Add environment variable support for Docker image #2201
Conversation
|
This need rebase. This is good to be configurated by env var but We shoudn't use a default SECRET_KEY. I think that we shoud only set INSTALL_LOCK to true only if SECRET_KEY set by user otherwise we should display the /install page. |
bkcsoft
added
the
lgtm/need 2
twang2218
force-pushed
the
docker-variables
branch
from
b1faa72
to
ca0a517
Compare
|
@sapk Good point, I updated the PR, only set |
docker/etc/s6/gitea/setup
Outdated
| INSTALL_LOCK=true | ||
| fi | ||
|
|
||
| # Substitude the envionrment variables in the template |
| @@ -12,7 +12,29 @@ fi | |||
|
|
|||
| if [ ! -f /data/gitea/conf/app.ini ]; then | |||
| mkdir -p /data/gitea/conf | |||
| cp /etc/templates/app.ini /data/gitea/conf/app.ini | |||
|
|
|||
| # Set INSTALL_LOCK to true only if SECRET_KEY is not empty and | |||
There was a problem hiding this comment.
This is pretty obvious from the instruction itself.
Maybe a more useful comment would by why it's needed to set INSTALL_LOCK to true.
There was a problem hiding this comment.
This is a good question, why it's needed?
It was obviously that we alway go through the installation process to setup the SECRET_KEY. However, why we have to?
I didn't find any document clear the relationship between INSTALL_LOCK and SECRET_KEY, so I read the code, and I found the SECRET_KEY will be randomly generated ONLY during the installation:
Lines 315 to 320 in 2c3a229
var secretKey string
if secretKey, err = base.GetRandomString(10); err != nil {
ctx.RenderWithErr(ctx.Tr("install.secret_key_failed", err), tplInstall, &form)
return
}
cfg.Section("security").Key("SECRET_KEY").SetValue(secretKey)Otherwise, it will try to find the user setting SECRET_KEY first, and if user is not providing the value, it will use the default string !#@FDEWREWR&*(, which is not safe and should be random generated.
gitea/modules/setting/setting.go
Line 813 in ced50e0
SecretKey = sec.Key("SECRET_KEY").MustString("!#@FDEWREWR&*(")ping @sapk and @lunny , could you tell me why the default value for the SECRET_KEY is a static value, instead of a randomly generated key?
I read the issue #455 , I'm still not clear. I think the SECRET_KEY should always be generated if the value is not provided by the user, the static default string should be avoided in this case.
* Add `gettext` dependencies as we need `envsubst` command; * Modified s6's gitea setup script, instead of `cp` the template if no `app.ini` exist, it will substitude the envvars and generate the new `app.ini`; * Make `/docker/etc/templates/app.ini` a template contains environment variables; Signed-off-by: Tao Wang <[email protected]>
twang2218
force-pushed
the
docker-variables
branch
from
ca0a517
to
2600cf6
Compare
|
LGTM |
tboerger
added
lgtm/need 1
|
LGTM |
tboerger
added
lgtm/done
Codecov Report
@@ Coverage Diff @@
## master #2201 +/- ##
=======================================
Coverage 26.85% 26.85%
=======================================
Files 89 89
Lines 17600 17600
=======================================
Hits 4727 4727
Misses 12187 12187
Partials 686 686Continue to review full report at Codecov.
|
gettextdependencies as we needenvsubstcommand;cpthe template if noapp.iniexist, it will substitude the envvars and generate the newapp.ini;/docker/etc/templates/app.inia template contains environmentvariables;
The following environment variable can be set:
APP_NAME: (default:Gitea: Git with a cup of tea)APP_MODE: (default:dev)SSH_DOMAIN: (default:localhost)HTTP_PORT: (default:3000)ROOT_URL: (default: '')DISABLE_SSH: (default:false)SSH_PORT: (default:22)DB_TYPE: (default:sqlite3)DB_HOST: (default:localhost:3306)DB_NAME: (default:gitea)DB_USER: (default:root)DB_PASSWD: (default: ``)INSTALL_LOCK: (default:true)SECRET_KEY: (default:JPuNRXxX2G)With these environment variables available, user can easily run the docker image with minor modifications without creating an custom
app.ini, such as:$ docker run -d -p 3000:3000 \ -e ROOT_URL=http://dev.example.com \ -e DB_TYPE=mysql \ -e DB_HOST=1.2.3.4:3306 \ -e DB_USER=gitea \ -e DB_PASSWD=Sup3rPassw0rd \ -e SECRET_KEY=Sup3r3ecre7 \ gitea/gitea:latestSigned-off-by: Tao Wang [email protected]