changed script
This commit is contained in:
parent
b5acfd67ce
commit
67fc313673
|
|
@ -27,11 +27,10 @@ COPY frontend ./frontend
|
|||
COPY config.yaml .
|
||||
COPY plugins ./plugins
|
||||
COPY themes ./themes
|
||||
COPY generate_password_hash.sh .
|
||||
COPY generate_password.py .
|
||||
|
||||
# Create data directories and make password script executable
|
||||
RUN mkdir -p data/notes data/search_index && \
|
||||
chmod +x generate_password_hash.sh
|
||||
# Create data directories
|
||||
RUN mkdir -p data/notes data/search_index
|
||||
|
||||
# Expose port
|
||||
EXPOSE 8000
|
||||
|
|
|
|||
|
|
@ -230,7 +230,7 @@ NoteDiscovery is designed for **self-hosted, private use**. Please keep these se
|
|||
- ⚠️ **CHANGE THE DEFAULT PASSWORD IMMEDIATELY** if exposing to a network!
|
||||
- See **[AUTHENTICATION.md](data/notes/AUTHENTICATION.md)** for complete setup instructions
|
||||
- To disable auth, set `security.enabled: false` in `config.yaml`
|
||||
- Change password with Docker: `docker-compose exec notediscovery /app/generate_password_hash.sh`
|
||||
- Change password with Docker: `docker-compose exec notediscovery python generate_password.py`
|
||||
- Perfect for single-user or small team deployments
|
||||
- For multi-user setups, consider a reverse proxy with OAuth/SSO
|
||||
|
||||
|
|
|
|||
10
config.yaml
10
config.yaml
|
|
@ -32,7 +32,7 @@ security:
|
|||
# ⚠️ WARNING: The default hash below corresponds to password "admin"
|
||||
# ⚠️ CHANGE THIS IMMEDIATELY in production!
|
||||
#
|
||||
# INSTRUCTIONS:
|
||||
# INSTRUCTIONS (Local):
|
||||
# 1. Run: pip install bcrypt
|
||||
# 2. Run: python generate_password.py
|
||||
# 3. Enter your desired password
|
||||
|
|
@ -40,8 +40,12 @@ security:
|
|||
# 5. ALSO change secret_key above
|
||||
# 6. Restart the application
|
||||
#
|
||||
# Docker users can generate a hash with:
|
||||
# docker-compose exec notediscovery /app/generate_password_hash.sh
|
||||
# INSTRUCTIONS (Docker):
|
||||
# 1. Run: docker-compose exec notediscovery python generate_password.py
|
||||
# 2. Enter your desired password
|
||||
# 3. Copy the generated hash below
|
||||
# 4. ALSO change secret_key above
|
||||
# 5. Restart: docker-compose restart
|
||||
password_hash: "$2b$12$t/6PGExFzdpU2PUta0iVY.eDQwvu63kH.c/d4bEnnHaQ5CspH1yrG" # Default: "admin"
|
||||
|
||||
# Session expiry in seconds (default: 7 days)
|
||||
|
|
|
|||
|
|
@ -53,25 +53,19 @@ For any deployment exposed to a network, follow these steps:
|
|||
|
||||
### Step 1: Generate a Password Hash
|
||||
|
||||
Choose one of these methods:
|
||||
Choose your environment:
|
||||
|
||||
**Option A: Using Docker (Recommended - No local Python needed)**
|
||||
|
||||
If you're running NoteDiscovery in Docker:
|
||||
**Docker Users:**
|
||||
|
||||
```bash
|
||||
# Docker Compose
|
||||
docker-compose exec notediscovery /app/generate_password_hash.sh
|
||||
docker-compose exec notediscovery python generate_password.py
|
||||
|
||||
# Or with docker run
|
||||
docker exec -it notediscovery /app/generate_password_hash.sh
|
||||
docker exec -it notediscovery python generate_password.py
|
||||
```
|
||||
|
||||
The script will prompt you for your password and output the hash.
|
||||
|
||||
**Option B: Using Local Python**
|
||||
|
||||
If you're running NoteDiscovery locally:
|
||||
**Local Users:**
|
||||
|
||||
```bash
|
||||
# Install bcrypt if not already installed
|
||||
|
|
@ -81,15 +75,19 @@ pip install bcrypt
|
|||
python generate_password.py
|
||||
```
|
||||
|
||||
Enter your desired password when prompted. The script will output a bcrypt hash.
|
||||
The script will:
|
||||
1. Prompt you for your password (input is hidden)
|
||||
2. Ask you to confirm it
|
||||
3. Generate a bcrypt hash
|
||||
4. Display the hash with instructions
|
||||
|
||||
**Copy the hash** - you'll need it for the next step.
|
||||
**Copy the hash** - you'll need it for Step 3.
|
||||
|
||||
### Step 2: Generate a Secret Key
|
||||
|
||||
Generate a random secret key for session encryption:
|
||||
|
||||
**Using Docker:**
|
||||
**Docker Users:**
|
||||
```bash
|
||||
docker-compose exec notediscovery python -c "import secrets; print(secrets.token_hex(32))"
|
||||
|
||||
|
|
@ -97,12 +95,12 @@ docker-compose exec notediscovery python -c "import secrets; print(secrets.token
|
|||
docker exec -it notediscovery python -c "import secrets; print(secrets.token_hex(32))"
|
||||
```
|
||||
|
||||
**Using Local Python:**
|
||||
**Local Users:**
|
||||
```bash
|
||||
python -c "import secrets; print(secrets.token_hex(32))"
|
||||
```
|
||||
|
||||
**Copy the key** - you'll need it for the next step.
|
||||
**Copy the key** - you'll need it for Step 3.
|
||||
|
||||
### Step 3: Update `config.yaml`
|
||||
|
||||
|
|
@ -113,10 +111,10 @@ security:
|
|||
# Enable authentication
|
||||
enabled: true
|
||||
|
||||
# Session secret key (paste the output from Step 3)
|
||||
# Session secret key (paste the output from Step 2)
|
||||
secret_key: "your_generated_secret_key_here"
|
||||
|
||||
# Password hash (paste the output from Step 2)
|
||||
# Password hash (paste the output from Step 1)
|
||||
password_hash: "$2b$12$..."
|
||||
|
||||
# Session expiry in seconds (7 days by default)
|
||||
|
|
@ -178,7 +176,7 @@ Visit `http://localhost:8000/logout` in your browser.
|
|||
### Changing Password
|
||||
|
||||
1. Generate a new password hash:
|
||||
- **Docker**: `docker-compose exec notediscovery /app/generate_password_hash.sh`
|
||||
- **Docker**: `docker-compose exec notediscovery python generate_password.py`
|
||||
- **Local**: `python generate_password.py`
|
||||
2. Update `password_hash` in `config.yaml` with the new hash
|
||||
3. Restart the application:
|
||||
|
|
|
|||
|
|
@ -1,59 +0,0 @@
|
|||
#!/bin/bash
|
||||
# Generate password hash inside Docker container
|
||||
# Usage: docker exec -it notediscovery /app/generate_password_hash.sh
|
||||
|
||||
echo "=========================================="
|
||||
echo " NoteDiscovery Password Hash Generator"
|
||||
echo "=========================================="
|
||||
echo ""
|
||||
echo "This will generate a bcrypt hash for your password."
|
||||
echo ""
|
||||
|
||||
# Prompt for password
|
||||
read -s -p "Enter your password: " PASSWORD
|
||||
echo ""
|
||||
read -s -p "Confirm password: " PASSWORD2
|
||||
echo ""
|
||||
|
||||
# Check if passwords match
|
||||
if [ "$PASSWORD" != "$PASSWORD2" ]; then
|
||||
echo ""
|
||||
echo "❌ Passwords do not match!"
|
||||
exit 1
|
||||
fi
|
||||
|
||||
# Check if password is empty
|
||||
if [ -z "$PASSWORD" ]; then
|
||||
echo ""
|
||||
echo "❌ Password cannot be empty!"
|
||||
exit 1
|
||||
fi
|
||||
|
||||
echo ""
|
||||
echo "Generating hash..."
|
||||
echo ""
|
||||
|
||||
# Generate hash using Python
|
||||
HASH=$(python3 -c "import bcrypt; print(bcrypt.hashpw(b'$PASSWORD', bcrypt.gensalt()).decode())")
|
||||
|
||||
if [ $? -eq 0 ]; then
|
||||
echo "=========================================="
|
||||
echo " ✅ Password hash generated!"
|
||||
echo "=========================================="
|
||||
echo ""
|
||||
echo "Copy this hash to your config.yaml:"
|
||||
echo ""
|
||||
echo "password_hash: \"$HASH\""
|
||||
echo ""
|
||||
echo "=========================================="
|
||||
echo ""
|
||||
echo "Next steps:"
|
||||
echo "1. Update config.yaml with the hash above"
|
||||
echo "2. Set enabled: true in the security section"
|
||||
echo "3. Restart the container: docker-compose restart"
|
||||
echo "=========================================="
|
||||
else
|
||||
echo "❌ Failed to generate hash"
|
||||
exit 1
|
||||
fi
|
||||
|
||||
Loading…
Reference in New Issue