Fix GOPATH permissions and properly generate random secrets
This commit is contained in:
Andreas Düren
parent
c2a2fab3b0
commit
3558003bf1
@ -4,7 +4,7 @@ server:
|
||||
baseURL: "%%APP_ORIGIN%%"
|
||||
cors:
|
||||
origins: ["%%APP_ORIGIN%%"]
|
||||
sessionSecret: "$(openssl rand -hex 32)"
|
||||
sessionSecret: "%%SESSION_SECRET%%"
|
||||
|
||||
database:
|
||||
host: "%%POSTGRESQL_HOST%%"
|
||||
@ -41,9 +41,9 @@ email:
|
||||
name: "%%MAIL_FROM_DISPLAY_NAME%%"
|
||||
|
||||
auth:
|
||||
jwtSecret: "$(openssl rand -hex 32)"
|
||||
jwtSecret: "%%JWT_SECRET%%"
|
||||
tokenExpiry: 86400
|
||||
sessionSecret: "$(openssl rand -hex 32)"
|
||||
sessionSecret: "%%SESSION_SECRET%%"
|
||||
|
||||
logging:
|
||||
level: "info"
|
||||
@ -51,7 +51,7 @@ logging:
|
||||
|
||||
# Additional settings based on Museum requirements
|
||||
keygen:
|
||||
master: "$(openssl rand -hex 32)"
|
||||
master: "%%MASTER_KEY%%"
|
||||
|
||||
payments:
|
||||
enabled: false
|
||||
|
||||
14
start.sh
14
start.sh
@ -3,7 +3,7 @@
|
||||
set -eu
|
||||
|
||||
# Create necessary directories
|
||||
mkdir -p /app/data/config /app/data/storage /app/data/nginx/tmp
|
||||
mkdir -p /app/data/config /app/data/storage /app/data/nginx/tmp /app/data/go
|
||||
|
||||
echo "==> DEBUG: Full repository structure at /app/code"
|
||||
find /app/code -type d -maxdepth 3 -not -path "*/node_modules/*" -not -path "*/\.*" | sort
|
||||
@ -31,6 +31,11 @@ fi
|
||||
if [[ ! -f /app/data/config/config.yaml ]]; then
|
||||
echo "==> First run - creating configuration template"
|
||||
|
||||
# Generate random secrets
|
||||
JWT_SECRET=$(openssl rand -hex 32)
|
||||
SESSION_SECRET=$(openssl rand -hex 32)
|
||||
MASTER_KEY=$(openssl rand -hex 32)
|
||||
|
||||
# Replace variables in template for things we know
|
||||
sed \
|
||||
-e "s|%%POSTGRESQL_HOST%%|${CLOUDRON_POSTGRESQL_HOST}|g" \
|
||||
@ -45,6 +50,9 @@ if [[ ! -f /app/data/config/config.yaml ]]; then
|
||||
-e "s|%%MAIL_SMTP_PASSWORD%%|${CLOUDRON_MAIL_SMTP_PASSWORD}|g" \
|
||||
-e "s|%%MAIL_FROM%%|${CLOUDRON_MAIL_FROM}|g" \
|
||||
-e "s|%%MAIL_FROM_DISPLAY_NAME%%|${CLOUDRON_MAIL_FROM_DISPLAY_NAME}|g" \
|
||||
-e "s|%%JWT_SECRET%%|${JWT_SECRET}|g" \
|
||||
-e "s|%%SESSION_SECRET%%|${SESSION_SECRET}|g" \
|
||||
-e "s|%%MASTER_KEY%%|${MASTER_KEY}|g" \
|
||||
/app/pkg/config.template.yaml > /app/data/config/config.yaml
|
||||
|
||||
# Create an S3 configuration file template
|
||||
@ -273,6 +281,10 @@ fi
|
||||
# Change to server directory
|
||||
cd "$SERVER_DIR"
|
||||
|
||||
# Set Go module cache to a writable location
|
||||
export GOPATH=/app/data/go
|
||||
export GO111MODULE=on
|
||||
|
||||
# Set up database environment variables
|
||||
export ENTE_DB_USER="${CLOUDRON_POSTGRESQL_USERNAME}"
|
||||
export ENTE_DB_PASSWORD="${CLOUDRON_POSTGRESQL_PASSWORD}"
|
||||
|
||||
Loading…
x
Reference in New Issue
Block a user