Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add environment variable support for Docker image #2201

Merged
merged 2 commits into from
Oct 31, 2017
Merged

Add environment variable support for Docker image #2201

Show file tree
Hide file tree
Changes from 1 commit
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
2600cf6
Add environment variable support for Docker image
twang2218 Jul 23, 2017
0fca9c1
Merge branch 'master' into docker-variables
lunny Oct 31, 2017
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
1 change: 1 addition & 0 deletions Dockerfile
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -13,6 +13,7 @@ RUN apk --no-cache add \
s6 \
curl \
openssh \
gettext \
tzdata
RUN addgroup \
-S -g 1000 \
Expand Down
1 change: 1 addition & 0 deletions Dockerfile.aarch64
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -12,6 +12,7 @@ RUN apk --no-cache add \
s6 \
curl \
openssh \
gettext \
tzdata
RUN addgroup \
-S -g 1000 \
Expand Down
1 change: 1 addition & 0 deletions Dockerfile.rpi
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -13,6 +13,7 @@ RUN apk --no-cache add \
s6 \
curl \
openssh \
gettext \
tzdata
RUN addgroup \
-S -g 1000 \
Expand Down
24 changes: 23 additions & 1 deletion docker/etc/s6/gitea/setup
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -12,7 +12,29 @@ fi

if [ ! -f /data/gitea/conf/app.ini ]; then
mkdir -p /data/gitea/conf
cp /etc/templates/app.ini /data/gitea/conf/app.ini

# Set INSTALL_LOCK to true only if SECRET_KEY is not empty and
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This is pretty obvious from the instruction itself.
Maybe a more useful comment would by why it's needed to set INSTALL_LOCK to true.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This is a good question, why it's needed?

It was obviously that we alway go through the installation process to setup the SECRET_KEY. However, why we have to?

I didn't find any document clear the relationship between INSTALL_LOCK and SECRET_KEY, so I read the code, and I found the SECRET_KEY will be randomly generated ONLY during the installation:

gitea/routers/install.go

Lines 315 to 320 in 2c3a229

var secretKey string
if secretKey, err = base.GetRandomString(10); err != nil {
ctx.RenderWithErr(ctx.Tr("install.secret_key_failed", err), tplInstall, &form)
return
}
cfg.Section("security").Key("SECRET_KEY").SetValue(secretKey) 

	var secretKey string
	if secretKey, err = base.GetRandomString(10); err != nil {
		ctx.RenderWithErr(ctx.Tr("install.secret_key_failed", err), tplInstall, &form)
		return
	}
	cfg.Section("security").Key("SECRET_KEY").SetValue(secretKey)

Otherwise, it will try to find the user setting SECRET_KEY first, and if user is not providing the value, it will use the default string !#@FDEWREWR&*(, which is not safe and should be random generated.

gitea/modules/setting/setting.go

Line 813 in ced50e0

SecretKey = sec.Key("SECRET_KEY").MustString("!#@FDEWREWR&*(") 

	SecretKey = sec.Key("SECRET_KEY").MustString("!#@FDEWREWR&*(")

ping @sapk and @lunny , could you tell me why the default value for the SECRET_KEY is a static value, instead of a randomly generated key?

I read the issue #455 , I'm still not clear. I think the SECRET_KEY should always be generated if the value is not provided by the user, the static default string should be avoided in this case.

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@twang2218 It should be.

# INSTALL_LOCK is empty
if [ -n "$SECRET_KEY" ] && [ -z "$INSTALL_LOCK" ]; then
INSTALL_LOCK=true
fi

# Substitude the environment variables in the template
APP_NAME=${APP_NAME:-"Gitea: Git with a cup of tea"} \
APP_MODE=${APP_MODE:-"dev"} \
SSH_DOMAIN=${SSH_DOMAIN:-"localhost"} \
HTTP_PORT=${HTTP_PORT:-"3000"} \
ROOT_URL=${ROOT_URL:-""} \
DISABLE_SSH=${DISABLE_SSH:-"false"} \
SSH_PORT=${SSH_PORT:-"22"} \
DB_TYPE=${DB_TYPE:-"sqlite3"} \
DB_HOST=${DB_HOST:-"localhost:3306"} \
DB_NAME=${DB_NAME:-"gitea"} \
DB_USER=${DB_USER:-"root"} \
DB_PASSWD=${DB_PASSWD:-""} \
INSTALL_LOCK=${INSTALL_LOCK:-"false"} \
SECRET_KEY=${SECRET_KEY:-""} \
envsubst < /etc/templates/app.ini > /data/gitea/conf/app.ini
fi

chown -R git:git /data/gitea /app/gitea /data/git
Expand Down
17 changes: 16 additions & 1 deletion docker/etc/templates/app.ini
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,15 +1,26 @@
[repository]
APP_NAME = $APP_NAME
APP_MODE = $APP_MODE
ROOT = /data/git/repositories

[repository.upload]
TEMP_PATH = /data/gitea/uploads

[server]
APP_DATA_PATH = /data/gitea
SSH_DOMAIN = $SSH_DOMAIN
HTTP_PORT = $HTTP_PORT
ROOT_URL = $ROOT_URL
DISABLE_SSH = $DISABLE_SSH
SSH_PORT = $SSH_PORT

[database]
DB_TYPE = sqlite3
PATH = /data/gitea/gitea.db
DB_TYPE = $DB_TYPE
HOST = $DB_HOST
NAME = $DB_NAME
USER = $DB_USER
PASSWD = $DB_PASSWD

[session]
PROVIDER_CONFIG = /data/gitea/sessions
Expand All @@ -22,3 +33,7 @@ PATH = /data/gitea/attachments

[log]
ROOT_PATH = /data/gitea/log

[security]
INSTALL_LOCK = $INSTALL_LOCK
SECRET_KEY = $SECRET_KEY