andreas/ente-cloudron
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Fix GOPATH permissions and properly generate random secrets

Browse Source
This commit is contained in:
Andreas Düren 2025-03-14 22:24:26 +01:00
parent c2a2fab3b0
commit 3558003bf1
2 changed files with 17 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
config.template.yaml
View File

@ -4,7 +4,7 @@ server:
baseURL: "%%APP_ORIGIN%%" baseURL: "%%APP_ORIGIN%%"
cors: cors:
origins: ["%%APP_ORIGIN%%"] origins: ["%%APP_ORIGIN%%"]
sessionSecret: "$(openssl rand -hex 32)" sessionSecret: "%%SESSION_SECRET%%"
database: database:
host: "%%POSTGRESQL_HOST%%" host: "%%POSTGRESQL_HOST%%"
@ -41,9 +41,9 @@ email:
name: "%%MAIL_FROM_DISPLAY_NAME%%" name: "%%MAIL_FROM_DISPLAY_NAME%%"
auth: auth:
jwtSecret: "$(openssl rand -hex 32)" jwtSecret: "%%JWT_SECRET%%"
tokenExpiry: 86400 tokenExpiry: 86400
sessionSecret: "$(openssl rand -hex 32)" sessionSecret: "%%SESSION_SECRET%%"
logging: logging:
level: "info" level: "info"
@ -51,7 +51,7 @@ logging:
# Additional settings based on Museum requirements # Additional settings based on Museum requirements
keygen: keygen:
master: "$(openssl rand -hex 32)" master: "%%MASTER_KEY%%"
payments: payments:
enabled: false enabled: false

14
start.sh
View File

@ -3,7 +3,7 @@
set -eu set -eu
# Create necessary directories # Create necessary directories
mkdir -p /app/data/config /app/data/storage /app/data/nginx/tmp mkdir -p /app/data/config /app/data/storage /app/data/nginx/tmp /app/data/go
echo "==> DEBUG: Full repository structure at /app/code" echo "==> DEBUG: Full repository structure at /app/code"
find /app/code -type d -maxdepth 3 -not -path "*/node_modules/*" -not -path "*/\.*" | sort find /app/code -type d -maxdepth 3 -not -path "*/node_modules/*" -not -path "*/\.*" | sort
@ -31,6 +31,11 @@ fi
if [[ ! -f /app/data/config/config.yaml ]]; then if [[ ! -f /app/data/config/config.yaml ]]; then
echo "==> First run - creating configuration template" echo "==> First run - creating configuration template"
# Generate random secrets
JWT_SECRET=$(openssl rand -hex 32)
SESSION_SECRET=$(openssl rand -hex 32)
MASTER_KEY=$(openssl rand -hex 32)
# Replace variables in template for things we know # Replace variables in template for things we know
sed \ sed \
-e "s|%%POSTGRESQL_HOST%%|${CLOUDRON_POSTGRESQL_HOST}|g" \ -e "s|%%POSTGRESQL_HOST%%|${CLOUDRON_POSTGRESQL_HOST}|g" \
@ -45,6 +50,9 @@ if [[ ! -f /app/data/config/config.yaml ]]; then
-e "s|%%MAIL_SMTP_PASSWORD%%|${CLOUDRON_MAIL_SMTP_PASSWORD}|g" \ -e "s|%%MAIL_SMTP_PASSWORD%%|${CLOUDRON_MAIL_SMTP_PASSWORD}|g" \
-e "s|%%MAIL_FROM%%|${CLOUDRON_MAIL_FROM}|g" \ -e "s|%%MAIL_FROM%%|${CLOUDRON_MAIL_FROM}|g" \
-e "s|%%MAIL_FROM_DISPLAY_NAME%%|${CLOUDRON_MAIL_FROM_DISPLAY_NAME}|g" \ -e "s|%%MAIL_FROM_DISPLAY_NAME%%|${CLOUDRON_MAIL_FROM_DISPLAY_NAME}|g" \
-e "s|%%JWT_SECRET%%|${JWT_SECRET}|g" \
-e "s|%%SESSION_SECRET%%|${SESSION_SECRET}|g" \
-e "s|%%MASTER_KEY%%|${MASTER_KEY}|g" \
/app/pkg/config.template.yaml > /app/data/config/config.yaml /app/pkg/config.template.yaml > /app/data/config/config.yaml
# Create an S3 configuration file template # Create an S3 configuration file template
@ -273,6 +281,10 @@ fi
# Change to server directory # Change to server directory
cd "$SERVER_DIR" cd "$SERVER_DIR"
# Set Go module cache to a writable location
export GOPATH=/app/data/go
export GO111MODULE=on
# Set up database environment variables # Set up database environment variables
export ENTE_DB_USER="${CLOUDRON_POSTGRESQL_USERNAME}" export ENTE_DB_USER="${CLOUDRON_POSTGRESQL_USERNAME}"
export ENTE_DB_PASSWORD="${CLOUDRON_POSTGRESQL_PASSWORD}" export ENTE_DB_PASSWORD="${CLOUDRON_POSTGRESQL_PASSWORD}"