mirror of
https://github.com/overleaf/overleaf.git
synced 2024-12-23 18:43:21 +00:00
Set CRYPTO_RANDOM as environment variable at startup time (#134)
This commit is contained in:
parent
2630aa7367
commit
6a5f1588cc
3 changed files with 19 additions and 9 deletions
|
@ -84,8 +84,6 @@ RUN cd /var/www && ./git-revision.sh > revisions.txt
|
|||
# Set Environment Variables
|
||||
# --------------------------------
|
||||
ENV WEB_API_USER "sharelatex"
|
||||
# password is regenerated in init_scripts/00_regen_sharelatex_secrets.sh
|
||||
ENV WEB_API_PASSWORD "password"
|
||||
|
||||
ENV SHARELATEX_APP_NAME "Overleaf Community Edition"
|
||||
|
||||
|
|
|
@ -1,7 +1,19 @@
|
|||
#!/bin/sh
|
||||
# Create random secret keys (twice, once for http auth pass, once for cookie secret).
|
||||
CRYPTO_RANDOM=$(dd if=/dev/urandom bs=1 count=32 2>/dev/null | base64 -w 0 | rev | cut -b 2- | rev | tr -d '\n+/')
|
||||
sed -i "0,/CRYPTO_RANDOM/s/CRYPTO_RANDOM/$CRYPTO_RANDOM/" /etc/sharelatex/settings.coffee
|
||||
|
||||
CRYPTO_RANDOM=$(dd if=/dev/urandom bs=1 count=32 2>/dev/null | base64 -w 0 | rev | cut -b 2- | rev | tr -d '\n+/')
|
||||
sed -i "0,/CRYPTO_RANDOM/s/CRYPTO_RANDOM/$CRYPTO_RANDOM/" /etc/sharelatex/settings.coffee
|
||||
# generate secrets and defines them as environment variables
|
||||
# https://github.com/phusion/baseimage-docker#centrally-defining-your-own-environment-variables
|
||||
|
||||
WEB_API_PASSWORD_FILE=/etc/container_environment/WEB_API_PASSWORD
|
||||
CRYPTO_RANDOM_FILE=/etc/container_environment/CRYPTO_RANDOM
|
||||
|
||||
if [ ! -f "$WEB_API_PASSWORD_FILE" ] || [ ! -f "$CRYPTO_RANDOM_FILE" ]; then
|
||||
|
||||
echo "generating random secrets"
|
||||
|
||||
SECRET=$(dd if=/dev/urandom bs=1 count=32 2>/dev/null | base64 -w 0 | rev | cut -b 2- | rev | tr -d '\n+/')
|
||||
echo ${SECRET} > ${WEB_API_PASSWORD_FILE}
|
||||
|
||||
SECRET=$(dd if=/dev/urandom bs=1 count=32 2>/dev/null | base64 -w 0 | rev | cut -b 2- | rev | tr -d '\n+/')
|
||||
echo ${SECRET} > ${CRYPTO_RANDOM_FILE}
|
||||
fi
|
||||
|
||||
|
|
|
@ -3,7 +3,7 @@ Path = require('path')
|
|||
# These credentials are used for authenticating api requests
|
||||
# between services that may need to go over public channels
|
||||
httpAuthUser = "sharelatex"
|
||||
httpAuthPass = "CRYPTO_RANDOM" # Randomly generated for you
|
||||
httpAuthPass = process.env["WEB_API_PASSWORD"]
|
||||
httpAuthUsers = {}
|
||||
httpAuthUsers[httpAuthUser] = httpAuthPass
|
||||
|
||||
|
@ -162,7 +162,7 @@ settings =
|
|||
# If provided, a sessionSecret is used to sign cookies so that they cannot be
|
||||
# spoofed. This is recommended.
|
||||
security:
|
||||
sessionSecret: process.env["SHARELATEX_SESSION_SECRET"] or "CRYPTO_RANDOM" # This was randomly generated for you
|
||||
sessionSecret: process.env["SHARELATEX_SESSION_SECRET"] or process.env["CRYPTO_RANDOM"]
|
||||
|
||||
# These credentials are used for authenticating api requests
|
||||
# between services that may need to go over public channels
|
||||
|
|
Loading…
Reference in a new issue