Configuration & Security

This page covers initial setup, security recommendations, and the core configuration areas for the RTFMv2 Server.

Initial Setup

On first run, the server will guide you through initial configuration:

  1. Create Admin Account: Set up the first administrative user
  2. Configure Database: SQLite by default
  3. SSL Certificates (Optional): Upload TLS certificates for HTTPS
  4. AI Configuration (Optional): Connect to OpenAI-compatible APIs

System Requirements

  • Platform: Windows, Linux
  • Runtime: .NET 8.0 or higher (the installer will have the runtime included)
  • Database: SQLite (included)
  • Memory: 2GB RAM minimum, 4GB recommended
  • Storage: Varies based on session data and uploaded files

Security & Authentication

  • JWT Authentication: Secure API access with JSON Web Tokens
  • Cookie-based Auth: Session-based authentication for web interface
  • Identity Framework: Built on ASP.NET Core Identity for user management
  • TLS Support: HTTPS encryption with certificate management
  • Session Isolation: Users only see sessions they have permission to access

TLS Certificate Creation & Deployment

Use the built-in certificate workflow to create and deploy TLS for secure HTTPS access.

  • Generate a new certificate for your server
  • Assign the certificate to the HTTPS endpoint
  • Validate the deployment before going live

Security Considerations

  • Change Default JWT Secret: Update the JWT signing key in production
  • Use HTTPS: Configure TLS certificates for production deployments
  • Regular Backups: Back up the database regularly
  • Access Control: Carefully manage user permissions and session access
  • Update Dependencies: Keep framework and libraries up to date

Configuration

Key configuration settings in appsettings.json:

  • Database Connection: Connection string configuration
  • JWT Settings: Issuer, audience, and signing key
  • AI Configuration: API endpoints and keys
  • File Upload Paths: Storage locations for uploaded files
  • Session Timeout: Configure session expiration

Integration Points

The server integrates with other RTFMv2 components:

  • RTFMv2 Console: Upload logs, commands, and data to server sessions
  • RTFMv2 GUI: Synchronize findings and session data
  • External Tools: Import data from scanners and security tools
  • AI Services: Connect to OpenAI or compatible APIs