From 9cfde53741767e20e885ba269353515917909bf1 Mon Sep 17 00:00:00 2001 From: Brian <213060881+brynsofz@users.noreply.github.com> Date: Wed, 17 Sep 2025 16:58:07 +0700 Subject: [PATCH 1/2] fix: add secure step in install basic --- install/basic/index.rst | 36 ++++++++++++++++++++++++++++++++++++ 1 file changed, 36 insertions(+) diff --git a/install/basic/index.rst b/install/basic/index.rst index cb655da0..fca8a8a1 100644 --- a/install/basic/index.rst +++ b/install/basic/index.rst @@ -373,4 +373,40 @@ You may want to provide your own certificates to GeoNode nginx -s reload exit +Fourth Step: Secure your production deployment +============================================== + +Once your GeoNode instance is running in production, it's crucial to secure it by changing default passwords and OAuth2 keys. + +Change Admin Passwords +^^^^^^^^^^^^^^^^^^^^^^^ + +1. **GeoNode Admin Password**: Change the default admin password by logging into your GeoNode instance at ``https://my_geonode.geonode.org/admin`` and updating the admin user password. + +2. **GeoServer Admin Password**: Update the GeoServer admin password by: + + - Logging into GeoServer at ``https://my_geonode.geonode.org/geoserver`` + - Going to :guilabel:`Security` > :guilabel:`Users, Groups, and Roles` > :guilabel:`Users/Groups` + - Changing the admin user password + +Update OAuth2 Keys +^^^^^^^^^^^^^^^^^^ + +Generate new OAuth2 client credentials for enhanced security: + +1. **Generate new OAuth2 credentials** in your ``.env`` file: + + .. code-block:: shell + + OAUTH2_CLIENT_ID=your_new_client_id + OAUTH2_CLIENT_SECRET=your_new_client_secret + +2. **Update GeoServer OAuth2 configuration** to match the new credentials. + +3. **Restart the containers** + + .. code-block:: shell + + docker-compose restart django + docker-compose restart geoserver From 0ab5609c9564276cac3b53f0acaf4481147c7d2a Mon Sep 17 00:00:00 2001 From: Brian <213060881+brynsofz@users.noreply.github.com> Date: Thu, 18 Sep 2025 12:53:43 +0700 Subject: [PATCH 2/2] fix: update Geonode OAuth2 configuration section --- install/basic/index.rst | 18 ++++++++++++++++-- 1 file changed, 16 insertions(+), 2 deletions(-) diff --git a/install/basic/index.rst b/install/basic/index.rst index fca8a8a1..a0c0391b 100644 --- a/install/basic/index.rst +++ b/install/basic/index.rst @@ -401,9 +401,23 @@ Generate new OAuth2 client credentials for enhanced security: OAUTH2_CLIENT_ID=your_new_client_id OAUTH2_CLIENT_SECRET=your_new_client_secret -2. **Update GeoServer OAuth2 configuration** to match the new credentials. +2. **Update GeoNode OAuth2 configuration**: -3. **Restart the containers** + - Log into your GeoNode admin panel at ``https://my_geonode.geonode.org/admin`` + - Navigate to :guilabel:`Django Oauth Toolkit` > :guilabel:`Applications` + - Find and edit the existing GeoServer application + - Update the :guilabel:`Client id` and :guilabel:`Client secret` to match your new ``.env`` values + - Save the changes + +3. **Update GeoServer OAuth2 configuration**: + + - Log into GeoServer at ``https://my_geonode.geonode.org/geoserver`` + - Go to :guilabel:`Security` > :guilabel:`Authentication` > :guilabel:`Authentication Filters` + - Edit the :guilabel:`geonode-oauth2` filter + - Update the :guilabel:`Client ID` and :guilabel:`Client Secret` to match your new ``.env`` values + - Save the changes + +4. **Restart the containers** .. code-block:: shell