README.md 4.7 KB
Newer Older
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17
# [Webschleuder](https://git.codecoop.org/schleuder/webschleuder3) on `docker`

This repo contains `docker` configuration for `webschleuder3`, a web interface for an encrypted group email system `schleuder3`.

Uses `schleuder3 beta`, because it seems to actually be installable on modern systems. See:

* https://git.codecoop.org/schleuder/schleuder3
* https://git.codecoop.org/schleuder/schleuder-conf

If a valid database is not found, `rake db:setup` is run inside the container to set-up a basic valid database.

## Communication with `schleuderd`

This image requires a `schleuderd` running somewhere and accessible via `TCP/IP` -- one option is to run the [`schlocker3` docker image](https://git.occrp.org/libre/schlocker3/). You can configure the `schleuderd` URI with the `WEBSCHLOCKER_CONFIG_SCHLEUDERD_URI` environment variable described below.

**Please be advised that `schleuderd` does not, at this time, offer authentication, nor does it support `TLS`-encrypted connections. This means that `webschleuder3` should be run on the same physical machine, or at least on a connection that precludes the possibility of malicious connections being made to `schleuderd`.** You have been warned!

18 19 20 21 22 23 24 25 26 27 28 29 30
## Running and testing

You need `docker`, obviously. So first, [go and install it](https://docs.docker.com/engine/installation/). Then get `schleuderd` running. We'll assume you're [using the `schlocker3` docker image](https://git.occrp.org/libre/schlocker3/#running-and-testing) for this. Once you have `schlocker3` running, run `webschlocker3`:

```
$ git clone https://git.occrp.org/libre/webschlocker3.git
$ docker build -t 'webschlocker3' webschlocker3/
$ docker run --rm --name webschlocker-test --link schlocker-test -e WEBSCHLOCKER_CONFIG_SCHLEUDERD_URI="http://schlocker-test:4567/" webschlocker3
```

By default `weschleuder3` listens on port `3000` (you can change this by setting `$WEBSCHLOCKER_BIND_PORT` docker envvar); you can get the IP of the container with:

```
Michał 'rysiek' Woźniak's avatar
Michał 'rysiek' Woźniak committed
31
docker inspect -f '{{.NetworkSettings.IPAddress}}' webschlocker-test
32 33 34 35
```

Once you have that, navigate your browser to `http://<IP-of-the-container>:3000/` and log-in with user `root@localhost`, password `slingit!`.

36 37 38 39 40 41
## Environment variables

 - `WEBSCHLOCKER_CONFIG_HOSTNAME` (default: container's hostname)

The hostname `webschleuder3` will run under, used among others in confirmation links sent to users.

Michał 'rysiek' Woźniak's avatar
Michał 'rysiek' Woźniak committed
42 43 44 45 46
 - `WEBSCHLOCKER_BIND_ADDRESS` (default: `0.0.0.0`)
 - `WEBSCHLOCKER_BIND_PORT` (default: `3000`)
 
Hostname (or IP address) and port to bind to.

47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71
 - `WEBSCHLOCKER_CONFIG_SCHLEUDERD_URI` (default: `http://localhost:4567/`)

URI the `schleuderd` daemon can be reached at.
 
 - `WEBSCHLOCKER_CONFIG_MAILER_FROM` (default: `noreply@$WEBSCHLOCKER_CONFIG_HOSTNAME`)
 
Sender address for all the e-mails originating from the web interface (i.e. confirmation e-mails). Keep in mind that this should be an address that the e-mail server will let through.
 
 - `WEBSCHLOCKER_CONFIG_DELIVERY_METHOD` (default: `smtp`)
 
Delivery method to use for outgoing e-mail; `webschleuder3` uses [`ActionMailer`](http://api.rubyonrails.org/classes/ActionMailer/Base.html) to send mail.
 
 - `WEBSCHLOCKER_CONFIG_SENDMAIL_ARGUMENTS` (default: `-t -i -f`)
 
Arguments passed to `sendmail`, if `WEBSCHLOCKER_CONFIG_DELIVERY_METHOD` is set to `sendmail`.
 
 - `WEBSCHLOCKER_CONFIG_SMTP_ADDRESS` (default: `localhost`)
 - `WEBSCHLOCKER_CONFIG_SMTP_PORT` (default: `25`)
 
SMTP server address and port to be used when `WEBSCHLOCKER_CONFIG_DELIVERY_METHOD` is set to `smtp`.
 
 - `WEBSCHLOCKER_CONFIG_SMTP_OPENSSL_VERIFY_MODE` (default: `none`)
 
How should the server cert be verified, if at all, when `WEBSCHLOCKER_CONFIG_DELIVERY_METHOD` is set to `smtp`. Currently not used at all.

Michał 'rysiek' Woźniak's avatar
Michał 'rysiek' Woźniak committed
72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104
 - `WEBSCHLOCKER_SECRET_KEY_BASE` (default: generated random string)
 
Secret used to verify encrypted cookies; can be changed at any time (change causes cookies to become invalid; users are then required to re-login).

### Database settings

Separate databases are used by `schleuder3` and `webschleuder3`; these settings should thus be different from the ones used for [`schlocker3`](https://git.occrp.org/libre/schlocker3/).

 - `WEBSCHLOCKER_DB_ADAPTER` (default: `sqlite3`)

Database adapter.
 
 - `WEBSCHLOCKER_DB_DATABASE` (default: `/var/webschleuder/db.sqlite`)
 
Database name (or database file path when using `sqlite3` adapter).
 
 - `WEBSCHLOCKER_DB_ENCODING`

Database encoding (not used for `sqlite3`).

 - `WEBSCHLOCKER_DB_USERNAME`

Database user (not used for `sqlite3`).

 - `WEBSCHLOCKER_DB_PASSWORD`

Database user password (not used for `sqlite3`).

 - `WEBSCHLOCKER_DB_HOST`
 
Database host (not used for `sqlite3`).


105 106 107
## TODO

 - handle more [`ActionMailer` config options](http://api.rubyonrails.org/classes/ActionMailer/Base.html)