Move the random secret generation to start.sh.

This way the random secret is created on first run instead of docker build. We don't really want all standard imaages to share a password anymore than we want a static password.
This commit is contained in:
Tim Farrell 2024-02-01 20:55:59 -06:00
parent 44799e2018
commit e2d481d99a
2 changed files with 13 additions and 6 deletions

View file

@ -53,7 +53,4 @@ COPY --from=build /app/build /app/build
# copy backend files
COPY ./backend .
# Generate a random value to use as a WEBUI_SECRET_KEY in case the user didn't provide one.
RUN echo $(head -c 12 /dev/random | base64) > docker_secret_key
CMD [ "bash", "start.sh"]

View file

@ -3,10 +3,20 @@
SCRIPT_DIR=$( cd -- "$( dirname -- "${BASH_SOURCE[0]}" )" &> /dev/null && pwd )
cd "$SCRIPT_DIR" || exit
KEY_FILE=.webui_secret_key
PORT="${PORT:-8080}"
if test -f docker_secret_key && test "$WEBUI_SECRET_KEY" = ""; then
echo Using generated DOCKER_SECRET_KEY
WEBUI_SECRET_KEY=`cat docker_secret_key`
if ["$WEBUI_SECRET_KEY" = ""]; then
echo No WEBUI_SECRET_KEY provided
if ! [ -e "$KEY_FILE" ]; then
echo Generating WEBUI_SECRET_KEY
# Generate a random value to use as a WEBUI_SECRET_KEY in case the user didn't provide one.
echo $(head -c 12 /dev/random | base64) > $KEY_FILE
fi
echo Loading WEBUI_SECRET_KEY from $KEY_FILE
WEBUI_SECRET_KEY=`cat $KEY_FILE`
fi
WEBUI_SECRET_KEY="$WEBUI_SECRET_KEY" exec uvicorn main:app --host 0.0.0.0 --port "$PORT" --forwarded-allow-ips '*'