Enhanced secret generation in start.sh and cleaned up .env file

.DS_Store

# Environment files that might contain sensitive information (template provided instead)

.env

# Directories not needed for the package

CloudronPackage/

# Password for the 'elastic' user (at least 6 characters)

# Will be dynamically generated on first startup if empty

ELASTIC_PASSWORD=

# Password for the 'kibana_system' user (at least 6 characters)

# Will be dynamically generated on first startup if empty

KIBANA_PASSWORD=

# Version of Elastic products

STACK_VERSION=8.17.3

# Set the cluster name

CLUSTER_NAME=cloudron-cluster

# Set to 'basic' or 'trial' to automatically start the 30-day trial

LICENSE=basic

#LICENSE=trial

# Port to expose Elasticsearch HTTP API to the host

# For Cloudron, we always use 127.0.0.1 to ensure it's only accessible internally

ES_PORT=127.0.0.1:9200

# Increase or decrease based on the available host memory (in bytes)

MEM_LIMIT=1073741824

# Data directory for Cloudron

CLOUDRON_DATA_DIR=/app/data

 No newline at end of file

# Source environment variables

source /app/.env

# Set default variables if not provided

ELASTIC_PASSWORD=${ELASTIC_PASSWORD:-cloudron}

# Function to generate a random password

generate_password() {

    cat /dev/urandom | tr -dc 'a-zA-Z0-9' | fold -w 16 | head -n 1

}

# Generate a random password for Elasticsearch if not provided

if [ -z "$ELASTIC_PASSWORD" ]; then

    ELASTIC_PASSWORD=$(generate_password)

    # Save the password to the .env file

    sed -i "s/^ELASTIC_PASSWORD=.*/ELASTIC_PASSWORD=$ELASTIC_PASSWORD/" /app/.env

    echo "Generated new secure password for Elasticsearch user 'elastic'"

fi

# Generate a random password for Kibana if not provided

if [ -z "$KIBANA_PASSWORD" ]; then

    KIBANA_PASSWORD=$(generate_password)

    # Save the password to the .env file

    sed -i "s/^KIBANA_PASSWORD=.*/KIBANA_PASSWORD=$KIBANA_PASSWORD/" /app/.env

    echo "Generated new secure password for Elasticsearch user 'kibana_system'"

fi

# Set default variables

STACK_VERSION=${STACK_VERSION:-8.17.3}

CLUSTER_NAME=${CLUSTER_NAME:-cloudron-cluster}

LICENSE=${LICENSE:-basic}

ES_PORT=${ES_PORT:-127.0.0.1:9200}

# Ensure data directories exist

mkdir -p /app/data/elasticsearch

done

echo "Elasticsearch is up and running!"

# If kibana password is set, configure the kibana_system user

if [ ! -z "$KIBANA_PASSWORD" ]; then

    echo "Setting kibana_system user password..."

    until curl -s -X POST -u "elastic:${ELASTIC_PASSWORD}" -H "Content-Type: application/json" http://localhost:9200/_security/user/kibana_system/_password -d "{\"password\":\"${KIBANA_PASSWORD}\"}" | grep -q "^{}"; do

        echo "Waiting for Elasticsearch to be ready to set kibana_system password..."

        sleep 5

    done

    echo "kibana_system password set."

fi

# Display the credentials

echo "-----------------------------"

echo "Elasticsearch is ready to use!"

echo "URL: http://localhost:9200"

echo ""

echo "Authentication credentials:"

echo "  User: elastic"

echo "  Password: $ELASTIC_PASSWORD"

if [ ! -z "$KIBANA_PASSWORD" ]; then

    echo ""

    echo "Kibana system credentials:"

    echo "  User: kibana_system"

    echo "  Password: $KIBANA_PASSWORD"

fi

echo "-----------------------------"

# Create a credentials file for reference

cat > /app/data/credentials.txt << EOL

Elasticsearch credentials:

URL: http://localhost:9200

User: elastic

Password: $ELASTIC_PASSWORD

Kibana system credentials:

User: kibana_system

Password: $KIBANA_PASSWORD

EOL

echo "Credentials saved to /app/data/credentials.txt"

# Keep script running

exec tail -f /dev/null 

 No newline at end of file