rogs/synapse-docker-bridges
rogs/synapse-docker-bridges
1
0
Fork 0
Code Issues 1 Pull Requests Actions Packages Projects Releases Wiki Activity

Enhance security by generating a unique DB password

Browse Source
This commit is contained in:
Roger Gonzalez 2024-11-27 16:25:07 -03:00
parent fe2f7689fe
commit 811053f67c
Signed by: rogs
GPG Key ID: C7ECE9C6C36EC2E6
2 changed files with 21 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

12
README.md
View File

@ -25,7 +25,15 @@ cd dendrite-docker-bridges
./setup.sh ./setup.sh
``` ```
This script will prompt you for your domain (the one you configured in "Before Starting") and create your private key and config in the `./config/dendrite` directory. When it finishes, make sure to copy the "Registration shared secret," as you will need it for the next step. This script will:
- Prompt you for your domain (the one you configured in "Before Starting")
- Generate a secure database password
- Create your private key and config in the `./config/dendrite` directory
- Display two important pieces of information:
- The "Registration shared secret"
- The Database URI
**Important**: Make sure to save both the registration shared secret AND the Database URI in a secure location. The Database URI will be needed later when configuring the bridges for WhatsApp, Telegram, and Discord.
3. Open your configuration file located at `./config/dendrite/dendrite.yaml`. **You may need `sudo` to edit this file.** Search for `registration_shared_secret` and paste the registration secret you copied in the previous step. The section should look similar to this: 3. Open your configuration file located at `./config/dendrite/dendrite.yaml`. **You may need `sudo` to edit this file.** Search for `registration_shared_secret` and paste the registration secret you copied in the previous step. The section should look similar to this:
@ -64,3 +72,5 @@ Dendrite is now up and running! You can proceed with setting up the bridges:
- [WhatsApp Bridge](./config/mautrix-whatsapp/README.md) - [WhatsApp Bridge](./config/mautrix-whatsapp/README.md)
- [Telegram Bridge](./config/mautrix-telegram/README.md) - [Telegram Bridge](./config/mautrix-telegram/README.md)
- [Discord Bridge](./config/mautrix-discord/README.md) - [Discord Bridge](./config/mautrix-discord/README.md)
**Note**: When configuring each bridge, you'll need to use the Database URI that was displayed during the setup process. Make sure you have saved it somewhere secure!

11
setup.sh
View File

@ -1,5 +1,11 @@
#!/bin/bash #!/bin/bash
# Generate DB password
DB_PASSWORD=$(head /dev/urandom | tr -dc A-Za-z0-9 | head -c 32)
# Replace the default password in docker-compose.yml
sed -i "s/POSTGRES_PASSWORD: itsasecret/POSTGRES_PASSWORD: $DB_PASSWORD/" docker-compose.yml
# Prompt for domain input # Prompt for domain input
read -p "Enter your domain (e.g., example.com): " DOMAIN read -p "Enter your domain (e.g., example.com): " DOMAIN
if [[ -z "$DOMAIN" ]]; then if [[ -z "$DOMAIN" ]]; then
@ -21,7 +27,7 @@ docker run --rm --entrypoint="/bin/sh" \
matrixdotorg/dendrite-monolith:latest \ matrixdotorg/dendrite-monolith:latest \
-c "/usr/bin/generate-config \ -c "/usr/bin/generate-config \
-dir /var/dendrite/ \ -dir /var/dendrite/ \
-db postgres://dendrite:itsasecret@postgres/dendrite?sslmode=disable \ -db postgres://dendrite:$DB_PASSWORD@postgres/dendrite?sslmode=disable \
-server $DOMAIN > /mnt/dendrite.yaml" -server $DOMAIN > /mnt/dendrite.yaml"
# Generate and display the registration shared secret # Generate and display the registration shared secret
@ -29,3 +35,6 @@ SHARED_SECRET=$(head /dev/urandom | tr -dc A-Za-z0-9 | head -c 50)
echo echo
echo "Registration shared secret: $SHARED_SECRET" echo "Registration shared secret: $SHARED_SECRET"
echo "Make sure to copy it!" echo "Make sure to copy it!"
echo
echo "Database URI: postgres://dendrite:$DB_PASSWORD@postgres/dendrite?sslmode=disable"
echo "Make sure to save this information securely!"