Configuration & Security

This page covers initial setup, security recommendations, and the core configuration areas for the RTFMv2 Server.

Initial Setup

On first run, the server will guide you through initial configuration:

  1. Create Admin Account: Set up the first administrative user
  2. Configure Database: SQLite by default
  3. SSL Certificates (Optional): Upload TLS certificates for HTTPS
  4. AI Configuration (Optional): Connect to OpenAI-compatible APIs

Installation and Updates

On Windows, install the server by running the current RTFMv2 Server installer and following the setup wizard.

On Linux, install the server package with apt from the directory containing the downloaded .deb file:

sudo apt install ./RTFMServerSetup.deb

To force a reinstall or apply a refreshed local package over an existing install:

sudo apt install --reinstall ./RTFMServerSetup.deb

After installation, open the configured server URL in a browser and complete the first-run setup.

System Requirements

  • Platform: Windows, Linux
  • Runtime: .NET 8.0 or higher (the installer will have the runtime included)
  • Database: SQLite (included)
  • Memory: 2GB RAM minimum, 4GB recommended
  • Storage: Varies based on session data and uploaded files

Security & Authentication

  • JWT Authentication: Secure API access with JSON Web Tokens
  • Cookie-based Auth: Session-based authentication for web interface
  • Identity Framework: Built on ASP.NET Core Identity for user management
  • TLS Support: HTTPS encryption with certificate management
  • Session Isolation: Users only see sessions they have permission to access

TLS Certificate Creation & Deployment

Use the built-in certificate workflow to create and deploy TLS for secure HTTPS access.

  • Generate a new certificate for your server
  • Assign the certificate to the HTTPS endpoint
  • Validate the deployment before going live

Security Considerations

  • Change Default JWT Secret: Update the JWT signing key in production
  • Use HTTPS: Configure TLS certificates for production deployments
  • Regular Backups: Back up the database regularly
  • Access Control: Carefully manage user permissions and session access
  • Update Dependencies: Keep framework and libraries up to date

Configuration

Key configuration settings in appsettings.json:

  • Database Connection: Connection string configuration
  • JWT Settings: Issuer, audience, and signing key
  • AI Configuration: API endpoints and keys
  • File Upload Paths: Storage locations for uploaded files
  • Session Timeout: Configure session expiration

Integration Points

The server integrates with other RTFMv2 components:

  • RTFMv2 Console: Upload logs, commands, and data to server sessions
  • RTFMv2 GUI: Synchronize findings and session data
  • External Tools: Import data from scanners and security tools
  • AI Services: Connect to OpenAI or compatible APIs