PTS/QBPOS-Help
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
dev
QBPOS-Help/docs/DEPLOYMENT_GUIDE.md

257 lines
5.1 KiB
Markdown
Raw Permalink Blame History

# QuickBooks POS Help Server - Security & Deployment Guide
## Current Setup Status
✅ Secure production server created
✅ Auto-restart service configured
✅ HTTPS preparation complete
⏳ DNS setup (pending)
⏳ HTTPS enabled (pending)
## Security Features Implemented
### 1. IP Whitelist
- Located in `secure_production_server.py`
- Edit `ALLOWED_IPS` list to restrict access
- Example: `ALLOWED_IPS = ['192.168.10.0/24', '10.0.0.1']`
- Default: Empty list = Allow all (update before production)
### 2. Rate Limiting
- 1000 requests per minute per IP
- Prevents DDoS attacks
- Configurable via `RATE_LIMIT_REQUESTS`
### 3. Security Headers
- X-Content-Type-Options: nosniff
- X-Frame-Options: SAMEORIGIN
- X-XSS-Protection: enabled
### 4. Logging
- All requests logged to `/tmp/qbpos_help_server.log`
- Errors and security events tracked
- Use `sudo journalctl -u qbpos-help -f` for live logs
## Installation Steps
### Step 1: Stop Current Server
```bash
pkill -9 python3
```
### Step 2: Install as System Service (Auto-Restart on Reboot)
```bash
cd /home/pts/Documents/QBPOS_Help_Web
chmod +x install_service.sh
sudo bash install_service.sh
```
### Step 3: Verify Service is Running
```bash
sudo systemctl status qbpos-help
```
### Step 4: Test Access
```bash
curl http://localhost:8888/POS_Help.html
```
## Service Management Commands
```bash
# Start service
sudo systemctl start qbpos-help
# Stop service
sudo systemctl stop qbpos-help
# Restart service
sudo systemctl restart qbpos-help
# Check status
sudo systemctl status qbpos-help
# View logs
sudo journalctl -u qbpos-help -f
# Enable auto-start on boot (already done)
sudo systemctl enable qbpos-help
# Disable auto-start
sudo systemctl disable qbpos-help
```
## HTTPS Setup (When Ready with DNS)
### Prerequisites
1. Domain name (e.g., qbpos.prompttech.com)
2. Domain DNS pointing to server IP: 192.168.10.130
3. Ports 80 and 443 open in firewall
### Setup HTTPS
```bash
cd /home/pts/Documents/QBPOS_Help_Web
chmod +x setup_https.sh
sudo bash setup_https.sh
```
Follow prompts to enter domain name. Script will:
- Install Certbot
- Obtain Let's Encrypt SSL certificate
- Configure server for HTTPS
- Enable auto-renewal
- Change port from 8888 to 443
## Security Hardening Checklist
### Before Production
- [ ] Update `ALLOWED_IPS` in secure_production_server.py
- [ ] Review and adjust `RATE_LIMIT_REQUESTS`
- [ ] Set up firewall rules (UFW)
- [ ] Configure DNS
- [ ] Enable HTTPS
- [ ] Set up monitoring alerts
- [ ] Create backup strategy
### Firewall Configuration (UFW)
```bash
# Install UFW
sudo apt install ufw
# Allow SSH
sudo ufw allow 22/tcp
# Allow HTTP (for Let's Encrypt verification)
sudo ufw allow 80/tcp
# Allow HTTPS (when ready)
sudo ufw allow 443/tcp
# Or allow custom port (current setup)
sudo ufw allow 8888/tcp
# Enable firewall
sudo ufw enable
# Check status
sudo ufw status
```
## Monitoring
### Check Server Health
```bash
# CPU and memory usage
top | grep python3
# Connection count
ss -ant | grep :8888 | wc -l
# Recent errors
sudo journalctl -u qbpos-help --since "1 hour ago" | grep ERROR
```
### Log Analysis
```bash
# View access log
tail -f /tmp/qbpos_help_server.log
# Count requests by IP
grep "GET" /tmp/qbpos_help_server.log | awk '{print $1}' | sort | uniq -c | sort -rn
# Find blocked IPs
grep "Blocked" /tmp/qbpos_help_server.log
```
## Troubleshooting
### Service won't start
```bash
sudo journalctl -u qbpos-help -n 50
```
### Port already in use
```bash
sudo lsof -i :8888
sudo kill -9 <PID>
sudo systemctl restart qbpos-help
```
### Permission issues
```bash
sudo chown -R pts:pts /home/pts/Documents/QBPOS_Help_Web
chmod +x /home/pts/Documents/QBPOS_Help_Web/secure_production_server.py
```
## DNS Setup (When Ready)
1. **Get domain name** (e.g., qbpos.prompttech.com)
2. **Add A record** in DNS provider:
- Type: A
- Name: qbpos (or @)
- Value: 192.168.10.130
- TTL: 3600
3. **Wait for propagation** (5-30 minutes)
4. **Verify**: `nslookup qbpos.prompttech.com`
5. **Run HTTPS setup**: `sudo bash setup_https.sh`
## Current Access URLs
- **HTTP (current)**: <http://192.168.10.130:8888/POS_Help.html>
- **Localhost**: <http://localhost:8888/POS_Help.html>
- **After DNS**: <http://yourdomain.com:8888/POS_Help.html>
- **After HTTPS**: <https://yourdomain.com/POS_Help.html>
## Backup Strategy
### Configuration Files
```bash
# Backup important files
mkdir -p ~/backups/qbpos_help
cp /home/pts/Documents/QBPOS_Help_Web/secure_production_server.py ~/backups/qbpos_help/
cp /etc/systemd/system/qbpos-help.service ~/backups/qbpos_help/
```
### Full Backup
```bash
tar -czf ~/qbpos_help_backup_$(date +%Y%m%d).tar.gz \
/home/pts/Documents/QBPOS_Help_Web/
```
## Support & Maintenance
- Server auto-restarts on failure (10 second delay)
- Server auto-starts on system reboot
- SSL certificates auto-renew (when HTTPS enabled)
- Logs rotate automatically via systemd
## Next Steps
1. ✅ Service installed and running
2. ⏳ Configure IP whitelist (edit ALLOWED_IPS)
3. ⏳ Set up firewall (UFW)
4. ⏳ Obtain domain name
5. ⏳ Configure DNS
6. ⏳ Enable HTTPS
For questions: Contact system administrator
Reference in New Issue View Git Blame Copy Permalink