web: count.ly twitter: @gocountly 2
This guide will give you information about following items:
1. Installation and upgrade
2. Ports & using a firewall
3. API key & APP key
4. Using HTTPS
5. Other security related measures
Installation & upgrade
web: count.ly twitter: @gocountly 3
• Installation is done automatically using an installer
• Installer downloads dependencies from Ubuntu or Red Hat repositories.
• Installer is not bundled with a 3rd party package, instead downloads latest
packages to maximize dependability and security.
• Upgrades are done by:
• Upgrading core Countly Enterprise Edition
• Upgrading Mongodb, Node.js and Nginx
• Upgrading Node.js modules
Ports & using a firewall
web: count.ly twitter: @gocountly 4
• Countly nodes need 80 (http), 443 (https), 53 (DNS) and 25 (mail) ports to be open.
• MongoDB requires 27017 port to be open (for replica set).
For all MongoDB ports see this link.
• Linux iptables can be used to block all ports but 80, 443, 53 and 25.
web: count.ly twitter: @gocountly 5
● Username and password combination
○ Used to access dashboard through user account
● API key
○ Used to access Countly REST API.
○ Is tied to specific account and grants same read/write permission that account has
● Using APP key
○ SDK connects to server using APP key
○ Can only insert information about this specific app
● For more information about Countly REST API, see this link.
web: count.ly twitter: @gocountly 6
● Global admin
○ Has read and write access to all apps stored on the server
● App Admin
○ Has read and write access only to specific apps
● App User
○ Has read access only to specific apps
● Same account can have different access (admin and user) to different apps
● Each user can be limited to only some selected dashboard views.
web: count.ly twitter: @gocountly 7
● By default Countly runs on HTTP
● Nginx configuration should be modified for HTTPS
● HTTPS configuration servers two purposes:
○ Let dashboard users connect using SSL
○ Let devices connect using SSL (if device is capable).
● For more information and configuration options, see this link.
Other security related measures
web: count.ly twitter: @gocountly 8
• Encrypted passwords: Passwords are SHA1 hash based message authentication code
with timestamp salt
• Auto logoff: User is logged out after a configurable amount of time (30min by default)
• Login monitoring: All logins are stored and can be monitored in real time via dashboard.
• This includes:
• User’s login information
• Password reset information
• App (create,update,reset,delete) events
• User (create, update, delete) events