Security

reCaptcha Support

HollaEx Kit provides Google reCaptcha support to protect the exchange from malicious access. You should issue your own reCaptcha key and apply it. By default, HollaEx Kit provides demo reCaptcha key, but you must get your own key before bringing up the exchange to production. Demo key is not safe.

Please follow this link to issue reCaptcha key.

Once you get a key, run hollaex setup --reconfigure and hollaex restart to apply the key to HollaEx Kit. For web client, you should run hollaex web --rebuild and hollaex web --restart to rebuild the web client image with reCaptcha key changes.

User provided reCaptcha keys will be stored at settings/configmap and settings/secret files.

Auto generated passwords

For certain values, HollaEx Kit automatically generates and provides it by default.

- HOLLAEX_SECRET_SUPERVISOR_PASSWORD
- HOLLAEX_SECRET_SUPPORT_PASSWORD
- HOLLAEX_SECRET_KYC_PASSWORD
- HOLLAEX_SECRET_QUICK_TRADE_SECRET
- HOLLAEX_SECRET_SECRET

Secrets will be generated during the hollaex setup process. You can see the generated values on settings/secret file later. These values should not be modified by user. Please keep them safe.

SSL for the exchange

SSL / HTTPS support is very important to keep the service safe and sound, especially for something related with finance. HollaEx Kit provides easy way to issue SSL certificate by using a single command below.

hollaex toolbox (-issue_ssl / --renew_ssl)

This command will both issue and renew SSL certificate by using Let's Encrypt and Certbot. By default, Certbot will use http-01 method to issue SSL. If you are not able to use http-01, please check the Certbot docs to find a perfect verification method for your environment.

SSL certificate issued by Let's Encrypt will expire after 3 months it get issued. Make sure to run hollaex toolbox --renew_ssl to renew your certificate before it get expired. We recommend you to set some sort of automation job by using crontab or similar tool. Adding --skip flag would prevent HollaEx CLI to ask your confirm so would be useful to use it with automated crontab.