Verified Commit da6b3400 authored by Eliot Berriot's avatar Eliot Berriot
Browse files

Better permissions on .env file, added a few missing env vars in mono-container install

parent 28a5c918
Pipeline #3831 passed with stages
in 5 minutes and 56 seconds
...@@ -199,6 +199,7 @@ Download the sample environment file: ...@@ -199,6 +199,7 @@ Download the sample environment file:
cp /srv/funkwhale/deploy/env.prod.sample /srv/funkwhale/config/.env cp /srv/funkwhale/deploy/env.prod.sample /srv/funkwhale/config/.env
Generate a secret key for Django:: Generate a secret key for Django::
openssl rand -base64 45 openssl rand -base64 45
...@@ -208,7 +209,8 @@ configuration options are mentioned at the top of the file. ...@@ -208,7 +209,8 @@ configuration options are mentioned at the top of the file.
.. code-block:: shell .. code-block:: shell
nano /srv/funkwhale/api/.env chmod 600 /srv/funkwhale/config/.env # reduce permissions on the .env file since it contains sensitive data
nano /srv/funkwhale/config/.env
Paste the secret key you generated earlier at the entry Paste the secret key you generated earlier at the entry
``DJANGO_SECRET_KEY`` and populate the ``DATABASE_URL`` ``DJANGO_SECRET_KEY`` and populate the ``DATABASE_URL``
......
...@@ -52,10 +52,15 @@ Create an env file to store a few important configuration options: ...@@ -52,10 +52,15 @@ Create an env file to store a few important configuration options:
touch .env touch .env
echo "FUNKWHALE_HOSTNAME=yourdomain.funkwhale" >> .env echo "FUNKWHALE_HOSTNAME=yourdomain.funkwhale" >> .env
echo "FUNKWHALE_PROTOCOL=https" >> .env # or http echo "FUNKWHALE_PROTOCOL=https" >> .env # or http
echo "NGINX_MAX_BODY_SIZE=100M" >> .env
echo "FUNKWHALE_API_IP=127.0.0.1" >> .env
echo "FUNKWHALE_API_PORT=5000" >> .env # or the container port you want to expose on the host
echo "DJANGO_SECRET_KEY=$(openssl rand -hex 45)" >> .env # generate and store a secure secret key for your instance echo "DJANGO_SECRET_KEY=$(openssl rand -hex 45)" >> .env # generate and store a secure secret key for your instance
# Remove this if you expose the container directly on ports 80/443 # Remove this if you expose the container directly on ports 80/443
echo "NESTED_PROXY=1" >> .env echo "NESTED_PROXY=1" >> .env
chmod 600 .env # reduce permissions on the .env file since it contains sensitive data
Then start the container: Then start the container:
.. code-block:: shell .. code-block:: shell
...@@ -179,8 +184,10 @@ Create your env file: ...@@ -179,8 +184,10 @@ Create your env file:
curl -L -o .env "https://dev.funkwhale.audio/funkwhale/funkwhale/raw/|version|/deploy/env.prod.sample" curl -L -o .env "https://dev.funkwhale.audio/funkwhale/funkwhale/raw/|version|/deploy/env.prod.sample"
sed -i "s/FUNKWHALE_VERSION=latest/FUNKWHALE_VERSION=$FUNKWHALE_VERSION/" .env sed -i "s/FUNKWHALE_VERSION=latest/FUNKWHALE_VERSION=$FUNKWHALE_VERSION/" .env
chmod 600 .env # reduce permissions on the .env file since it contains sensitive data
sudo nano .env sudo nano .env
Ensure to edit it to match your needs (this file is heavily commented), in particular ``DJANGO_SECRET_KEY`` and ``FUNKWHALE_HOSTNAME``. Ensure to edit it to match your needs (this file is heavily commented), in particular ``DJANGO_SECRET_KEY`` and ``FUNKWHALE_HOSTNAME``.
You should take a look at the `configuration reference <https://docs.funkwhale.audio/configuration.html#configuration-reference>`_ for more detailed information regarding each setting. You should take a look at the `configuration reference <https://docs.funkwhale.audio/configuration.html#configuration-reference>`_ for more detailed information regarding each setting.
......
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment