github/overleaf
1
0
Fork 0
mirror of https://github.com/overleaf/overleaf.git synced 2024-11-21 20:47:08 -05:00
Code Issues Projects Releases Packages Wiki Activity

Set CRYPTO_RANDOM as environment variable at startup time (#134)

Browse source
This commit is contained in:
Miguel Serrano 2020-01-28 07:16:23 +01:00 committed by GitHub
parent 2630aa7367
commit 6a5f1588cc
3 changed files with 19 additions and 9 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
server-ce/Dockerfile
View file

@ -84,8 +84,6 @@ RUN cd /var/www && ./git-revision.sh > revisions.txt
# Set Environment Variables # Set Environment Variables
# -------------------------------- # --------------------------------
ENV WEB_API_USER "sharelatex" ENV WEB_API_USER "sharelatex"
# password is regenerated in init_scripts/00_regen_sharelatex_secrets.sh
ENV WEB_API_PASSWORD "password"
ENV SHARELATEX_APP_NAME "Overleaf Community Edition" ENV SHARELATEX_APP_NAME "Overleaf Community Edition"

22
server-ce/init_scripts/00_regen_sharelatex_secrets.sh
View file

@ -1,7 +1,19 @@
#!/bin/sh #!/bin/sh
# Create random secret keys (twice, once for http auth pass, once for cookie secret).
CRYPTO_RANDOM=$(dd if=/dev/urandom bs=1 count=32 2>/dev/null | base64 -w 0 | rev | cut -b 2- | rev | tr -d '\n+/')
sed -i "0,/CRYPTO_RANDOM/s/CRYPTO_RANDOM/$CRYPTO_RANDOM/" /etc/sharelatex/settings.coffee
CRYPTO_RANDOM=$(dd if=/dev/urandom bs=1 count=32 2>/dev/null | base64 -w 0 | rev | cut -b 2- | rev | tr -d '\n+/') # generate secrets and defines them as environment variables
sed -i "0,/CRYPTO_RANDOM/s/CRYPTO_RANDOM/$CRYPTO_RANDOM/" /etc/sharelatex/settings.coffee # https://github.com/phusion/baseimage-docker#centrally-defining-your-own-environment-variables
WEB_API_PASSWORD_FILE=/etc/container_environment/WEB_API_PASSWORD
CRYPTO_RANDOM_FILE=/etc/container_environment/CRYPTO_RANDOM
if [ ! -f "$WEB_API_PASSWORD_FILE" ] || [ ! -f "$CRYPTO_RANDOM_FILE" ]; then
echo "generating random secrets"
SECRET=$(dd if=/dev/urandom bs=1 count=32 2>/dev/null | base64 -w 0 | rev | cut -b 2- | rev | tr -d '\n+/')
echo ${SECRET} > ${WEB_API_PASSWORD_FILE}
SECRET=$(dd if=/dev/urandom bs=1 count=32 2>/dev/null | base64 -w 0 | rev | cut -b 2- | rev | tr -d '\n+/')
echo ${SECRET} > ${CRYPTO_RANDOM_FILE}
fi

4
server-ce/settings.coffee
View file

@ -3,7 +3,7 @@ Path = require('path')
# These credentials are used for authenticating api requests # These credentials are used for authenticating api requests
# between services that may need to go over public channels # between services that may need to go over public channels
httpAuthUser = "sharelatex" httpAuthUser = "sharelatex"
httpAuthPass = "CRYPTO_RANDOM" # Randomly generated for you httpAuthPass = process.env["WEB_API_PASSWORD"]
httpAuthUsers = {} httpAuthUsers = {}
httpAuthUsers[httpAuthUser] = httpAuthPass httpAuthUsers[httpAuthUser] = httpAuthPass
@ -162,7 +162,7 @@ settings =
# If provided, a sessionSecret is used to sign cookies so that they cannot be # If provided, a sessionSecret is used to sign cookies so that they cannot be
# spoofed. This is recommended. # spoofed. This is recommended.
security: security:
sessionSecret: process.env["SHARELATEX_SESSION_SECRET"] or "CRYPTO_RANDOM" # This was randomly generated for you sessionSecret: process.env["SHARELATEX_SESSION_SECRET"] or process.env["CRYPTO_RANDOM"]
# These credentials are used for authenticating api requests # These credentials are used for authenticating api requests
# between services that may need to go over public channels # between services that may need to go over public channels