# [Webschleuder](https://git.codecoop.org/schleuder/webschleuder3) on `docker` This repo contains `docker` configuration for `webschleuder3`, a web interface for an encrypted group email system `schleuder3`. Uses `schleuder3 beta`, because it seems to actually be installable on modern systems. See: * https://git.codecoop.org/schleuder/schleuder3 * https://git.codecoop.org/schleuder/schleuder-conf If a valid database is not found, `rake db:setup` is run inside the container to set-up a basic valid database. ## Communication with `schleuderd` This image requires a `schleuderd` running somewhere and accessible via `TCP/IP` -- one option is to run the [`schlocker3` docker image](https://git.occrp.org/libre/schlocker3/). You can configure the `schleuderd` URI with the `WEBSCHLOCKER_CONFIG_SCHLEUDERD_URI` environment variable described below. **Please be advised that `schleuderd` does not, at this time, offer authentication, nor does it support `TLS`-encrypted connections. This means that `webschleuder3` should be run on the same physical machine, or at least on a connection that precludes the possibility of malicious connections being made to `schleuderd`.** You have been warned! ## Running and testing You need `docker`, obviously. So first, [go and install it](https://docs.docker.com/engine/installation/). Then get `schleuderd` running. We'll assume you're [using the `schlocker3` docker image](https://git.occrp.org/libre/schlocker3/#running-and-testing) for this. Once you have `schlocker3` running, run `webschlocker3`: ``` $ git clone https://git.occrp.org/libre/webschlocker3.git $ docker build -t 'webschlocker3' webschlocker3/ $ docker run --rm --name webschlocker-test --link schlocker-test -e WEBSCHLOCKER_CONFIG_SCHLEUDERD_URI="http://schlocker-test:4567/" webschlocker3 ``` By default `weschleuder3` listens on port `3000` (you can change this by setting `$WEBSCHLOCKER_BIND_PORT` docker envvar); you can get the IP of the container with: ``` docker inspect -f '{{.NetworkSettings.IPAddress}}' webschlocker-test ``` Once you have that, navigate your browser to `http://:3000/` and log-in with user `root@localhost`, password `slingit!`. ## Environment variables - `WEBSCHLOCKER_CONFIG_HOSTNAME` (default: container's hostname) The hostname `webschleuder3` will run under, used among others in confirmation links sent to users. - `WEBSCHLOCKER_BIND_ADDRESS` (default: `0.0.0.0`) - `WEBSCHLOCKER_BIND_PORT` (default: `3000`) Hostname (or IP address) and port to bind to. - `WEBSCHLOCKER_CONFIG_SCHLEUDERD_URI` (default: `http://localhost:4567/`) URI the `schleuderd` daemon can be reached at. - `WEBSCHLOCKER_CONFIG_MAILER_FROM` (default: `noreply@$WEBSCHLOCKER_CONFIG_HOSTNAME`) Sender address for all the e-mails originating from the web interface (i.e. confirmation e-mails). Keep in mind that this should be an address that the e-mail server will let through. - `WEBSCHLOCKER_CONFIG_DELIVERY_METHOD` (default: `smtp`) Delivery method to use for outgoing e-mail; `webschleuder3` uses [`ActionMailer`](http://api.rubyonrails.org/classes/ActionMailer/Base.html) to send mail. - `WEBSCHLOCKER_CONFIG_SENDMAIL_ARGUMENTS` (default: `-t -i -f`) Arguments passed to `sendmail`, if `WEBSCHLOCKER_CONFIG_DELIVERY_METHOD` is set to `sendmail`. - `WEBSCHLOCKER_CONFIG_SMTP_ADDRESS` (default: `localhost`) - `WEBSCHLOCKER_CONFIG_SMTP_PORT` (default: `25`) SMTP server address and port to be used when `WEBSCHLOCKER_CONFIG_DELIVERY_METHOD` is set to `smtp`. - `WEBSCHLOCKER_CONFIG_SMTP_OPENSSL_VERIFY_MODE` (default: `none`) How should the server cert be verified, if at all, when `WEBSCHLOCKER_CONFIG_DELIVERY_METHOD` is set to `smtp`. Currently not used at all. - `WEBSCHLOCKER_SECRET_KEY_BASE` (default: generated random string) Secret used to verify encrypted cookies; can be changed at any time (change causes cookies to become invalid; users are then required to re-login). ### Database settings Separate databases are used by `schleuder3` and `webschleuder3`; these settings should thus be different from the ones used for [`schlocker3`](https://git.occrp.org/libre/schlocker3/). - `WEBSCHLOCKER_DB_ADAPTER` (default: `sqlite3`) Database adapter. - `WEBSCHLOCKER_DB_DATABASE` (default: `/var/webschleuder/db.sqlite`) Database name (or database file path when using `sqlite3` adapter). - `WEBSCHLOCKER_DB_ENCODING` Database encoding (not used for `sqlite3`). - `WEBSCHLOCKER_DB_USERNAME` Database user (not used for `sqlite3`). - `WEBSCHLOCKER_DB_PASSWORD` Database user password (not used for `sqlite3`). - `WEBSCHLOCKER_DB_HOST` Database host (not used for `sqlite3`). ## TODO - handle more [`ActionMailer` config options](http://api.rubyonrails.org/classes/ActionMailer/Base.html)