Add configurable transport security profiles and bind address

Adds Security section to appsettings.json with configurable OPC UA transport profiles (None, Basic256Sha256-Sign, Basic256Sha256-SignAndEncrypt), certificate policy settings, and a configurable BindAddress for the OPC UA endpoint. Defaults preserve backward compatibility. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
2026-03-27 15:59:43 -04:00
parent bbd043e97b
commit 55173665b1
28 changed files with 1092 additions and 87 deletions
--- a/README.md
+++ b/README.md
@@ -52,7 +52,7 @@ dotnet build ZB.MOM.WW.LmxOpcUa.slnx
 dotnet run --project src/ZB.MOM.WW.LmxOpcUa.Host
 ```

-The server starts on `opc.tcp://localhost:4840/LmxOpcUa` with SecurityPolicy None.
+The server starts on `opc.tcp://localhost:4840/LmxOpcUa` with the `None` security profile by default. Configure `Security.Profiles` in `appsettings.json` to enable `Basic256Sha256-Sign` or `Basic256Sha256-SignAndEncrypt` for transport security. See [Security Guide](docs/security.md).

 ### Install as Windows service

@@ -140,6 +140,7 @@ gr/                      Galaxy repository docs, SQL queries, schema
 | [Status Dashboard](docs/StatusDashboard.md) | HTTP server, health checks, metrics reporting |
 | [Service Hosting](docs/ServiceHosting.md) | TopShelf, startup/shutdown sequence, error handling |
 | [CLI Tool](docs/CliTool.md) | Connect, browse, read, write, subscribe, historyread, alarms commands |
+| [Security](docs/security.md) | Transport security profiles, certificate trust, production hardening |

 ## Related Documentation