Deployment Manual5 min readReviewed 2026-05-15

Security and Hardening

DeskDox production security should be implemented as layered controls across the network, host, container runtime, application configuration, database, storage, backup, integrations, and operations.

Core Security Position

Do not expose database, converter, worker, Docker daemon, or internal service ports publicly. The public surface should be limited to the approved DeskDox web endpoint and only the integration endpoints explicitly required by the deployment model.

Layered Security Model

LayerBaseline control
Network edgeFQDN, HTTPS/TLS, firewall restrictions, optional WAF or reverse proxy controls.
Host OSPatched OS, restricted admin access, endpoint protection, time sync, disk monitoring.
Docker runtimeApproved runtime version, restricted Docker access, controlled Compose files, restart policies.
ApplicationDEBUG=false, correct public URL, rate limiting, RBAC, audit logging, maintenance controls.
DatabaseInternal-only network access, strong credentials, backup coverage, restricted admin access.
StorageDurable paths, least-privilege filesystem permissions, antivirus/EDR compatibility, encryption where required.
IntegrationsLeast-privilege API keys, outbound allow-lists, credential rotation, vendor risk review.
OperationsMonitoring, log retention, patch cadence, backup review, escalation, change control.

TLS and HTTPS

Production DeskDox access should use HTTPS. HTTP should be redirected to HTTPS or restricted to internal health/implementation use. TLS certificate ownership, renewal, cipher policy, and HSTS configuration must follow the customer security standard.

Secrets Management

The following values must be treated as secrets:

  • JWT_SECRET_KEY
  • POSTGRES_PASSWORD
  • DATABASE_URL when it contains credentials
  • BACKUP_ENCRYPTION_KEY
  • SMTP passwords or tokens
  • WhatsApp access tokens and app secrets
  • OpenAI/Azure/OpenAI-compatible API keys
  • License or activation secrets where applicable

Environment files must be access-restricted. Secrets should not be pasted into tickets, screenshots, handover documents, or unsecured chat channels. Rotation procedures should be agreed for long-lived production deployments.

Database Isolation

PostgreSQL must remain internal-only. Remote database access, if required for DBA operations, must use a controlled administrative path such as VPN, bastion, restricted firewall rule, or approved database management plane. Public internet exposure of port 5432 is not acceptable.

Least Privilege Access

Least privilege applies to:

  • Host administrators.
  • Docker operators.
  • DeskDox application administrators.
  • Database administrators.
  • Backup operators.
  • Integration credential owners.

Application admin accounts should be named accounts where possible. Shared administrator accounts should be avoided or governed through a privileged-access process.

Auditability

Production readiness validation should confirm that representative login, document, sharing, admin, and workflow events are visible in audit/history views. Audit retention expectations must be reviewed because long retention windows affect database growth and reporting performance.

Admin Account Control

Initial administrator credentials must be rotated or transferred through an approved secure process after installation. Dormant, test, and implementation accounts should be disabled or removed before production handover.

Public Link Controls

Public document links, file requests, document email links, and password reset links depend on correct public URL configuration and token controls. Customers should review link expiry, recipient expectations, external access policy, and audit requirements before enabling public-facing document workflows.

Backup Encryption

Backups should be encrypted when handled by DeskDox backup tooling or stored outside protected infrastructure. The BACKUP_ENCRYPTION_KEY must be stored separately from the backup archive. Losing the key may make encrypted backups unrecoverable; exposing the key may compromise backup confidentiality.

Filesystem Permissions

Document storage, preview data, index data, backup paths, licensing files, and environment files should be restricted to the required service or administrator identities. On Windows, endpoint security exclusions must prevent file locking and quarantine without disabling monitoring. On Linux, SELinux/AppArmor policy interactions must be reviewed where enforcement is enabled.

Container Hardening

Production hardening should include:

  • Use only approved image tags.
  • Avoid uncontrolled latest usage unless deliberately used during a temporary implementation phase.
  • Restrict Docker socket exposure to components that genuinely require it.
  • Monitor container restarts and health status.
  • Keep host Docker runtime patched.
  • Prevent public access to Docker APIs.

Patching and Upgrade Cadence

Customer change management should define:

  • OS patch window.
  • Docker/runtime patch window.
  • DeskDox application upgrade window.
  • Backup taken before upgrades.
  • Rollback or restore plan.
  • Post-upgrade smoke test and handover note update.

Logging and Monitoring

Monitor application health, container state, CPU, RAM, disk, database availability, backup success, preview/index worker behavior, email failures, and integration errors. Logs should be retained according to customer policy and reviewed for sensitive data exposure.

Security Readiness Checks

Before go-live:

  • HTTPS is active on the production URL.
  • Placeholder secrets have been replaced.
  • Internal service ports are not publicly reachable.
  • Admin accounts are controlled.
  • Backup encryption key handling is documented.
  • Audit logging has been validated.
  • Security owner and residual risk notes are recorded where applicable.

Was this article helpful?

Related articles

Continue with closely related deployment manual guidance.