diff --git a/config.template.yaml b/config.template.yaml index a6fd293..dbf5f34 100644 --- a/config.template.yaml +++ b/config.template.yaml @@ -4,7 +4,7 @@ server: baseURL: "%%APP_ORIGIN%%" cors: origins: ["%%APP_ORIGIN%%"] - sessionSecret: "$(openssl rand -hex 32)" + sessionSecret: "%%SESSION_SECRET%%" database: host: "%%POSTGRESQL_HOST%%" @@ -41,9 +41,9 @@ email: name: "%%MAIL_FROM_DISPLAY_NAME%%" auth: - jwtSecret: "$(openssl rand -hex 32)" + jwtSecret: "%%JWT_SECRET%%" tokenExpiry: 86400 - sessionSecret: "$(openssl rand -hex 32)" + sessionSecret: "%%SESSION_SECRET%%" logging: level: "info" @@ -51,7 +51,7 @@ logging: # Additional settings based on Museum requirements keygen: - master: "$(openssl rand -hex 32)" + master: "%%MASTER_KEY%%" payments: enabled: false diff --git a/start.sh b/start.sh index f9b3017..ed275c9 100644 --- a/start.sh +++ b/start.sh @@ -3,7 +3,7 @@ set -eu # Create necessary directories -mkdir -p /app/data/config /app/data/storage /app/data/nginx/tmp +mkdir -p /app/data/config /app/data/storage /app/data/nginx/tmp /app/data/go echo "==> DEBUG: Full repository structure at /app/code" find /app/code -type d -maxdepth 3 -not -path "*/node_modules/*" -not -path "*/\.*" | sort @@ -31,6 +31,11 @@ fi if [[ ! -f /app/data/config/config.yaml ]]; then echo "==> First run - creating configuration template" + # Generate random secrets + JWT_SECRET=$(openssl rand -hex 32) + SESSION_SECRET=$(openssl rand -hex 32) + MASTER_KEY=$(openssl rand -hex 32) + # Replace variables in template for things we know sed \ -e "s|%%POSTGRESQL_HOST%%|${CLOUDRON_POSTGRESQL_HOST}|g" \ @@ -45,6 +50,9 @@ if [[ ! -f /app/data/config/config.yaml ]]; then -e "s|%%MAIL_SMTP_PASSWORD%%|${CLOUDRON_MAIL_SMTP_PASSWORD}|g" \ -e "s|%%MAIL_FROM%%|${CLOUDRON_MAIL_FROM}|g" \ -e "s|%%MAIL_FROM_DISPLAY_NAME%%|${CLOUDRON_MAIL_FROM_DISPLAY_NAME}|g" \ + -e "s|%%JWT_SECRET%%|${JWT_SECRET}|g" \ + -e "s|%%SESSION_SECRET%%|${SESSION_SECRET}|g" \ + -e "s|%%MASTER_KEY%%|${MASTER_KEY}|g" \ /app/pkg/config.template.yaml > /app/data/config/config.yaml # Create an S3 configuration file template @@ -273,6 +281,10 @@ fi # Change to server directory cd "$SERVER_DIR" +# Set Go module cache to a writable location +export GOPATH=/app/data/go +export GO111MODULE=on + # Set up database environment variables export ENTE_DB_USER="${CLOUDRON_POSTGRESQL_USERNAME}" export ENTE_DB_PASSWORD="${CLOUDRON_POSTGRESQL_PASSWORD}"