Add environment variable support for Docker image #2201

lunny · 2017-07-23T03:38:53Z

twang2218 commented

2017-07-23 03:38:53 +00:00

(Migrated from github.com)

Add gettext dependencies as we need envsubst command;
Modified s6's gitea setup script, instead of cp the template if no
app.ini exist, it will substitude the envvars and generate the new
app.ini;
Make /docker/etc/templates/app.ini a template contains environment
variables;

The following environment variable can be set:

APP_NAME: (default: Gitea: Git with a cup of tea)
APP_MODE: (default: dev)
[server]:
- SSH_DOMAIN: (default: localhost)
- HTTP_PORT: (default: 3000)
- ROOT_URL: (default: '')
- DISABLE_SSH: (default: false)
- SSH_PORT: (default: 22)
[database]:
- DB_TYPE: (default: sqlite3)
- DB_HOST: (default: localhost:3306)
- DB_NAME: (default: gitea)
- DB_USER: (default: root)
- DB_PASSWD: (default: ``)
[security]:
- INSTALL_LOCK: (default: true)
- SECRET_KEY: (default: JPuNRXxX2G)

With these environment variables available, user can easily run the docker image with minor modifications without creating an custom app.ini, such as:

$ docker run -d -p 3000:3000 \
    -e ROOT_URL=http://dev.example.com \
    -e DB_TYPE=mysql \
    -e DB_HOST=1.2.3.4:3306 \
    -e DB_USER=gitea \
    -e DB_PASSWD=Sup3rPassw0rd \
    -e SECRET_KEY=Sup3r3ecre7 \
    gitea/gitea:latest

Signed-off-by: Tao Wang twang2218@gmail.com

* Add `gettext` dependencies as we need `envsubst` command; * Modified s6's gitea setup script, instead of `cp` the template if no `app.ini` exist, it will substitude the envvars and generate the new `app.ini`; * Make `/docker/etc/templates/app.ini` a template contains environment variables; The following environment variable can be set: * `APP_NAME`: (default: `Gitea: Git with a cup of tea`) * `APP_MODE`: (default: `dev`) * [server]: * `SSH_DOMAIN`: (default: `localhost`) * `HTTP_PORT`: (default: `3000`) * `ROOT_URL`: (default: '') * `DISABLE_SSH`: (default: `false`) * `SSH_PORT`: (default: `22`) * [database]: * `DB_TYPE`: (default: `sqlite3`) * `DB_HOST`: (default: `localhost:3306`) * `DB_NAME`: (default: `gitea`) * `DB_USER`: (default: `root`) * `DB_PASSWD`: (default: ``) * [security]: * `INSTALL_LOCK`: (default: `true`) * `SECRET_KEY`: (default: `JPuNRXxX2G`) With these environment variables available, user can easily run the docker image with minor modifications without creating an custom `app.ini`, such as: ```bash $ docker run -d -p 3000:3000 \ -e ROOT_URL=http://dev.example.com \ -e DB_TYPE=mysql \ -e DB_HOST=1.2.3.4:3306 \ -e DB_USER=gitea \ -e DB_PASSWD=Sup3rPassw0rd \ -e SECRET_KEY=Sup3r3ecre7 \ gitea/gitea:latest ``` Signed-off-by: Tao Wang <twang2218@gmail.com>

👍 3

sapk commented

2017-07-30 22:24:56 +00:00

(Migrated from github.com)

This need rebase. This is good to be configurated by env var but

We shoudn't use a default SECRET_KEY.

I think that we shoud only set INSTALL_LOCK to true only if SECRET_KEY set by user otherwise we should display the /install page.

This need rebase. This is good to be configurated by env var but We shoudn't use a default SECRET_KEY. I think that we shoud only set INSTALL_LOCK to true only if SECRET_KEY set by user otherwise we should display the /install page.

twang2218 commented

2017-07-31 03:41:58 +00:00

(Migrated from github.com)

@sapk Good point, I updated the PR, only set INSTALL_LOCK to true if SECRET_KEY is not empty, and INSTALL_LOCK is empty. And the default SECRET_KEY is removed.

@sapk Good point, I updated the PR, only set `INSTALL_LOCK` to `true` if `SECRET_KEY` is not empty, and `INSTALL_LOCK` is empty. And the default `SECRET_KEY` is removed.

👍 1

vtemian (Migrated from github.com) reviewed 2017-09-05 07:10:54 +00:00

vtemian (Migrated from github.com) left a comment

Thanks for this PR!

docker/etc/s6/gitea/setup

vtemian (Migrated from github.com) commented

2017-09-04 14:33:03 +00:00

Small typo: environment

Small typo: `environment`

docker/etc/s6/gitea/setup

						
				@ -15,1 +15,3 @@

				    cp /etc/templates/app.ini /data/gitea/conf/app.ini

				    # Set INSTALL_LOCK to true only if SECRET_KEY is not empty and

				    # INSTALL_LOCK is empty

vtemian (Migrated from github.com) commented

2017-09-04 14:35:02 +00:00

This is pretty obvious from the instruction itself.
Maybe a more useful comment would by why it's needed to set INSTALL_LOCK to true.

This is pretty obvious from the instruction itself. Maybe a more useful comment would by why it's needed to set `INSTALL_LOCK` to `true`.

twang2218 (Migrated from github.com) reviewed 2017-09-11 00:32:37 +00:00

docker/etc/s6/gitea/setup

						
				@ -15,1 +15,3 @@

				    cp /etc/templates/app.ini /data/gitea/conf/app.ini

				    # Set INSTALL_LOCK to true only if SECRET_KEY is not empty and

				    # INSTALL_LOCK is empty

twang2218 (Migrated from github.com) commented

2017-09-11 00:32:37 +00:00

This is a good question, why it's needed?

It was obviously that we alway go through the installation process to setup the SECRET_KEY. However, why we have to?

I didn't find any document clear the relationship between INSTALL_LOCK and SECRET_KEY, so I read the code, and I found the SECRET_KEY will be randomly generated ONLY during the installation:

2c3a229a3c/routers/install.go (L315-L320)

	var secretKey string
	if secretKey, err = base.GetRandomString(10); err != nil {
		ctx.RenderWithErr(ctx.Tr("install.secret_key_failed", err), tplInstall, &form)
		return
	}
	cfg.Section("security").Key("SECRET_KEY").SetValue(secretKey)

Otherwise, it will try to find the user setting SECRET_KEY first, and if user is not providing the value, it will use the default string !#@FDEWREWR&*(, which is not safe and should be random generated.

ced50e0ec1/modules/setting/setting.go (L813)

	SecretKey = sec.Key("SECRET_KEY").MustString("!#@FDEWREWR&*(")

ping @sapk and @lunny , could you tell me why the default value for the SECRET_KEY is a static value, instead of a randomly generated key?

I read the issue https://github.com/go-gitea/gitea/pull/455 , I'm still not clear. I think the SECRET_KEY should always be generated if the value is not provided by the user, the static default string should be avoided in this case.

This is a good question, why it's needed? It was obviously that we alway go through the installation process to setup the `SECRET_KEY`. However, why we have to? I didn't find any document clear the relationship between `INSTALL_LOCK` and `SECRET_KEY`, so I read the code, and I found the `SECRET_KEY` will be randomly generated ONLY during the installation: https://github.com/go-gitea/gitea/blob/2c3a229a3c4cc3e86c5a1130bbd058ba78022a6a/routers/install.go#L315-L320 ```go var secretKey string if secretKey, err = base.GetRandomString(10); err != nil { ctx.RenderWithErr(ctx.Tr("install.secret_key_failed", err), tplInstall, &form) return } cfg.Section("security").Key("SECRET_KEY").SetValue(secretKey) ``` Otherwise, it will try to find the user setting `SECRET_KEY` first, and if user is not providing the value, it will use the default string `!#@FDEWREWR&*(`, which is not safe and should be random generated. https://github.com/go-gitea/gitea/blob/ced50e0ec13085504fa19c82f018a2eecb70ff68/modules/setting/setting.go#L813 ```go SecretKey = sec.Key("SECRET_KEY").MustString("!#@FDEWREWR&*(") ``` ping @sapk and @lunny , could you tell me why the default value for the `SECRET_KEY` is a static value, instead of a randomly generated key? I read the issue https://github.com/go-gitea/gitea/pull/455 , I'm still not clear. I think the `SECRET_KEY` should always be generated if the value is not provided by the user, the static default string should be avoided in this case.

twang2218 (Migrated from github.com) reviewed 2017-09-11 00:38:45 +00:00

docker/etc/s6/gitea/setup

twang2218 (Migrated from github.com) commented

2017-09-11 00:38:45 +00:00

fixed.

vtemian (Migrated from github.com) approved these changes 2017-09-11 07:21:11 +00:00

lunny reviewed 2017-10-31 06:07:03 +00:00

docker/etc/s6/gitea/setup

						
				@ -15,1 +15,3 @@

				    cp /etc/templates/app.ini /data/gitea/conf/app.ini

				    # Set INSTALL_LOCK to true only if SECRET_KEY is not empty and

				    # INSTALL_LOCK is empty

lunny commented

2017-10-31 06:07:03 +00:00

@twang2218 It should be.

lafriks commented

2017-10-31 07:04:00 +00:00

(Migrated from github.com)

LGTM

lunny commented

2017-10-31 08:28:55 +00:00

LGTM

codecov-io commented

2017-10-31 08:38:23 +00:00

(Migrated from github.com)

Codecov Report

Merging #2201 into master will not change coverage.
The diff coverage is n/a.

@@           Coverage Diff           @@
##           master    #2201   +/-   ##
=======================================
  Coverage   26.85%   26.85%           
=======================================
  Files          89       89           
  Lines       17600    17600           
=======================================
  Hits         4727     4727           
  Misses      12187    12187           
  Partials      686      686

Continue to review full report at Codecov.

Legend - Click here to learn more
Δ = absolute <relative> (impact), ø = not affected, ? = missing data
Powered by Codecov. Last update b0b24a2...0fca9c1. Read the comment docs.

# [Codecov](https://codecov.io/gh/go-gitea/gitea/pull/2201?src=pr&el=h1) Report > Merging [#2201](https://codecov.io/gh/go-gitea/gitea/pull/2201?src=pr&el=desc) into [master](https://codecov.io/gh/go-gitea/gitea/commit/b0b24a2dbb8bca7e99e432d383716d6d811b7981?src=pr&el=desc) will **not change** coverage. > The diff coverage is `n/a`. [![Impacted file tree graph](https://codecov.io/gh/go-gitea/gitea/pull/2201/graphs/tree.svg?token=t1G57YGbPy&width=650&height=150&src=pr)](https://codecov.io/gh/go-gitea/gitea/pull/2201?src=pr&el=tree) ```diff @@ Coverage Diff @@ ## master #2201 +/- ## ======================================= Coverage 26.85% 26.85% ======================================= Files 89 89 Lines 17600 17600 ======================================= Hits 4727 4727 Misses 12187 12187 Partials 686 686 ``` ------ [Continue to review full report at Codecov](https://codecov.io/gh/go-gitea/gitea/pull/2201?src=pr&el=continue). > **Legend** - [Click here to learn more](https://docs.codecov.io/docs/codecov-delta) > `Δ = absolute <relative> (impact)`, `ø = not affected`, `? = missing data` > Powered by [Codecov](https://codecov.io/gh/go-gitea/gitea/pull/2201?src=pr&el=footer). Last update [b0b24a2...0fca9c1](https://codecov.io/gh/go-gitea/gitea/pull/2201?src=pr&el=lastupdated). Read the [comment docs](https://docs.codecov.io/docs/pull-request-comments).

This repo is archived. You cannot comment on pull requests.

No reviewers

vtemian