQUESTS`
+- [ ] Set up firewall rules (UFW)
+- [ ] Configure DNS
+- [ ] Enable HTTPS
+- [ ] Set up monitoring alerts
+- [ ] Create backup strategy
+
+### Firewall Configuration (UFW)
+
+```bash
+# Install UFW
+sudo apt install ufw
+
+# Allow SSH
+sudo ufw allow 22/tcp
+
+# Allow HTTP (for Let's Encrypt verification)
+sudo ufw allow 80/tcp
+
+# Allow HTTPS (when ready)
+sudo ufw allow 443/tcp
+
+# Or allow custom port (current setup)
+sudo ufw allow 8888/tcp
+
+# Enable firewall
+sudo ufw enable
+
+# Check status
+sudo ufw status
+```
+
+## Monitoring
+
+### Check Server Health
+
+```bash
+# CPU and memory usage
+top | grep python3
+
+# Connection count
+ss -ant | grep :8888 | wc -l
+
+# Recent errors
+sudo journalctl -u qbpos-help --since "1 hour ago" | grep ERROR
+```
+
+### Log Analysis
+
+```bash
+# View access log
+tail -f /tmp/qbpos_help_server.log
+
+# Count requests by IP
+grep "GET" /tmp/qbpos_help_server.log | awk '{print $1}' | sort | uniq -c | sort -rn
+
+# Find blocked IPs
+grep "Blocked" /tmp/qbpos_help_server.log
+```
+
+## Troubleshooting
+
+### Service won't start
+
+```bash
+sudo journalctl -u qbpos-help -n 50
+```
+
+### Port already in use
+
+```bash
+sudo lsof -i :8888
+sudo kill -9 <PID>
+sudo systemctl restart qbpos-help
+```
+
+### Permission issues
+
+```bash
+sudo chown -R pts:pts /home/pts/Documents/QBPOS_Help_Web
+chmod +x /home/pts/Documents/QBPOS_Help_Web/secure_production_server.py
+```
+
+## DNS Setup (When Ready)
+
+1. **Get domain name** (e.g., qbpos.prompttech.com)
+2. **Add A record** in DNS provider:
+   - Type: A
+   - Name: qbpos (or @)
+   - Value: 192.168.10.130
+   - TTL: 3600
+3. **Wait for propagation** (5-30 minutes)
+4. **Verify**: `nslookup qbpos.prompttech.com`
+5. **Run HTTPS setup**: `sudo bash setup_https.sh`
+
+## Current Access URLs
+
+- **HTTP (current)**: <http://192.168.10.130:8888/POS_Help.html>
+- **Localhost**: <http://localhost:8888/POS_Help.html>
+- **After DNS**: <http://yourdomain.com:8888/POS_Help.html>
+- **After HTTPS**: <https://yourdomain.com/POS_Help.html>
+
+## Backup Strategy
+
+### Configuration Files
+
+```bash
+# Backup important files
+mkdir -p ~/backups/qbpos_help
+cp /home/pts/Documents/QBPOS_Help_Web/secure_production_server.py ~/backups/qbpos_help/
+cp /etc/systemd/system/qbpos-help.service ~/backups/qbpos_help/
+```
+
+### Full Backup
+
+```bash
+tar -czf ~/qbpos_help_backup_$(date +%Y%m%d).tar.gz \
+  /home/pts/Documents/QBPOS_Help_Web/
+```
+
+## Support & Maintenance
+
+- Server auto-restarts on failure (10 second delay)
+- Server auto-starts on system reboot
+- SSL certificates auto-renew (when HTTPS enabled)
+- Logs rotate automatically via systemd
+
+## Next Steps
+
+1. ✅ Service installed and running
+2. ⏳ Configure IP whitelist (edit ALLOWED_IPS)
+3. ⏳ Set up firewall (UFW)
+4. ⏳ Obtain domain name
+5. ⏳ Configure DNS
+6. ⏳ Enable HTTPS
+
+For questions: Contact system administrator