changed script
This commit is contained in:
parent
b5acfd67ce
commit
67fc313673
|
|
@ -27,11 +27,10 @@ COPY frontend ./frontend
|
||||||
COPY config.yaml .
|
COPY config.yaml .
|
||||||
COPY plugins ./plugins
|
COPY plugins ./plugins
|
||||||
COPY themes ./themes
|
COPY themes ./themes
|
||||||
COPY generate_password_hash.sh .
|
COPY generate_password.py .
|
||||||
|
|
||||||
# Create data directories and make password script executable
|
# Create data directories
|
||||||
RUN mkdir -p data/notes data/search_index && \
|
RUN mkdir -p data/notes data/search_index
|
||||||
chmod +x generate_password_hash.sh
|
|
||||||
|
|
||||||
# Expose port
|
# Expose port
|
||||||
EXPOSE 8000
|
EXPOSE 8000
|
||||||
|
|
|
||||||
|
|
@ -230,7 +230,7 @@ NoteDiscovery is designed for **self-hosted, private use**. Please keep these se
|
||||||
- ⚠️ **CHANGE THE DEFAULT PASSWORD IMMEDIATELY** if exposing to a network!
|
- ⚠️ **CHANGE THE DEFAULT PASSWORD IMMEDIATELY** if exposing to a network!
|
||||||
- See **[AUTHENTICATION.md](data/notes/AUTHENTICATION.md)** for complete setup instructions
|
- See **[AUTHENTICATION.md](data/notes/AUTHENTICATION.md)** for complete setup instructions
|
||||||
- To disable auth, set `security.enabled: false` in `config.yaml`
|
- To disable auth, set `security.enabled: false` in `config.yaml`
|
||||||
- Change password with Docker: `docker-compose exec notediscovery /app/generate_password_hash.sh`
|
- Change password with Docker: `docker-compose exec notediscovery python generate_password.py`
|
||||||
- Perfect for single-user or small team deployments
|
- Perfect for single-user or small team deployments
|
||||||
- For multi-user setups, consider a reverse proxy with OAuth/SSO
|
- For multi-user setups, consider a reverse proxy with OAuth/SSO
|
||||||
|
|
||||||
|
|
|
||||||
10
config.yaml
10
config.yaml
|
|
@ -32,7 +32,7 @@ security:
|
||||||
# ⚠️ WARNING: The default hash below corresponds to password "admin"
|
# ⚠️ WARNING: The default hash below corresponds to password "admin"
|
||||||
# ⚠️ CHANGE THIS IMMEDIATELY in production!
|
# ⚠️ CHANGE THIS IMMEDIATELY in production!
|
||||||
#
|
#
|
||||||
# INSTRUCTIONS:
|
# INSTRUCTIONS (Local):
|
||||||
# 1. Run: pip install bcrypt
|
# 1. Run: pip install bcrypt
|
||||||
# 2. Run: python generate_password.py
|
# 2. Run: python generate_password.py
|
||||||
# 3. Enter your desired password
|
# 3. Enter your desired password
|
||||||
|
|
@ -40,8 +40,12 @@ security:
|
||||||
# 5. ALSO change secret_key above
|
# 5. ALSO change secret_key above
|
||||||
# 6. Restart the application
|
# 6. Restart the application
|
||||||
#
|
#
|
||||||
# Docker users can generate a hash with:
|
# INSTRUCTIONS (Docker):
|
||||||
# docker-compose exec notediscovery /app/generate_password_hash.sh
|
# 1. Run: docker-compose exec notediscovery python generate_password.py
|
||||||
|
# 2. Enter your desired password
|
||||||
|
# 3. Copy the generated hash below
|
||||||
|
# 4. ALSO change secret_key above
|
||||||
|
# 5. Restart: docker-compose restart
|
||||||
password_hash: "$2b$12$t/6PGExFzdpU2PUta0iVY.eDQwvu63kH.c/d4bEnnHaQ5CspH1yrG" # Default: "admin"
|
password_hash: "$2b$12$t/6PGExFzdpU2PUta0iVY.eDQwvu63kH.c/d4bEnnHaQ5CspH1yrG" # Default: "admin"
|
||||||
|
|
||||||
# Session expiry in seconds (default: 7 days)
|
# Session expiry in seconds (default: 7 days)
|
||||||
|
|
|
||||||
|
|
@ -53,25 +53,19 @@ For any deployment exposed to a network, follow these steps:
|
||||||
|
|
||||||
### Step 1: Generate a Password Hash
|
### Step 1: Generate a Password Hash
|
||||||
|
|
||||||
Choose one of these methods:
|
Choose your environment:
|
||||||
|
|
||||||
**Option A: Using Docker (Recommended - No local Python needed)**
|
**Docker Users:**
|
||||||
|
|
||||||
If you're running NoteDiscovery in Docker:
|
|
||||||
|
|
||||||
```bash
|
```bash
|
||||||
# Docker Compose
|
# Docker Compose
|
||||||
docker-compose exec notediscovery /app/generate_password_hash.sh
|
docker-compose exec notediscovery python generate_password.py
|
||||||
|
|
||||||
# Or with docker run
|
# Or with docker run
|
||||||
docker exec -it notediscovery /app/generate_password_hash.sh
|
docker exec -it notediscovery python generate_password.py
|
||||||
```
|
```
|
||||||
|
|
||||||
The script will prompt you for your password and output the hash.
|
**Local Users:**
|
||||||
|
|
||||||
**Option B: Using Local Python**
|
|
||||||
|
|
||||||
If you're running NoteDiscovery locally:
|
|
||||||
|
|
||||||
```bash
|
```bash
|
||||||
# Install bcrypt if not already installed
|
# Install bcrypt if not already installed
|
||||||
|
|
@ -81,15 +75,19 @@ pip install bcrypt
|
||||||
python generate_password.py
|
python generate_password.py
|
||||||
```
|
```
|
||||||
|
|
||||||
Enter your desired password when prompted. The script will output a bcrypt hash.
|
The script will:
|
||||||
|
1. Prompt you for your password (input is hidden)
|
||||||
|
2. Ask you to confirm it
|
||||||
|
3. Generate a bcrypt hash
|
||||||
|
4. Display the hash with instructions
|
||||||
|
|
||||||
**Copy the hash** - you'll need it for the next step.
|
**Copy the hash** - you'll need it for Step 3.
|
||||||
|
|
||||||
### Step 2: Generate a Secret Key
|
### Step 2: Generate a Secret Key
|
||||||
|
|
||||||
Generate a random secret key for session encryption:
|
Generate a random secret key for session encryption:
|
||||||
|
|
||||||
**Using Docker:**
|
**Docker Users:**
|
||||||
```bash
|
```bash
|
||||||
docker-compose exec notediscovery python -c "import secrets; print(secrets.token_hex(32))"
|
docker-compose exec notediscovery python -c "import secrets; print(secrets.token_hex(32))"
|
||||||
|
|
||||||
|
|
@ -97,12 +95,12 @@ docker-compose exec notediscovery python -c "import secrets; print(secrets.token
|
||||||
docker exec -it notediscovery python -c "import secrets; print(secrets.token_hex(32))"
|
docker exec -it notediscovery python -c "import secrets; print(secrets.token_hex(32))"
|
||||||
```
|
```
|
||||||
|
|
||||||
**Using Local Python:**
|
**Local Users:**
|
||||||
```bash
|
```bash
|
||||||
python -c "import secrets; print(secrets.token_hex(32))"
|
python -c "import secrets; print(secrets.token_hex(32))"
|
||||||
```
|
```
|
||||||
|
|
||||||
**Copy the key** - you'll need it for the next step.
|
**Copy the key** - you'll need it for Step 3.
|
||||||
|
|
||||||
### Step 3: Update `config.yaml`
|
### Step 3: Update `config.yaml`
|
||||||
|
|
||||||
|
|
@ -113,10 +111,10 @@ security:
|
||||||
# Enable authentication
|
# Enable authentication
|
||||||
enabled: true
|
enabled: true
|
||||||
|
|
||||||
# Session secret key (paste the output from Step 3)
|
# Session secret key (paste the output from Step 2)
|
||||||
secret_key: "your_generated_secret_key_here"
|
secret_key: "your_generated_secret_key_here"
|
||||||
|
|
||||||
# Password hash (paste the output from Step 2)
|
# Password hash (paste the output from Step 1)
|
||||||
password_hash: "$2b$12$..."
|
password_hash: "$2b$12$..."
|
||||||
|
|
||||||
# Session expiry in seconds (7 days by default)
|
# Session expiry in seconds (7 days by default)
|
||||||
|
|
@ -178,7 +176,7 @@ Visit `http://localhost:8000/logout` in your browser.
|
||||||
### Changing Password
|
### Changing Password
|
||||||
|
|
||||||
1. Generate a new password hash:
|
1. Generate a new password hash:
|
||||||
- **Docker**: `docker-compose exec notediscovery /app/generate_password_hash.sh`
|
- **Docker**: `docker-compose exec notediscovery python generate_password.py`
|
||||||
- **Local**: `python generate_password.py`
|
- **Local**: `python generate_password.py`
|
||||||
2. Update `password_hash` in `config.yaml` with the new hash
|
2. Update `password_hash` in `config.yaml` with the new hash
|
||||||
3. Restart the application:
|
3. Restart the application:
|
||||||
|
|
|
||||||
|
|
@ -1,59 +0,0 @@
|
||||||
#!/bin/bash
|
|
||||||
# Generate password hash inside Docker container
|
|
||||||
# Usage: docker exec -it notediscovery /app/generate_password_hash.sh
|
|
||||||
|
|
||||||
echo "=========================================="
|
|
||||||
echo " NoteDiscovery Password Hash Generator"
|
|
||||||
echo "=========================================="
|
|
||||||
echo ""
|
|
||||||
echo "This will generate a bcrypt hash for your password."
|
|
||||||
echo ""
|
|
||||||
|
|
||||||
# Prompt for password
|
|
||||||
read -s -p "Enter your password: " PASSWORD
|
|
||||||
echo ""
|
|
||||||
read -s -p "Confirm password: " PASSWORD2
|
|
||||||
echo ""
|
|
||||||
|
|
||||||
# Check if passwords match
|
|
||||||
if [ "$PASSWORD" != "$PASSWORD2" ]; then
|
|
||||||
echo ""
|
|
||||||
echo "❌ Passwords do not match!"
|
|
||||||
exit 1
|
|
||||||
fi
|
|
||||||
|
|
||||||
# Check if password is empty
|
|
||||||
if [ -z "$PASSWORD" ]; then
|
|
||||||
echo ""
|
|
||||||
echo "❌ Password cannot be empty!"
|
|
||||||
exit 1
|
|
||||||
fi
|
|
||||||
|
|
||||||
echo ""
|
|
||||||
echo "Generating hash..."
|
|
||||||
echo ""
|
|
||||||
|
|
||||||
# Generate hash using Python
|
|
||||||
HASH=$(python3 -c "import bcrypt; print(bcrypt.hashpw(b'$PASSWORD', bcrypt.gensalt()).decode())")
|
|
||||||
|
|
||||||
if [ $? -eq 0 ]; then
|
|
||||||
echo "=========================================="
|
|
||||||
echo " ✅ Password hash generated!"
|
|
||||||
echo "=========================================="
|
|
||||||
echo ""
|
|
||||||
echo "Copy this hash to your config.yaml:"
|
|
||||||
echo ""
|
|
||||||
echo "password_hash: \"$HASH\""
|
|
||||||
echo ""
|
|
||||||
echo "=========================================="
|
|
||||||
echo ""
|
|
||||||
echo "Next steps:"
|
|
||||||
echo "1. Update config.yaml with the hash above"
|
|
||||||
echo "2. Set enabled: true in the security section"
|
|
||||||
echo "3. Restart the container: docker-compose restart"
|
|
||||||
echo "=========================================="
|
|
||||||
else
|
|
||||||
echo "❌ Failed to generate hash"
|
|
||||||
exit 1
|
|
||||||
fi
|
|
||||||
|
|
||||||
Loading…
Reference in New Issue