Move the random secret generation to start.sh.

This way the random secret is created on first run instead of docker build. We don't really want all standard imaages to share a password anymore than we want a static password.
2024-11-22 08:07:55 +00:00 · 2024-02-01 20:55:59 -06:00 · 2024-02-01 20:55:59 -06:00 · e2d481d99a
commit e2d481d99a
parent 44799e2018
2 changed files with 13 additions and 6 deletions
--- a/3
+++ b/3
@ -53,7 +53,4 @@ COPY --from=build /app/build /app/build
 # copy backend files
 COPY ./backend .

-# Generate a random value to use as a WEBUI_SECRET_KEY in case the user didn't provide one.
-RUN echo $(head -c 12 /dev/random | base64) > docker_secret_key
-
 CMD [ "bash", "start.sh"]
--- a/backend/start.sh
+++ b/backend/start.sh
@ -3,10 +3,20 @@
 SCRIPT_DIR=$( cd -- "$( dirname -- "${BASH_SOURCE[0]}" )" &> /dev/null && pwd )
 cd "$SCRIPT_DIR" || exit

+KEY_FILE=.webui_secret_key
+
 PORT="${PORT:-8080}"
-if test -f docker_secret_key && test "$WEBUI_SECRET_KEY" = ""; then
-  echo Using generated DOCKER_SECRET_KEY
-  WEBUI_SECRET_KEY=`cat docker_secret_key`
+if ["$WEBUI_SECRET_KEY" = ""]; then
+  echo No WEBUI_SECRET_KEY provided
+
+  if ! [ -e "$KEY_FILE" ]; then
+    echo Generating WEBUI_SECRET_KEY
+    # Generate a random value to use as a WEBUI_SECRET_KEY in case the user didn't provide one.
+    echo $(head -c 12 /dev/random | base64) > $KEY_FILE
+  fi
+
+  echo Loading WEBUI_SECRET_KEY from $KEY_FILE
+  WEBUI_SECRET_KEY=`cat $KEY_FILE`
 fi

 WEBUI_SECRET_KEY="$WEBUI_SECRET_KEY" exec uvicorn main:app --host 0.0.0.0 --port "$PORT" --forwarded-allow-ips '*'