Security Considerations

This section outlines important security considerations for your production deployment of oryelle. While not exhaustive, these recommendations focus specifically on securing your oryelle instance and complement the guidance provided in our documentation.

Reverse Proxy Configuration

• Ensure proper configuration of proxy headers (X-Forwarded-For, X-Forwarded-Host, and X-Forwarded-Proto)
• Implement robust SSL/TLS security settings
• Deploy and configure firewall protection at or before the reverse proxy layer
  • Implement rate limiting (especially for the login endpoint /api/v1/auth/login). oryelle does not by default implement rate limiting!

Docker Compose Security

• Restrict internet access to only containers that require it
• Implement network segmentation between containers that don't need to communicate
• Remove unnecessary container capabilities
• Utilize a dedicated secrets management solution
• Set appropriate resource limits for all containers

oryelle Backend Security

• Properly configure all environment variables, with particular attention to:
  • Session secret configuration
  • Cookie-related settings (Reference our detailed start guide for specific configuration requirements)

Security Information and Event Management (SIEM)

• Enable and forward oryelle backend security logs (when log files are enabled) to your SIEM system
• Configure log forwarding from all other system components to your SIEM

Model Context Protocol (MCP) Server Security

• Verify security measures for all integrated MCP Servers, including:
  • Proper authorization mechanisms
  • Comprehensive access control checks

Need expert guidance on securing your deployment? Our consulting services can help ensure your oryelle instance meets the highest security standards.