Add environment variable support for Docker image #2201
@ -14,6 +14,7 @@ RUN apk --no-cache add \
|
||||
s6 \
|
||||
curl \
|
||||
openssh \
|
||||
gettext \
|
||||
tzdata
|
||||
RUN addgroup \
|
||||
-S -g 1000 \
|
||||
|
@ -14,6 +14,7 @@ RUN apk --no-cache add \
|
||||
s6 \
|
||||
curl \
|
||||
openssh \
|
||||
gettext \
|
||||
tzdata
|
||||
RUN addgroup \
|
||||
-S -g 1000 \
|
||||
|
@ -14,6 +14,7 @@ RUN apk --no-cache add \
|
||||
s6 \
|
||||
curl \
|
||||
openssh \
|
||||
gettext \
|
||||
tzdata
|
||||
RUN addgroup \
|
||||
-S -g 1000 \
|
||||
|
@ -12,7 +12,29 @@ fi
|
||||
|
||||
if [ ! -f /data/gitea/conf/app.ini ]; then
|
||||
mkdir -p /data/gitea/conf
|
||||
cp /etc/templates/app.ini /data/gitea/conf/app.ini
|
||||
|
||||
# Set INSTALL_LOCK to true only if SECRET_KEY is not empty and
|
||||
# INSTALL_LOCK is empty
|
||||
|
||||
if [ -n "$SECRET_KEY" ] && [ -z "$INSTALL_LOCK" ]; then
|
||||
INSTALL_LOCK=true
|
||||
fi
|
||||
|
||||
# Substitude the environment variables in the template
|
||||
APP_NAME=${APP_NAME:-"Gitea: Git with a cup of tea"} \
|
||||
APP_MODE=${APP_MODE:-"dev"} \
|
||||
SSH_DOMAIN=${SSH_DOMAIN:-"localhost"} \
|
||||
HTTP_PORT=${HTTP_PORT:-"3000"} \
|
||||
ROOT_URL=${ROOT_URL:-""} \
|
||||
DISABLE_SSH=${DISABLE_SSH:-"false"} \
|
||||
SSH_PORT=${SSH_PORT:-"22"} \
|
||||
DB_TYPE=${DB_TYPE:-"sqlite3"} \
|
||||
DB_HOST=${DB_HOST:-"localhost:3306"} \
|
||||
DB_NAME=${DB_NAME:-"gitea"} \
|
||||
DB_USER=${DB_USER:-"root"} \
|
||||
DB_PASSWD=${DB_PASSWD:-""} \
|
||||
INSTALL_LOCK=${INSTALL_LOCK:-"false"} \
|
||||
SECRET_KEY=${SECRET_KEY:-""} \
|
||||
envsubst < /etc/templates/app.ini > /data/gitea/conf/app.ini
|
||||
fi
|
||||
|
||||
chown -R git:git /data/gitea /app/gitea /data/git
|
||||
|
@ -1,4 +1,6 @@
|
||||
[repository]
|
||||
APP_NAME = $APP_NAME
|
||||
APP_MODE = $APP_MODE
|
||||
ROOT = /data/git/repositories
|
||||
|
||||
[repository.upload]
|
||||
@ -6,10 +8,19 @@ TEMP_PATH = /data/gitea/uploads
|
||||
|
||||
[server]
|
||||
APP_DATA_PATH = /data/gitea
|
||||
SSH_DOMAIN = $SSH_DOMAIN
|
||||
HTTP_PORT = $HTTP_PORT
|
||||
ROOT_URL = $ROOT_URL
|
||||
DISABLE_SSH = $DISABLE_SSH
|
||||
SSH_PORT = $SSH_PORT
|
||||
|
||||
[database]
|
||||
DB_TYPE = sqlite3
|
||||
PATH = /data/gitea/gitea.db
|
||||
DB_TYPE = $DB_TYPE
|
||||
HOST = $DB_HOST
|
||||
NAME = $DB_NAME
|
||||
USER = $DB_USER
|
||||
PASSWD = $DB_PASSWD
|
||||
|
||||
[session]
|
||||
PROVIDER_CONFIG = /data/gitea/sessions
|
||||
@ -22,3 +33,7 @@ PATH = /data/gitea/attachments
|
||||
|
||||
[log]
|
||||
ROOT_PATH = /data/gitea/log
|
||||
|
||||
[security]
|
||||
INSTALL_LOCK = $INSTALL_LOCK
|
||||
SECRET_KEY = $SECRET_KEY
|
||||
|
Reference in New Issue
Block a user
This is pretty obvious from the instruction itself.
Maybe a more useful comment would by why it's needed to set
INSTALL_LOCK
totrue
.This is a good question, why it's needed?
It was obviously that we alway go through the installation process to setup the
SECRET_KEY
. However, why we have to?I didn't find any document clear the relationship between
INSTALL_LOCK
andSECRET_KEY
, so I read the code, and I found theSECRET_KEY
will be randomly generated ONLY during the installation:2c3a229a3c/routers/install.go (L315-L320)
Otherwise, it will try to find the user setting
SECRET_KEY
first, and if user is not providing the value, it will use the default string!#@FDEWREWR&*(
, which is not safe and should be random generated.ced50e0ec1/modules/setting/setting.go (L813)
ping @sapk and @lunny , could you tell me why the default value for the
SECRET_KEY
is a static value, instead of a randomly generated key?I read the issue https://github.com/go-gitea/gitea/pull/455 , I'm still not clear. I think the
SECRET_KEY
should always be generated if the value is not provided by the user, the static default string should be avoided in this case.@twang2218 It should be.