Download Schedule Demo
Home / On-Premise / Advanced Setup Guide

Advanced Setup Guide

Configure the Forensic OSINT backend for secure organizational environments

securitySecurity Guide
timer10 min read

This guide provides advanced instructions for setting up the Forensic OSINT backend in environments with strict security policies. It is designed for organizations that need to install the backend within their internal network while ensuring secure communication.

Prerequisites

checklist Requirements

  • Internal Network: The backend should be installed on an internal network server that is not exposed to the public internet.
  • Firewall Access: You will need to configure your firewall to allow communication between the Chrome Extension and the backend.
  • Static IP or Internal Domain: Assign a static IP address or internal domain name to the backend server for consistent access.

Configuring the Backend for Secure Access

For organizations with strict security policies, the backend must be installed on a server that is part of your internal network. This ensures that sensitive data and captures are stored securely and only accessible within the organization's trusted network.

The Chrome Extension, which operates on computers with internet access, will need to communicate with the backend. Here's how to ensure secure communication:

1

Firewall Configuration

To allow the Chrome Extension to communicate with the backend server, configure your firewall to allow traffic:

  • Open the required ports on the server:
    • Port 65200 – Main API endpoint
    • Port 65201 – Public Admin service
    • Port 1433 – SQL Server (only if external DB access is needed)
  • Restrict traffic to only allow requests from trusted internal IP addresses or specific devices where the Chrome Extension is installed.
  • Use SSL/TLS encryption to secure communication between the frontend and backend (highly recommended).
lightbulb

SSL/TLS: For details on enabling HTTPS for the backend, refer to the SSL Setup Guide.

2

Assign a Static IP or Internal Domain

To simplify access to the backend within your network, assign a static IP address or configure an internal domain name for the backend server.

Static IPEnsure the backend server is assigned a static IP within your internal network. This IP should be configured in the Chrome Extension settings.
Internal DomainIf your organization uses internal DNS, set up a domain (e.g., backend.organization.local) that maps to the backend server's IP address.
3

Updating the Chrome Extension Settings

Once the backend server is set up and secured, update the Chrome Extension settings on each user's machine to point to the correct backend URL:

  1. Open the Forensic OSINT Chrome Extension.
  2. Go to Settings > Utilities.
  3. Enable the Sync API and update the Backend URL.

Example URLs:

http://backend.organization.local:65200

If using SSL/TLS:

https://backend.organization.local:65200
article
Connect to On-Prem or Single-Tenant (Private) Backend Server

Detailed step-by-step instructions for configuring the Chrome Extension.

storage

Using an Existing SQL Server

If your organization already runs SQL Server, you can connect directly to your existing instance instead of using the containerized database.

Requirements

  • SQL Server 2019 or later (any edition)
  • Full-Text Search feature installed and enabled
  • Network access from the Docker host to your SQL Server

The application will create the database and schema automatically on first run – no manual database setup is needed.

Configuration Steps

  1. Open the .env file and uncomment the DATABASE_CONNECTION_STRING line.
  2. Edit the connection string with your server address, credentials, and database name.
  3. Comment out or remove the osintDb service from both docker-compose.yml and docker-compose.override.yml.
  4. Remove osintDb from the depends_on list in the osintCmsServerSync service.
DATABASE_CONNECTION_STRING=Server=your-server.local,1433;Database=Osint;User=sa;Password=YourPassword;TrustServerCertificate=true;
info

Note: Only Microsoft SQL Server is supported. PostgreSQL, MySQL, and other database engines are not compatible.

Security Best Practices

To ensure the security of the backend and frontend communication, follow these best practices:

lock

Enable SSL/TLS

Use SSL/TLS to encrypt communication between the Chrome Extension and the backend server. This protects data in transit.

shield

Limit Access

Restrict access to the backend server by only allowing traffic from trusted internal IP addresses or devices.

fact_check

Regular Audits

Perform regular audits of your network and firewall configurations to ensure no unauthorized access is allowed.

system_update

Keep Updated

Regularly update both Docker and the backend software to protect against security vulnerabilities.

help_outline

Need help with advanced configuration?

Contact our support team for assistance with your deployment.

Contact Support →

Ready to install?

Follow the main installation guide to get started.

Installation Guide →Browse On-Premise Documentation →

Minimum Requirements:

  • 8 Characters
  • 1 Upper
  • 1 Lower
  • 1 Digit