added default admin password

This commit is contained in:
Gamosoft 2025-11-14 18:08:51 +01:00
parent a4edecec13
commit b5acfd67ce
3 changed files with 49 additions and 6 deletions

View File

@ -84,6 +84,8 @@ Use the pre-built image directly from GHCR - no building required!
> # Now you have everything - run docker-compose below
> ```
> **🔐 Security Note**: Authentication is **enabled by default** with password `admin`. For testing/local use, this is fine. If exposing to a network, **change the password immediately** - see [AUTHENTICATION.md](data/notes/AUTHENTICATION.md) for instructions.
**Option 1: Docker Compose (Recommended)**
> 💡 **Multi-Architecture Support**: Docker images are available for both `x86_64` and `ARM64` (Raspberry Pi, Apple Silicon, etc.)
@ -224,9 +226,11 @@ NoteDiscovery is designed for **self-hosted, private use**. Please keep these se
- By default, the app listens on `0.0.0.0:8000` (all network interfaces)
### Authentication
- **Optional password protection** is available (disabled by default)
- See **AUTHENTICATION.md** for setup instructions
- Simple to enable with Docker: `docker-compose exec notediscovery /app/generate_password_hash.sh`
- **Password protection is ENABLED by default** with password: `admin`
- ⚠️ **CHANGE THE DEFAULT PASSWORD IMMEDIATELY** if exposing to a network!
- See **[AUTHENTICATION.md](data/notes/AUTHENTICATION.md)** for complete setup instructions
- To disable auth, set `security.enabled: false` in `config.yaml`
- Change password with Docker: `docker-compose exec notediscovery /app/generate_password_hash.sh`
- Perfect for single-user or small team deployments
- For multi-user setups, consider a reverse proxy with OAuth/SSO

View File

@ -29,14 +29,20 @@ security:
secret_key: "change_this_to_a_random_secret_key_in_production"
# Password hash - Generate with: python generate_password.py
# ⚠️ WARNING: The default hash below corresponds to password "admin"
# ⚠️ CHANGE THIS IMMEDIATELY in production!
#
# INSTRUCTIONS:
# 1. Run: pip install bcrypt
# 2. Run: python generate_password.py
# 3. Enter your desired password
# 4. Copy the generated hash below
# 5. Set enabled: true above
# 5. ALSO change secret_key above
# 6. Restart the application
password_hash: "$2b$12$t/6PGExFzdpU2PUta0iVY.eDQwvu63kH.c/d4bEnnHaQ5CspH1yrG"
#
# Docker users can generate a hash with:
# docker-compose exec notediscovery /app/generate_password_hash.sh
password_hash: "$2b$12$t/6PGExFzdpU2PUta0iVY.eDQwvu63kH.c/d4bEnnHaQ5CspH1yrG" # Default: "admin"
# Session expiry in seconds (default: 7 days)
session_max_age: 604800

View File

@ -1,5 +1,15 @@
# 🔒 NoteDiscovery Authentication Guide
## ⚠️ **IMPORTANT: Default Password Warning**
> **The default `config.yaml` includes authentication enabled with password: `admin`**
>
> 🔴 **CHANGE THIS IMMEDIATELY if you're exposing NoteDiscovery to a network!**
>
> The default configuration is provided for **quick testing only**. Follow the setup guide below to set your own secure password and secret key.
---
## Overview
NoteDiscovery includes a simple, secure authentication system for single-user deployments. When enabled, users must log in with a password before accessing the application.
@ -16,7 +26,30 @@ NoteDiscovery includes a simple, secure authentication system for single-user de
## 🚀 Quick Setup
**⚠️ IMPORTANT:** Authentication is **disabled by default**. Follow these steps to enable it:
**Default Configuration:**
- Authentication is **enabled by default**
- Default password is `admin`
- Default secret key is insecure
**⚠️ IMPORTANT:** For production or network-exposed deployments, **change both the password and secret key immediately**. Follow these steps:
---
### 🧪 **Quick Test (Use Default Password)**
For **local testing only**, you can use the default configuration:
1. Start NoteDiscovery (Docker or locally)
2. Navigate to `http://localhost:8000`
3. Log in with password: `admin`
**⚠️ Only use this for local testing on your own machine!**
---
### 🔒 **Production Setup (Change Password & Secret Key)**
For any deployment exposed to a network, follow these steps:
### Step 1: Generate a Password Hash