Merge pull request #1154 from lohanidamodar/feat-auto-generate-secret-keys
feat-auto-generate-secret-keys
This commit is contained in:
commit
cb97b8cc6a
|
@ -14,6 +14,7 @@ return [
|
|||
'default' => 'production',
|
||||
'required' => false,
|
||||
'question' => '',
|
||||
'filter' => ''
|
||||
],
|
||||
[
|
||||
'name' => '_APP_LOCALE',
|
||||
|
@ -22,6 +23,7 @@ return [
|
|||
'default' => 'en',
|
||||
'required' => false,
|
||||
'question' => '',
|
||||
'filter' => ''
|
||||
],
|
||||
[
|
||||
'name' => '_APP_OPTIONS_ABUSE',
|
||||
|
@ -30,6 +32,7 @@ return [
|
|||
'default' => 'enabled',
|
||||
'required' => false,
|
||||
'question' => '',
|
||||
'filter' => ''
|
||||
],
|
||||
[
|
||||
'name' => '_APP_OPTIONS_FORCE_HTTPS',
|
||||
|
@ -38,6 +41,7 @@ return [
|
|||
'default' => 'disabled',
|
||||
'required' => false,
|
||||
'question' => '',
|
||||
'filter' => ''
|
||||
],
|
||||
[
|
||||
'name' => '_APP_OPENSSL_KEY_V1',
|
||||
|
@ -46,6 +50,7 @@ return [
|
|||
'default' => 'your-secret-key',
|
||||
'required' => true,
|
||||
'question' => 'Choose a secret API key, make sure to make a backup of your key in a secure location',
|
||||
'filter' => 'token'
|
||||
],
|
||||
[
|
||||
'name' => '_APP_DOMAIN',
|
||||
|
@ -54,6 +59,7 @@ return [
|
|||
'default' => 'localhost',
|
||||
'required' => true,
|
||||
'question' => 'Enter your Appwrite hostname',
|
||||
'filter' => ''
|
||||
],
|
||||
[
|
||||
'name' => '_APP_DOMAIN_TARGET',
|
||||
|
@ -62,6 +68,7 @@ return [
|
|||
'default' => 'localhost',
|
||||
'required' => true,
|
||||
'question' => 'Enter a DNS A record hostname to serve as a CNAME for your custom domains.\nYou can use the same value as used for the Appwrite hostname.',
|
||||
'filter' => ''
|
||||
],
|
||||
[
|
||||
'name' => '_APP_CONSOLE_WHITELIST_ROOT',
|
||||
|
@ -70,6 +77,7 @@ return [
|
|||
'default' => 'enabled',
|
||||
'required' => false,
|
||||
'question' => '',
|
||||
'filter' => ''
|
||||
],
|
||||
[
|
||||
'name' => '_APP_CONSOLE_WHITELIST_EMAILS',
|
||||
|
@ -78,6 +86,7 @@ return [
|
|||
'default' => '',
|
||||
'required' => false,
|
||||
'question' => '',
|
||||
'filter' => ''
|
||||
],
|
||||
// [
|
||||
// 'name' => '_APP_CONSOLE_WHITELIST_DOMAINS',
|
||||
|
@ -94,6 +103,7 @@ return [
|
|||
'default' => '',
|
||||
'required' => false,
|
||||
'question' => '',
|
||||
'filter' => ''
|
||||
],
|
||||
[
|
||||
'name' => '_APP_SYSTEM_EMAIL_NAME',
|
||||
|
@ -102,6 +112,7 @@ return [
|
|||
'default' => 'Appwrite',
|
||||
'required' => false,
|
||||
'question' => '',
|
||||
'filter' => ''
|
||||
],
|
||||
[
|
||||
'name' => '_APP_SYSTEM_EMAIL_ADDRESS',
|
||||
|
@ -110,6 +121,7 @@ return [
|
|||
'default' => 'team@appwrite.io',
|
||||
'required' => false,
|
||||
'question' => '',
|
||||
'filter' => ''
|
||||
],
|
||||
[
|
||||
'name' => '_APP_SYSTEM_RESPONSE_FORMAT',
|
||||
|
@ -118,6 +130,7 @@ return [
|
|||
'default' => '',
|
||||
'required' => false,
|
||||
'question' => '',
|
||||
'filter' => ''
|
||||
],
|
||||
[
|
||||
'name' => '_APP_SYSTEM_SECURITY_EMAIL_ADDRESS',
|
||||
|
@ -126,6 +139,7 @@ return [
|
|||
'default' => 'certs@appwrite.io',
|
||||
'required' => false,
|
||||
'question' => '',
|
||||
'filter' => ''
|
||||
],
|
||||
[
|
||||
'name' => '_APP_USAGE_STATS',
|
||||
|
@ -134,6 +148,7 @@ return [
|
|||
'default' => 'enabled',
|
||||
'required' => false,
|
||||
'question' => '',
|
||||
'filter' => ''
|
||||
]
|
||||
],
|
||||
],
|
||||
|
@ -148,6 +163,7 @@ return [
|
|||
'default' => 'redis',
|
||||
'required' => false,
|
||||
'question' => '',
|
||||
'filter' => ''
|
||||
],
|
||||
[
|
||||
'name' => '_APP_REDIS_PORT',
|
||||
|
@ -156,6 +172,7 @@ return [
|
|||
'default' => '6379',
|
||||
'required' => false,
|
||||
'question' => '',
|
||||
'filter' => ''
|
||||
],
|
||||
[
|
||||
'name' => '_APP_REDIS_USER',
|
||||
|
@ -164,6 +181,7 @@ return [
|
|||
'default' => '',
|
||||
'required' => false,
|
||||
'question' => '',
|
||||
'filter' => ''
|
||||
],
|
||||
[
|
||||
'name' => '_APP_REDIS_PASS',
|
||||
|
@ -172,6 +190,7 @@ return [
|
|||
'default' => '',
|
||||
'required' => false,
|
||||
'question' => '',
|
||||
'filter' => ''
|
||||
],
|
||||
],
|
||||
],
|
||||
|
@ -186,6 +205,7 @@ return [
|
|||
'default' => 'mariadb',
|
||||
'required' => false,
|
||||
'question' => '',
|
||||
'filter' => ''
|
||||
],
|
||||
[
|
||||
'name' => '_APP_DB_PORT',
|
||||
|
@ -194,6 +214,7 @@ return [
|
|||
'default' => '3306',
|
||||
'required' => false,
|
||||
'question' => '',
|
||||
'filter' => ''
|
||||
],
|
||||
[
|
||||
'name' => '_APP_DB_SCHEMA',
|
||||
|
@ -202,6 +223,7 @@ return [
|
|||
'default' => 'appwrite',
|
||||
'required' => false,
|
||||
'question' => '',
|
||||
'filter' => ''
|
||||
],
|
||||
[
|
||||
'name' => '_APP_DB_USER',
|
||||
|
@ -210,6 +232,7 @@ return [
|
|||
'default' => 'user',
|
||||
'required' => false,
|
||||
'question' => '',
|
||||
'filter' => ''
|
||||
],
|
||||
[
|
||||
'name' => '_APP_DB_PASS',
|
||||
|
@ -218,6 +241,16 @@ return [
|
|||
'default' => 'password',
|
||||
'required' => false,
|
||||
'question' => '',
|
||||
'filter' => 'password'
|
||||
],
|
||||
[
|
||||
'name' => '_APP_DB_ROOT_PASS',
|
||||
'description' => 'MariaDB server root password. Default value is: \'rootsecretpassword\'.',
|
||||
'introduction' => '',
|
||||
'default' => 'rootsecretpassword',
|
||||
'required' => false,
|
||||
'question' => '',
|
||||
'filter' => 'password'
|
||||
],
|
||||
],
|
||||
],
|
||||
|
@ -232,6 +265,7 @@ return [
|
|||
'default' => 'influxdb',
|
||||
'required' => false,
|
||||
'question' => '',
|
||||
'filter' => ''
|
||||
],
|
||||
[
|
||||
'name' => '_APP_INFLUXDB_PORT',
|
||||
|
@ -240,6 +274,7 @@ return [
|
|||
'default' => '8086',
|
||||
'required' => false,
|
||||
'question' => '',
|
||||
'filter' => ''
|
||||
],
|
||||
],
|
||||
],
|
||||
|
@ -254,6 +289,7 @@ return [
|
|||
'default' => 'telegraf',
|
||||
'required' => false,
|
||||
'question' => '',
|
||||
'filter' => ''
|
||||
],
|
||||
[
|
||||
'name' => '_APP_STATSD_PORT',
|
||||
|
@ -262,6 +298,7 @@ return [
|
|||
'default' => '8125',
|
||||
'required' => false,
|
||||
'question' => '',
|
||||
'filter' => ''
|
||||
],
|
||||
],
|
||||
],
|
||||
|
@ -276,6 +313,7 @@ return [
|
|||
'default' => '',
|
||||
'required' => false,
|
||||
'question' => '',
|
||||
'filter' => ''
|
||||
],
|
||||
[
|
||||
'name' => '_APP_SMTP_PORT',
|
||||
|
@ -284,6 +322,7 @@ return [
|
|||
'default' => '',
|
||||
'required' => false,
|
||||
'question' => '',
|
||||
'filter' => ''
|
||||
],
|
||||
[
|
||||
'name' => '_APP_SMTP_SECURE',
|
||||
|
@ -292,6 +331,7 @@ return [
|
|||
'default' => '',
|
||||
'required' => false,
|
||||
'question' => '',
|
||||
'filter' => ''
|
||||
],
|
||||
[
|
||||
'name' => '_APP_SMTP_USERNAME',
|
||||
|
@ -300,6 +340,7 @@ return [
|
|||
'default' => '',
|
||||
'required' => false,
|
||||
'question' => '',
|
||||
'filter' => ''
|
||||
],
|
||||
[
|
||||
'name' => '_APP_SMTP_PASSWORD',
|
||||
|
@ -308,6 +349,7 @@ return [
|
|||
'default' => '',
|
||||
'required' => false,
|
||||
'question' => '',
|
||||
'filter' => ''
|
||||
],
|
||||
],
|
||||
],
|
||||
|
@ -322,6 +364,7 @@ return [
|
|||
'default' => '10000000',
|
||||
'required' => false,
|
||||
'question' => '',
|
||||
'filter' => ''
|
||||
],
|
||||
[
|
||||
'name' => '_APP_STORAGE_ANTIVIRUS',
|
||||
|
@ -330,6 +373,7 @@ return [
|
|||
'default' => 'disabled',
|
||||
'required' => false,
|
||||
'question' => '',
|
||||
'filter' => ''
|
||||
],
|
||||
[
|
||||
'name' => '_APP_STORAGE_ANTIVIRUS_HOST',
|
||||
|
@ -338,6 +382,7 @@ return [
|
|||
'default' => 'clamav',
|
||||
'required' => false,
|
||||
'question' => '',
|
||||
'filter' => ''
|
||||
],
|
||||
[
|
||||
'name' => '_APP_STORAGE_ANTIVIRUS_PORT',
|
||||
|
@ -346,6 +391,7 @@ return [
|
|||
'default' => '3310',
|
||||
'required' => false,
|
||||
'question' => '',
|
||||
'filter' => ''
|
||||
],
|
||||
],
|
||||
],
|
||||
|
@ -360,6 +406,7 @@ return [
|
|||
'default' => '900',
|
||||
'required' => false,
|
||||
'question' => '',
|
||||
'filter' => ''
|
||||
],
|
||||
[
|
||||
'name' => '_APP_FUNCTIONS_CONTAINERS',
|
||||
|
@ -368,6 +415,7 @@ return [
|
|||
'default' => '10',
|
||||
'required' => false,
|
||||
'question' => '',
|
||||
'filter' => ''
|
||||
],
|
||||
[
|
||||
'name' => '_APP_FUNCTIONS_CPUS',
|
||||
|
@ -376,6 +424,7 @@ return [
|
|||
'default' => '',
|
||||
'required' => false,
|
||||
'question' => '',
|
||||
'filter' => ''
|
||||
],
|
||||
[
|
||||
'name' => '_APP_FUNCTIONS_MEMORY',
|
||||
|
@ -384,6 +433,7 @@ return [
|
|||
'default' => '256',
|
||||
'required' => false,
|
||||
'question' => '',
|
||||
'filter' => ''
|
||||
],
|
||||
[
|
||||
'name' => '_APP_FUNCTIONS_MEMORY_SWAP',
|
||||
|
@ -392,6 +442,7 @@ return [
|
|||
'default' => '256',
|
||||
'required' => false,
|
||||
'question' => '',
|
||||
'filter' => ''
|
||||
],
|
||||
[
|
||||
'name' => '_APP_FUNCTIONS_RUNTIMES',
|
||||
|
@ -400,6 +451,7 @@ return [
|
|||
'default' => 'node-15.5,deno-1.8,php-8.0,python-3.9,ruby-3.0,dotnet-5.0',
|
||||
'required' => false,
|
||||
'question' => '',
|
||||
'filter' => ''
|
||||
],
|
||||
[
|
||||
'name' => '_APP_FUNCTIONS_ENVS',
|
||||
|
@ -408,6 +460,7 @@ return [
|
|||
'default' => 'node-14.5,deno-1.8,php-7.4,python-3.9,ruby-3.0,dotnet-5.0',
|
||||
'required' => false,
|
||||
'question' => '',
|
||||
'filter' => ''
|
||||
],
|
||||
],
|
||||
[
|
||||
|
@ -421,6 +474,7 @@ return [
|
|||
'default' => '86400',
|
||||
'required' => false,
|
||||
'question' => '',
|
||||
'filter' => ''
|
||||
],
|
||||
[
|
||||
'name' => '_APP_MAINTENANCE_RETENTION_EXECUTION',
|
||||
|
@ -429,6 +483,7 @@ return [
|
|||
'default' => '1209600',
|
||||
'required' => false,
|
||||
'question' => '',
|
||||
'filter' => ''
|
||||
],
|
||||
[
|
||||
'name' => '_APP_MAINTENANCE_RETENTION_AUDIT',
|
||||
|
@ -437,6 +492,7 @@ return [
|
|||
'default' => '1209600',
|
||||
'required' => false,
|
||||
'question' => '',
|
||||
'filter' => ''
|
||||
],
|
||||
[
|
||||
'name' => '_APP_MAINTENANCE_RETENTION_ABUSE',
|
||||
|
@ -445,6 +501,7 @@ return [
|
|||
'default' => '86400',
|
||||
'required' => false,
|
||||
'question' => '',
|
||||
'filter' => ''
|
||||
]
|
||||
],
|
||||
],
|
||||
|
|
|
@ -2,6 +2,7 @@
|
|||
|
||||
global $cli;
|
||||
|
||||
use Appwrite\Auth\Auth;
|
||||
use Appwrite\Docker\Compose;
|
||||
use Appwrite\Docker\Env;
|
||||
use Utopia\Analytics\GoogleAnalytics;
|
||||
|
@ -15,8 +16,10 @@ $cli
|
|||
->desc('Install Appwrite')
|
||||
->param('httpPort', '', new Text(4), 'Server HTTP port', true)
|
||||
->param('httpsPort', '', new Text(4), 'Server HTTPS port', true)
|
||||
->param('organization', 'appwrite', new Text(0), 'Docker Registry organization', true)
|
||||
->param('image', 'appwrite', new Text(0), 'Main appwrite docker image', true)
|
||||
->param('interactive','Y', new Text(1), 'Run an interactive session', true)
|
||||
->action(function ($httpPort, $httpsPort, $interactive) {
|
||||
->action(function ($httpPort, $httpsPort, $organization, $image, $interactive) {
|
||||
/**
|
||||
* 1. Start - DONE
|
||||
* 2. Check for older setup and get older version - DONE
|
||||
|
@ -64,6 +67,9 @@ $cli
|
|||
$data = @file_get_contents($path.'/docker-compose.yml');
|
||||
|
||||
if($data !== false) {
|
||||
$time = \time();
|
||||
Console::info('Compose file found, creating backup: docker-compose.yml.'.$time.'.backup');
|
||||
file_put_contents($path.'/docker-compose.yml.'.$time.'.backup',$data);
|
||||
$compose = new Compose($data);
|
||||
$appwrite = $compose->getService('appwrite');
|
||||
$oldVersion = ($appwrite) ? $appwrite->getImageVersion() : null;
|
||||
|
@ -89,6 +95,8 @@ $cli
|
|||
$data = @file_get_contents($path.'/.env');
|
||||
|
||||
if($data !== false) { // Fetch all env vars from previous .env file
|
||||
Console::info('Env file found, creating backup: .env.'.$time.'.backup');
|
||||
file_put_contents($path.'/.env.'.$time.'.backup',$data);
|
||||
$env = new Env($data);
|
||||
|
||||
foreach ($env->list() as $key => $value) {
|
||||
|
@ -125,6 +133,22 @@ $cli
|
|||
$input = [];
|
||||
|
||||
foreach($vars as $key => $var) {
|
||||
if(!empty($var['filter']) && ($interactive !== 'Y' || !Console::isInteractive())) {
|
||||
if($data && $var['default'] !== null) {
|
||||
$input[$var['name']] = $var['default'];
|
||||
continue;
|
||||
}
|
||||
|
||||
if($var['filter'] === 'token') {
|
||||
$input[$var['name']] = Auth::tokenGenerator();
|
||||
continue;
|
||||
}
|
||||
|
||||
if($var['filter'] === 'password') {
|
||||
$input[$var['name']] = Auth::passwordGenerator();
|
||||
continue;
|
||||
}
|
||||
}
|
||||
if(!$var['required'] || !Console::isInteractive() || $interactive !== 'Y') {
|
||||
$input[$var['name']] = $var['default'];
|
||||
continue;
|
||||
|
@ -144,6 +168,8 @@ $cli
|
|||
->setParam('httpPort', $httpPort)
|
||||
->setParam('httpsPort', $httpsPort)
|
||||
->setParam('version', APP_VERSION_STABLE)
|
||||
->setParam('organization', $organization)
|
||||
->setParam('image', $image)
|
||||
;
|
||||
|
||||
$templateForEnv
|
||||
|
|
|
@ -3,6 +3,8 @@
|
|||
$httpPort = $this->getParam('httpPort', '');
|
||||
$httpsPort = $this->getParam('httpsPort', '');
|
||||
$version = $this->getParam('version', '');
|
||||
$organization = $this->getParam('organization', '');
|
||||
$image = $this->getParam('image', '');
|
||||
?>version: '3'
|
||||
|
||||
services:
|
||||
|
@ -32,7 +34,7 @@ services:
|
|||
- appwrite
|
||||
|
||||
appwrite:
|
||||
image: appwrite/appwrite:<?php echo $version."\n"; ?>
|
||||
image: <?php echo $organization; ?>/<?php echo $image; ?>:<?php echo $version."\n"; ?>
|
||||
container_name: appwrite
|
||||
restart: unless-stopped
|
||||
networks:
|
||||
|
@ -98,7 +100,7 @@ services:
|
|||
- _APP_FUNCTIONS_RUNTIMES
|
||||
|
||||
appwrite-worker-usage:
|
||||
image: appwrite/appwrite:<?php echo $version."\n"; ?>
|
||||
image: <?php echo $organization; ?>/<?php echo $image; ?>:<?php echo $version."\n"; ?>
|
||||
entrypoint: worker-usage
|
||||
container_name: appwrite-worker-usage
|
||||
restart: unless-stopped
|
||||
|
@ -117,7 +119,7 @@ services:
|
|||
- _APP_STATSD_PORT
|
||||
|
||||
appwrite-worker-audits:
|
||||
image: appwrite/appwrite:<?php echo $version."\n"; ?>
|
||||
image: <?php echo $organization; ?>/<?php echo $image; ?>:<?php echo $version."\n"; ?>
|
||||
entrypoint: worker-audits
|
||||
container_name: appwrite-worker-audits
|
||||
restart: unless-stopped
|
||||
|
@ -139,7 +141,7 @@ services:
|
|||
- _APP_DB_PASS
|
||||
|
||||
appwrite-worker-webhooks:
|
||||
image: appwrite/appwrite:<?php echo $version."\n"; ?>
|
||||
image: <?php echo $organization; ?>/<?php echo $image; ?>:<?php echo $version."\n"; ?>
|
||||
entrypoint: worker-webhooks
|
||||
container_name: appwrite-worker-webhooks
|
||||
restart: unless-stopped
|
||||
|
@ -162,7 +164,7 @@ services:
|
|||
- _APP_DB_PASS
|
||||
|
||||
appwrite-worker-tasks:
|
||||
image: appwrite/appwrite:<?php echo $version."\n"; ?>
|
||||
image: <?php echo $organization; ?>/<?php echo $image; ?>:<?php echo $version."\n"; ?>
|
||||
entrypoint: worker-tasks
|
||||
container_name: appwrite-worker-tasks
|
||||
restart: unless-stopped
|
||||
|
@ -185,7 +187,7 @@ services:
|
|||
- _APP_DB_PASS
|
||||
|
||||
appwrite-worker-deletes:
|
||||
image: appwrite/appwrite:<?php echo $version."\n"; ?>
|
||||
image: <?php echo $organization; ?>/<?php echo $image; ?>:<?php echo $version."\n"; ?>
|
||||
entrypoint: worker-deletes
|
||||
container_name: appwrite-worker-deletes
|
||||
restart: unless-stopped
|
||||
|
@ -211,7 +213,7 @@ services:
|
|||
- _APP_DB_PASS
|
||||
|
||||
appwrite-worker-certificates:
|
||||
image: appwrite/appwrite:<?php echo $version."\n"; ?>
|
||||
image: <?php echo $organization; ?>/<?php echo $image; ?>:<?php echo $version."\n"; ?>
|
||||
entrypoint: worker-certificates
|
||||
container_name: appwrite-worker-certificates
|
||||
restart: unless-stopped
|
||||
|
@ -238,7 +240,7 @@ services:
|
|||
- _APP_DB_PASS
|
||||
|
||||
appwrite-worker-functions:
|
||||
image: appwrite/appwrite:<?php echo $version."\n"; ?>
|
||||
image: <?php echo $organization; ?>/<?php echo $image; ?>:<?php echo $version."\n"; ?>
|
||||
entrypoint: worker-functions
|
||||
container_name: appwrite-worker-functions
|
||||
restart: unless-stopped
|
||||
|
@ -271,7 +273,7 @@ services:
|
|||
- _APP_USAGE_STATS
|
||||
|
||||
appwrite-worker-mails:
|
||||
image: appwrite/appwrite:<?php echo $version."\n"; ?>
|
||||
image: <?php echo $organization; ?>/<?php echo $image; ?>:<?php echo $version."\n"; ?>
|
||||
entrypoint: worker-mails
|
||||
container_name: appwrite-worker-mails
|
||||
restart: unless-stopped
|
||||
|
@ -294,7 +296,7 @@ services:
|
|||
- _APP_SMTP_PASSWORD
|
||||
|
||||
appwrite-maintenance:
|
||||
image: appwrite/appwrite:<?php echo $version."\n"; ?>
|
||||
image: <?php echo $organization; ?>/<?php echo $image; ?>:<?php echo $version."\n"; ?>
|
||||
entrypoint: maintenance
|
||||
container_name: appwrite-maintenance
|
||||
restart: unless-stopped
|
||||
|
@ -315,7 +317,7 @@ services:
|
|||
|
||||
|
||||
appwrite-schedule:
|
||||
image: appwrite/appwrite:<?php echo $version."\n"; ?>
|
||||
image: <?php echo $organization; ?>/<?php echo $image; ?>:<?php echo $version."\n"; ?>
|
||||
entrypoint: schedule
|
||||
container_name: appwrite-schedule
|
||||
restart: unless-stopped
|
||||
|
@ -339,7 +341,7 @@ services:
|
|||
volumes:
|
||||
- appwrite-mariadb:/var/lib/mysql:rw
|
||||
environment:
|
||||
- MYSQL_ROOT_PASSWORD=rootsecretpassword
|
||||
- MYSQL_ROOT_PASSWORD=${_APP_DB_ROOT_PASS}
|
||||
- MYSQL_DATABASE=${_APP_DB_SCHEMA}
|
||||
- MYSQL_USER=${_APP_DB_USER}
|
||||
- MYSQL_PASSWORD=${_APP_DB_PASS}
|
||||
|
|
Loading…
Reference in a new issue