summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--README.md13
1 files changed, 13 insertions, 0 deletions
diff --git a/README.md b/README.md
index d681d86..de4c1e8 100644
--- a/README.md
+++ b/README.md
@@ -22,3 +22,16 @@ In order for TFTP requests to find their way back to the running container, you
```
echo "dispatcher_ip: <master host ip" > /etc/lava-server/dispatcher.d/<lava-master-hostname>.yaml
```
+
+## Security
+Note that this container provides defaults which are unsecure. If you plan on deploying this in a production enviroment please consider the following items:
+
+ * Changing the default admin password
+ * Using HTTPS
+
+Secure CSRF tokens are disabled as the container uses HTTP by default. To use SSL with this container you will need to remove the following lines from your ```/etc/lava-server/settings.conf```
+
+```
+ "CSRF_COOKIE_SECURE": false,
+ "SESSION_COOKIE_SECURE": false,
+```