From e2d481d99a7009a71dd27f132ada7d18e5f72037 Mon Sep 17 00:00:00 2001 From: Tim Farrell Date: Thu, 1 Feb 2024 20:55:59 -0600 Subject: [PATCH] Move the random secret generation to start.sh. This way the random secret is created on first run instead of docker build. We don't really want all standard imaages to share a password anymore than we want a static password. --- Dockerfile | 3 --- backend/start.sh | 16 +++++++++++++--- 2 files changed, 13 insertions(+), 6 deletions(-) diff --git a/Dockerfile b/Dockerfile index 39933fd40..d292716b8 100644 --- a/Dockerfile +++ b/Dockerfile @@ -53,7 +53,4 @@ COPY --from=build /app/build /app/build # copy backend files COPY ./backend . -# Generate a random value to use as a WEBUI_SECRET_KEY in case the user didn't provide one. -RUN echo $(head -c 12 /dev/random | base64) > docker_secret_key - CMD [ "bash", "start.sh"] \ No newline at end of file diff --git a/backend/start.sh b/backend/start.sh index 515e6c939..03fe792a4 100755 --- a/backend/start.sh +++ b/backend/start.sh @@ -3,10 +3,20 @@ SCRIPT_DIR=$( cd -- "$( dirname -- "${BASH_SOURCE[0]}" )" &> /dev/null && pwd ) cd "$SCRIPT_DIR" || exit +KEY_FILE=.webui_secret_key + PORT="${PORT:-8080}" -if test -f docker_secret_key && test "$WEBUI_SECRET_KEY" = ""; then - echo Using generated DOCKER_SECRET_KEY - WEBUI_SECRET_KEY=`cat docker_secret_key` +if ["$WEBUI_SECRET_KEY" = ""]; then + echo No WEBUI_SECRET_KEY provided + + if ! [ -e "$KEY_FILE" ]; then + echo Generating WEBUI_SECRET_KEY + # Generate a random value to use as a WEBUI_SECRET_KEY in case the user didn't provide one. + echo $(head -c 12 /dev/random | base64) > $KEY_FILE + fi + + echo Loading WEBUI_SECRET_KEY from $KEY_FILE + WEBUI_SECRET_KEY=`cat $KEY_FILE` fi WEBUI_SECRET_KEY="$WEBUI_SECRET_KEY" exec uvicorn main:app --host 0.0.0.0 --port "$PORT" --forwarded-allow-ips '*'