Default docker installations should generate a random key instead of using a static secret that everyone can see.

2024-11-22 08:07:55 +00:00 · 2024-02-01 13:43:54 -06:00 · 2024-02-01 13:43:54 -06:00 · 03a7e35967
commit 03a7e35967
parent d67f3d982b
2 changed files with 9 additions and 1 deletions
--- a/3
+++ b/3
@ -53,4 +53,7 @@ COPY --from=build /app/build /app/build
 # copy backend files
 COPY ./backend .

+# Generate a random value to use as a WEBUI_SECRET_KEY in case the user didn't provide one.
+RUN echo $(head -c 12 /dev/random | base64) > docker_secret_key
+
 CMD [ "bash", "start.sh"]
--- a/backend/start.sh
+++ b/backend/start.sh
@ -4,4 +4,9 @@ SCRIPT_DIR=$( cd -- "$( dirname -- "${BASH_SOURCE[0]}" )" &> /dev/null && pwd )
 cd "$SCRIPT_DIR" || exit

 PORT="${PORT:-8080}"
-exec uvicorn main:app --host 0.0.0.0 --port "$PORT" --forwarded-allow-ips '*'
+if test -f docker_secret_key && test "$WEBUI_SECRET_KEY" = ""; then
+  echo Using generated DOCKER_SECRET_KEY
+  WEBUI_SECRET_KEY=`cat docker_secret_key`
+fi
+
+WEBUI_SECRET_KEY="$WEBUI_SECRET_KEY" exec uvicorn main:app --host 0.0.0.0 --port "$PORT" --forwarded-allow-ips '*'