From 3324d1e8e62d2393ddfe1d8b7c7a7f20cb4cb1d9 Mon Sep 17 00:00:00 2001 From: Yury Kossakovsky Date: Tue, 19 Aug 2025 16:12:02 -0600 Subject: [PATCH] Remove Postiz authentication variables and related configurations - Deleted POSTIZ_USERNAME, POSTIZ_PASSWORD, and POSTIZ_PASSWORD_HASH from .env.example and docker-compose.yml to streamline configuration. - Removed basic authentication setup from Caddyfile for the Postiz service. - Updated scripts to eliminate generation of Postiz-related secrets, enhancing security and simplifying setup. --- .env.example | 3 --- Caddyfile | 3 --- docker-compose.yml | 2 -- scripts/03_generate_secrets.sh | 17 +---------------- scripts/06_final_report.sh | 4 +--- 5 files changed, 2 insertions(+), 27 deletions(-) diff --git a/.env.example b/.env.example index 82569a6..dcbfe37 100644 --- a/.env.example +++ b/.env.example @@ -329,9 +329,6 @@ RAGAPP_PASSWORD_HASH= # To protect Postiz via Caddy basic auth (optional), set these: ############ -POSTIZ_USERNAME= -POSTIZ_PASSWORD= -POSTIZ_PASSWORD_HASH= POSTIZ_DISABLE_REGISTRATION=false ############ diff --git a/Caddyfile b/Caddyfile index 9cff214..68b11e4 100644 --- a/Caddyfile +++ b/Caddyfile @@ -68,9 +68,6 @@ # Postiz {$POSTIZ_HOSTNAME} { - basic_auth { - {$POSTIZ_USERNAME} {$POSTIZ_PASSWORD_HASH} - } reverse_proxy postiz:5000 } diff --git a/docker-compose.yml b/docker-compose.yml index 078c353..93f57b9 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -214,8 +214,6 @@ services: - NEO4J_HOSTNAME=${NEO4J_HOSTNAME} - PORTAINER_HOSTNAME=${PORTAINER_HOSTNAME} - POSTIZ_HOSTNAME=${POSTIZ_HOSTNAME} - - POSTIZ_PASSWORD_HASH=${POSTIZ_PASSWORD_HASH} - - POSTIZ_USERNAME=${POSTIZ_USERNAME} - PROMETHEUS_HOSTNAME=${PROMETHEUS_HOSTNAME} - PROMETHEUS_PASSWORD_HASH=${PROMETHEUS_PASSWORD_HASH} - PROMETHEUS_USERNAME=${PROMETHEUS_USERNAME} diff --git a/scripts/03_generate_secrets.sh b/scripts/03_generate_secrets.sh index b26e675..3e083d2 100755 --- a/scripts/03_generate_secrets.sh +++ b/scripts/03_generate_secrets.sh @@ -53,7 +53,6 @@ declare -A VARS_TO_GENERATE=( ["DIFY_SECRET_KEY"]="secret:64" # Dify application secret key (maps to SECRET_KEY in Dify) ["COMFYUI_PASSWORD"]="password:32" # Added ComfyUI basic auth password ["RAGAPP_PASSWORD"]="password:32" # Added RAGApp basic auth password - ["POSTIZ_PASSWORD"]="password:32" # Added Postiz basic auth password ) # Initialize existing_env_vars and attempt to read .env if it exists @@ -373,7 +372,6 @@ generated_values["N8N_WORKER_COUNT"]="$N8N_WORKER_COUNT" generated_values["WEAVIATE_USERNAME"]="$USER_EMAIL" # Set Weaviate username for Caddy generated_values["COMFYUI_USERNAME"]="$USER_EMAIL" # Set ComfyUI username for Caddy generated_values["RAGAPP_USERNAME"]="$USER_EMAIL" # Set RAGApp username for Caddy -generated_values["POSTIZ_USERNAME"]="$USER_EMAIL" # Set Postiz username for Caddy if [[ -n "$OPENAI_API_KEY" ]]; then generated_values["OPENAI_API_KEY"]="$OPENAI_API_KEY" @@ -399,7 +397,6 @@ found_vars["WEAVIATE_USERNAME"]=0 found_vars["NEO4J_AUTH_USERNAME"]=0 found_vars["COMFYUI_USERNAME"]=0 found_vars["RAGAPP_USERNAME"]=0 -found_vars["POSTIZ_USERNAME"]=0 # Read template, substitute domain, generate initial values while IFS= read -r line || [[ -n "$line" ]]; do @@ -446,7 +443,7 @@ while IFS= read -r line || [[ -n "$line" ]]; do # This 'else' block is for lines from template not covered by existing values or VARS_TO_GENERATE. # Check if it is one of the user input vars - these are handled by found_vars later if not in template. is_user_input_var=0 # Reset for each line - user_input_vars=("FLOWISE_USERNAME" "DASHBOARD_USERNAME" "LETSENCRYPT_EMAIL" "RUN_N8N_IMPORT" "PROMETHEUS_USERNAME" "SEARXNG_USERNAME" "OPENAI_API_KEY" "LANGFUSE_INIT_USER_EMAIL" "N8N_WORKER_COUNT" "WEAVIATE_USERNAME" "NEO4J_AUTH_USERNAME" "COMFYUI_USERNAME" "RAGAPP_USERNAME" "POSTIZ_USERNAME") + user_input_vars=("FLOWISE_USERNAME" "DASHBOARD_USERNAME" "LETSENCRYPT_EMAIL" "RUN_N8N_IMPORT" "PROMETHEUS_USERNAME" "SEARXNG_USERNAME" "OPENAI_API_KEY" "LANGFUSE_INIT_USER_EMAIL" "N8N_WORKER_COUNT" "WEAVIATE_USERNAME" "NEO4J_AUTH_USERNAME" "COMFYUI_USERNAME" "RAGAPP_USERNAME") for uivar in "${user_input_vars[@]}"; do if [[ "$varName" == "$uivar" ]]; then is_user_input_var=1 @@ -664,18 +661,6 @@ fi _update_or_add_env_var "RAGAPP_PASSWORD_HASH" "$FINAL_RAGAPP_HASH" -# --- POSTIZ --- -POSTIZ_PLAIN_PASS="${generated_values["POSTIZ_PASSWORD"]}" -FINAL_POSTIZ_HASH="${generated_values[POSTIZ_PASSWORD_HASH]}" -if [[ -z "$FINAL_POSTIZ_HASH" && -n "$POSTIZ_PLAIN_PASS" ]]; then - NEW_HASH=$(_generate_and_get_hash "$POSTIZ_PLAIN_PASS") - if [[ -n "$NEW_HASH" ]]; then - FINAL_POSTIZ_HASH="$NEW_HASH" - generated_values["POSTIZ_PASSWORD_HASH"]="$NEW_HASH" - fi -fi -_update_or_add_env_var "POSTIZ_PASSWORD_HASH" "$FINAL_POSTIZ_HASH" - if [ $? -eq 0 ]; then # This $? reflects the status of the last mv command from the last _update_or_add_env_var call. # For now, assuming if we reached here and mv was fine, primary operations were okay. echo ".env file generated successfully in the project root ($OUTPUT_FILE)." diff --git a/scripts/06_final_report.sh b/scripts/06_final_report.sh index 74741cf..f69da17 100755 --- a/scripts/06_final_report.sh +++ b/scripts/06_final_report.sh @@ -140,9 +140,7 @@ if is_profile_active "postiz"; then echo "================================= Postiz ==============================" echo echo "Host: ${POSTIZ_HOSTNAME:-}" - echo "Internal Access (from other containers): http://postiz:5000" - echo "User: ${POSTIZ_USERNAME:-}" - echo "Password: ${POSTIZ_PASSWORD:-}" + echo "Internal Access (e.g., from n8n): http://postiz:5000" fi if is_profile_active "ragapp"; then