The Cyphon project is provided as open-source software, and we encourage you to report any security bugs, configuration issues, or comments related to Cyphon, Cyclops, or Cyphondock. We’re extremely thankful for responsible security researchers that report vulnerabilities to us. To make a report, please email us with the full details, including steps to reproduce the issue.
We recommend that you follow security best practices when running Cyphon. Please consult the official documentation of any open source or commercially available products that are used as a component of (or are integrated with) Cyphon, and follow their recommended security practices. This disclaimer also applies to outside APIs, operating systems, or virtualization technologies.
Cyphon environment file¶
cyphondock/config/env/cyphon.env file contains default usernames and passwords for:
Please change these values to secure your instance.
Cyphon configuration file¶
cyphondock/config/cyphon/settings/conf.py file contains default usernames and passwords for:
If you’re not setting these values through environment variables in the Cyphon environment file, you should change the default values in
You should also change the Django
SECRET_KEY to something unique. See the instructions on configuring Django for details.
Cyphondock’s Docker Compose files for the production environment open the following ports on the host machine:
|80||TCP (HTTP)||Cyphon - Nginx proxy|
|443||TCP (HTTPS)||Cyphon - Nginx proxy|
|5601||TCP||Kibana - Nginx proxy|
|15672||TCP||RabbitMQ management - Nginx proxy|
Please restrict external access to these ports.
Running Cyphon with SSL through Nginx¶
You may wish to run Cyphon with SSL to secure connections. Cyphondock makes this easy by providing an alternate Nginx configuration file at
cyphondock/config/nginx/nginx.conf.ssl that can be used to get started quickly. Placeholder files for SSL certificates and private keys are also provided. You can choose to use self-signed certificates or use certificates signed by a trusted certificate authority.
Assuming you already have an SSL certificate and private key, copy their contents into the placeholder files provided:
$ cd /opt/cyphon/cyphondock/config/nginx $ cp /path/to/your/certificate ssl.crt $ cp /path/to/your/private/key ssl.key
Then, copy the provided
nginx.conf.ssl to be the main Nginx configuration file:
$ cp nginx.conf.ssl nginx.conf
Finally, restart the Nginx Docker container or the entire Docker-Compose:
$ docker-compose restart