agala/server-initializer
1
0
Fork 0
mirror of https://github.com/elAgala/server-initializer.git synced 2026-02-13 21:06:16 +00:00
Code Issues Packages Projects Releases Wiki Activity

feat: prompt for prometheus & loki password for proper hashing

Browse Source
This commit is contained in:
elAgala
2025-07-10 02:28:18 -03:00
parent 379bdefea7
commit 2dd0edbd49
2 changed files with 22 additions and 8 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
templates/caddy/full/Makefile
View File

@@ -14,9 +14,9 @@ caddy\:crowdsec-key:
@echo "\n=== IMPORTANT ===\nCopy the API_KEY from the output above and replace the value of CROWDSEC_API_KEY in your .env file."
caddy\:generate-password:
@echo "Generating new password..."
@echo "Generating new password hash..."
docker exec -it caddy caddy hash-password
@echo "\n=== IMPORTANT ===\nCopy the password from the output above and replace the value of PROMETHEUS_PASSWORD in your Caddyfile."
@echo "\n=== IMPORTANT ===\nCopy the password hash from the output above and replace the value of PROMETHEUS_PASSWORD or LOKI_PASSWORD in your .env file."
caddy\:logs:
@echo "Showing Caddy logs..."

26
web/install_caddy.sh
View File

@@ -29,14 +29,20 @@ function install_caddy() {
echo "[ WEB ]: Starting containers to generate keys..."
cd "$caddy_dir"
# Generate random Prometheus password
echo "[ WEB ]: Generating Prometheus password..."
PROMETHEUS_PASSWORD=$(openssl rand -base64 32)
# Prompt user for passwords and encrypt them using Caddy
echo "[ WEB ]: Setting up authentication passwords..."
echo -n "Enter password for Prometheus access: "
read -s prometheus_plain_password
echo
echo -n "Enter password for Loki access: "
read -s loki_plain_password
echo
# Create .env file with placeholder
cat > "$caddy_dir/.env" <<EOF
CROWDSEC_API_KEY=PLACEHOLDER_WILL_BE_REPLACED
PROMETHEUS_PASSWORD=$PROMETHEUS_PASSWORD
PROMETHEUS_PASSWORD=PLACEHOLDER_WILL_BE_REPLACED
LOKI_PASSWORD=PLACEHOLDER_WILL_BE_REPLACED
EOF
# Start containers
@@ -63,10 +69,17 @@ EOF
echo "[ WEB ]: Generating CrowdSec API key..."
CROWDSEC_API_KEY=$(sudo docker exec crowdsec cscli bouncers add caddy-bouncer -o raw)
# Update .env file with real API key
# Encrypt passwords using Caddy
echo "[ WEB ]: Encrypting Prometheus password..."
PROMETHEUS_PASSWORD=$(sudo docker exec caddy caddy hash-password --plaintext "$prometheus_plain_password")
echo "[ WEB ]: Encrypting Loki password..."
LOKI_PASSWORD=$(sudo docker exec caddy caddy hash-password --plaintext "$loki_plain_password")
# Update .env file with real API key and encrypted passwords
cat > "$caddy_dir/.env" <<EOF
CROWDSEC_API_KEY=$CROWDSEC_API_KEY
PROMETHEUS_PASSWORD=$PROMETHEUS_PASSWORD
LOKI_PASSWORD=$LOKI_PASSWORD
EOF
# Restart containers with new API key
@@ -77,6 +90,7 @@ EOF
echo "[ WEB ]: Caddy setup completed successfully!"
echo "[ WEB ]: Configuration location: $caddy_dir"
echo "[ WEB ]: CrowdSec API key: $CROWDSEC_API_KEY"
echo "[ WEB ]: Prometheus password: $PROMETHEUS_PASSWORD"
echo "[ WEB ]: Prometheus password: [ENCRYPTED AND STORED IN .env]"
echo "[ WEB ]: Loki password: [ENCRYPTED AND STORED IN .env]"
echo "[ WEB ]: Add your site configurations to: $caddy_dir/caddy/sites-enabled/"
}