Production Deployment
For production environments, it is highly recommended to run VideoCMS behind a reverse proxy to handle SSL termination, compression, and static file serving.
Reverse Proxy Options
SSL Certificates
If you are not using Caddy (which handles SSL automatically) or Cloudflare, you must secure your instance with SSL.
- Certbot: Use
certboton your host machine to generate certificates for your domains. - Mount Certificates: Mount the certificate files into your Nginx container and update the Nginx config to listen on port 443 and use the certificates.
Mandatory Post-Deployment Security
Deploying the containers is only the first step. You must perform these actions immediately after your first login to ensure your server is not compromised.
1. Change Secret Keys
By default, the application might use insecure or placeholder keys for signing session tokens.
- Navigate to Settings (
/my/config). - Change
JwtSecretKeyandJwtUploadSecretKeyto long, random strings. - Restart the containers after saving.
2. Trust Reverse Proxy (IP Identification)
To ensure VideoCMS correctly identifies the visitor's IP address (important for logs and rate-limiting), you must enable TrustLocalTraffic in the settings.
- Navigate to Settings (
/my/config). - Set
TrustLocalTraffictotrue. - Without this, all users will appear to have the internal IP of your Caddy/Nginx container.
3. Change Admin Password
The default admin credentials (admin / 12345678) are public knowledge. Change them immediately upon your first login.
For a comprehensive list of security measures, including firewall configuration and secret key management, please refer to the Post-Installation Security guide.