diff --git a/Readme.md b/Readme.md index 89d9f2d9d..7bd6aa73b 100644 --- a/Readme.md +++ b/Readme.md @@ -20,7 +20,7 @@ You should change `http://documentserver` to your server address in these files: * [Ruby](https://github.com/Euro-Office/document-server-integration/tree/main/web/documentserver-example/ruby) - `web/documentserver-example/ruby/app/configuration/configuration.rb` -## Quick Start — minimal Docker test environment +## Quick Start — minimal Docker run The repository ships a `docker-compose.yml` that starts a self-contained Euro-Office DocumentServer with the Node.js integration example enabled @@ -28,13 +28,49 @@ automatically. No extra configuration or manual service start is required. **Prerequisites:** Docker with the Compose plugin (v2). -**1. Start the container:** +**1. First run** +On the first run, execute: + +```bash +chmod +x install.sh +``` +```bash +./install.sh +``` +```bash +chmod 400 install.sh +``` + + +The installation script generates a secure JWT secret, stores it in the +`.env` file, pulls the Docker image, and starts the container. +It also creates an `.installed` flag to prevent accidental re-runs. + +To run it again (e.g. to regenerate the secret), remove the flag first: + +​```bash +rm .installed +``` +```bash +chmod 700 install.sh +``` +```bash +./install.sh +``` +```bash +chmod 400 install.sh +``` +​ + +**2. Start the container after the first run:** + +For subsequent starts, run: ```bash docker compose up -d ``` -**2. Wait until the server is ready** — monitor the logs: +**3. Wait until the server is ready** — monitor the logs: ```bash docker logs -f eo-documentserver @@ -46,7 +82,7 @@ The server is ready when you see: INFO success: docservice entered RUNNING state ``` -**3. Open the example in your browser:** +**4. Open the example in your browser:** ``` http://localhost:8080/example/ diff --git a/docker-compose.yml b/docker-compose.yml index b98f526d3..d207889c3 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -45,7 +45,7 @@ services: image: ghcr.io/euro-office/documentserver:latest environment: EXAMPLE_ENABLED: "true" - JWT_SECRET: "secret" + JWT_SECRET: "${JWT_SECRET:?JWT_SECRET is required}" container_name: eo-documentserver ports: - - "8080:80" \ No newline at end of file + - "8080:80" diff --git a/install.sh b/install.sh new file mode 100644 index 000000000..90079421e --- /dev/null +++ b/install.sh @@ -0,0 +1,30 @@ +#!/usr/bin/env bash +if [[ -f .installed ]]; then + echo "Already installed. Remove .installed to run again." + exit 0 +fi + +# .env contains ONLY JWT_SECRET, so overwriting the whole file is safe. +# If you add other variables here, switch to sed to avoid wiping them. +if [[ ! -s ".env" ]] || grep -qx 'JWT_SECRET=' .env; then # check if the file exists + printf 'JWT_SECRET=%s\n' "$(openssl rand -hex 128)" > .env # if .env doesn't exist it's created with the secret + chmod 400 .env # owner read-only +else + echo "Would you overwrite JWT_SECRET? [y/n]" + read -r answer + if [[ "$answer" == "y" ]]; then + NEW_SECRET="$(openssl rand -hex 128)" + chmod 600 .env + sed -i "s|^JWT_SECRET=.*$|JWT_SECRET=${NEW_SECRET}|" .env + chmod 400 .env + echo "JWT_SECRET overwritten." + else + echo "JWT_SECRET not overwritten." + fi +fi + +touch .installed + +# start the containers +docker compose pull +docker compose up -d