Bezpečný Redmine Server - Bezpečnostní tipy pro vaši webovou aplikaci.

Data security always matters for all types of organizations and software. For a long time, data security is also one of the most discussed business topics. The more advanced technology we use, the higher the level of data and application protection is generally expected and needed. So why underestimate risks if there is an easy solution for your Redmine? Secure your business with Easy Redmine today. Here's how.

Start Free Trial
& secure your Redmine today

1. Use HTTPS connection

• Create a self-signed certificate or buy a trusted one. Instruction on how to create a self-signed certificate can be found here.
• Set up your web-server to hold a secured connection properly. Fully restrict requests from 80 or 8080 ports or set up proper routing of them to a secure port. Detailed instructions for secure Nginx configuration are available directly in the Easy Redmine installation package under doc/INSTALL.
• In your (Easy) Redmine settings (Administration >> Settings), set up the correct protocol type (HTTPS). It's a very important but often missed point. Please remember that not all Redmine plugins use correct routes from the system. Some of them look only for this specific setting to define what protocol should be used. It is not correct, but it happens. So it is better to be sure the protocol will be always HTTPS.
• To verify the quality of your SSL configuration, you can use tools such as this one.
• If there are any images or other data that you take from other sites (for example, logos, image sources), be sure they use HTTPS protocol as well. Otherwise, it can theoretically cause an obscure breach in your system. You may easily check if everything is ok with your site or not. If there are any sources from HTTP, your browser will highlight your protocol with red color and sometimes it can be crossed out. But overall, this last point is mostly about the education and discipline of your users. Some things can not be forced.

2. Check and divide permissions

• Make sure your application is not running from the root (at least folders public, tmp, files, log). We strongly recommend that the whole application + ruby is installed from a specific user.
• Make sure you don't have permissions like 777 for any application folder. Optimal permissions are 755 or for some files 644.

3. Keep non-used ports closed

• Ask your system administrators or hosting providers to close all non-used ports. Open them only in case you need to update the system, ruby or application.

4. Use strong passwords

• Make sure you don't use the same password for your root server user, root database user, application server user, database application user, and admin or any other user inside your application.
• All passwords should be different, long enough - at least 15 symbols, containing letters, numbers and special symbols...or simply just long. Don't fall into a state of lethargy and make sure you change passwords at least inside the application at least every 6 months.
• More about passwords and authentication in Easy Redmine is presented in our past GDPR webinar (below) and the knowledge base.

5. Update your server and application regularly

• It's very important to keep everything up to date. The world is changing every day. The IT world is changing even quicker.
• Every day new weaknesses are found and new safety protocols are created. If you use outdated applications - you increase the risk of attacks or scams through your server. When is the last time you updated your RubyGems?

6. Be careful with uploaded files

• We recommend you to define file extensions that are allowed to be uploaded to your server. You may do it both from your web-server, or from inside (Easy) Redmine (Administration >> Settings >> Files). How to restrict or allow specific file extensions in Nginx you may find here. If you have settings on both at the same time, web-server wins.
• Another option is to deploy an antivirus to check all uploaded files on the server. One free option is ClamAV.

To není všechno...

Tyto tipy jsou minimem, které umožňuje Redmine adminovi spát klidně - aplikace je bezpečná. Nicméně, pokud je to potřeba, můžete přidat další vrstvy ochrany (proxy, reverzní proxy, VPN, IP filtr atd.).

Můžeme vzít na sebe odpovědnost za celkovou bezpečnost serveru a implementovat pro vás řadu dalších bezpečnostních opatření na Redmine Private Cloud. Pokud máte nějaké dotazy, kontaktujte nás. Díky Easy Redmine zajistěte, aby byl váš Redmine správně zabezpečen.