Security Configuration
Helix comes with reasonable security defaults, but you should consider the following for production deployments:
Network Security
- Restrict access to the API port (default 8080) using firewall rules
- Use HTTPS in production with valid certificates
- Consider placing Helix behind a reverse proxy like Nginx or Caddy
Authentication
- Change default passwords immediately after installation
- Use strong, unique passwords for all accounts
- Enable two-factor authentication where possible
- Regularly rotate API keys and tokens
Data Protection
- Regularly backup your data and test restoration procedures
- Encrypt sensitive data at rest
- Monitor access logs for suspicious activity
- Apply security updates promptly
Container Security
- Run containers with non-root users where possible
- Regularly update base images
- Scan images for vulnerabilities
- Limit container privileges and capabilities
For more detailed security guidance, refer to the Security Best Practices documentation.