Security Considerations
Securing your installation is crucial, especially if you plan to make it accessible beyond your local network.
Choose one of these methods to set secure credentials:
-
JWT key: Automatically rotated at each startup if not provided
-
JSON In the UIMod folder, edit
config.jsonto add users manually (requires hashed creds as a json map) or use /adduser (or /changeuser in never versions)
-
Firewall Configuration
- Only open the necessary ports (27015, 27016 for the game server)
- Keep the web UI port (8443) restricted to best practices
- Consider using Windows Firewall or iptables (Linux) to restrict access
-
Reverse Proxy Setup
- If you need remote access to the web UI, set up a reverse proxy with:
- (Traefik - might be worth checking out!)
- Rate limiting to prevent brute force attacks
- If you need remote access to the web UI, set up a reverse proxy with:
-
Discord Integration
- Keep your Discord bot token secure
- Use Discord's role-based permissions to restrict command access
- Only give administrative command access to trusted users
If using Docker:
-
Container Isolation
- Don't run containers with
--privilegedflag - Use volume mounts instead of bind mounts where possible
- Don't run containers with
-
Network Configuration
- Use Docker's network controls to limit container access
- Configuration - Review proper Configuration procedures
- Docker Guide - Secure containerized deployment
