5.1 KiB
5.1 KiB
QuickBooks POS Help Server - Security & Deployment Guide
Current Setup Status
✅ Secure production server created ✅ Auto-restart service configured ✅ HTTPS preparation complete ⏳ DNS setup (pending) ⏳ HTTPS enabled (pending)
Security Features Implemented
1. IP Whitelist
- Located in
secure_production_server.py - Edit
ALLOWED_IPSlist to restrict access - Example:
ALLOWED_IPS = ['192.168.10.0/24', '10.0.0.1'] - Default: Empty list = Allow all (update before production)
2. Rate Limiting
- 1000 requests per minute per IP
- Prevents DDoS attacks
- Configurable via
RATE_LIMIT_REQUESTS
3. Security Headers
- X-Content-Type-Options: nosniff
- X-Frame-Options: SAMEORIGIN
- X-XSS-Protection: enabled
4. Logging
- All requests logged to
/tmp/qbpos_help_server.log - Errors and security events tracked
- Use
sudo journalctl -u qbpos-help -ffor live logs
Installation Steps
Step 1: Stop Current Server
pkill -9 python3
Step 2: Install as System Service (Auto-Restart on Reboot)
cd /home/pts/Documents/QBPOS_Help_Web
chmod +x install_service.sh
sudo bash install_service.sh
Step 3: Verify Service is Running
sudo systemctl status qbpos-help
Step 4: Test Access
curl http://localhost:8888/POS_Help.html
Service Management Commands
# Start service
sudo systemctl start qbpos-help
# Stop service
sudo systemctl stop qbpos-help
# Restart service
sudo systemctl restart qbpos-help
# Check status
sudo systemctl status qbpos-help
# View logs
sudo journalctl -u qbpos-help -f
# Enable auto-start on boot (already done)
sudo systemctl enable qbpos-help
# Disable auto-start
sudo systemctl disable qbpos-help
HTTPS Setup (When Ready with DNS)
Prerequisites
- Domain name (e.g., qbpos.prompttech.com)
- Domain DNS pointing to server IP: 192.168.10.130
- Ports 80 and 443 open in firewall
Setup HTTPS
cd /home/pts/Documents/QBPOS_Help_Web
chmod +x setup_https.sh
sudo bash setup_https.sh
Follow prompts to enter domain name. Script will:
- Install Certbot
- Obtain Let's Encrypt SSL certificate
- Configure server for HTTPS
- Enable auto-renewal
- Change port from 8888 to 443
Security Hardening Checklist
Before Production
- Update
ALLOWED_IPSin secure_production_server.py - Review and adjust
RATE_LIMIT_REQUESTS - Set up firewall rules (UFW)
- Configure DNS
- Enable HTTPS
- Set up monitoring alerts
- Create backup strategy
Firewall Configuration (UFW)
# Install UFW
sudo apt install ufw
# Allow SSH
sudo ufw allow 22/tcp
# Allow HTTP (for Let's Encrypt verification)
sudo ufw allow 80/tcp
# Allow HTTPS (when ready)
sudo ufw allow 443/tcp
# Or allow custom port (current setup)
sudo ufw allow 8888/tcp
# Enable firewall
sudo ufw enable
# Check status
sudo ufw status
Monitoring
Check Server Health
# CPU and memory usage
top | grep python3
# Connection count
ss -ant | grep :8888 | wc -l
# Recent errors
sudo journalctl -u qbpos-help --since "1 hour ago" | grep ERROR
Log Analysis
# View access log
tail -f /tmp/qbpos_help_server.log
# Count requests by IP
grep "GET" /tmp/qbpos_help_server.log | awk '{print $1}' | sort | uniq -c | sort -rn
# Find blocked IPs
grep "Blocked" /tmp/qbpos_help_server.log
Troubleshooting
Service won't start
sudo journalctl -u qbpos-help -n 50
Port already in use
sudo lsof -i :8888
sudo kill -9 <PID>
sudo systemctl restart qbpos-help
Permission issues
sudo chown -R pts:pts /home/pts/Documents/QBPOS_Help_Web
chmod +x /home/pts/Documents/QBPOS_Help_Web/secure_production_server.py
DNS Setup (When Ready)
- Get domain name (e.g., qbpos.prompttech.com)
- Add A record in DNS provider:
- Type: A
- Name: qbpos (or @)
- Value: 192.168.10.130
- TTL: 3600
- Wait for propagation (5-30 minutes)
- Verify:
nslookup qbpos.prompttech.com - Run HTTPS setup:
sudo bash setup_https.sh
Current Access URLs
- HTTP (current): http://192.168.10.130:8888/POS_Help.html
- Localhost: http://localhost:8888/POS_Help.html
- After DNS: http://yourdomain.com:8888/POS_Help.html
- After HTTPS: https://yourdomain.com/POS_Help.html
Backup Strategy
Configuration Files
# Backup important files
mkdir -p ~/backups/qbpos_help
cp /home/pts/Documents/QBPOS_Help_Web/secure_production_server.py ~/backups/qbpos_help/
cp /etc/systemd/system/qbpos-help.service ~/backups/qbpos_help/
Full Backup
tar -czf ~/qbpos_help_backup_$(date +%Y%m%d).tar.gz \
/home/pts/Documents/QBPOS_Help_Web/
Support & Maintenance
- Server auto-restarts on failure (10 second delay)
- Server auto-starts on system reboot
- SSL certificates auto-renew (when HTTPS enabled)
- Logs rotate automatically via systemd
Next Steps
- ✅ Service installed and running
- ⏳ Configure IP whitelist (edit ALLOWED_IPS)
- ⏳ Set up firewall (UFW)
- ⏳ Obtain domain name
- ⏳ Configure DNS
- ⏳ Enable HTTPS
For questions: Contact system administrator