Giter VIP home page Giter VIP logo

doogle-docker's Introduction

Table of Contents

Getting Started

git clone https://github.com/safesploit/doogle-docker.git
cd doogle-docker

chmod +x build.sh
./build.sh

MySQL Credentials

The credentials are stored in .env file.

user@vm(~/doogle-docker) $ cat .env
# APACHE-PHP-ENV
APACHE_PORT="8010"

# PHP
PHP_PORT="7000"

# MYSQL
MYSQL_PORT="9906"
MYSQL_DB_HOST="mysql_db"
MYSQL_DB_NAME="doogle"
MYSQL_DB_USER="doogle"
MYSQL_DB_PASSWORD=""

# MYSQL ROOT USER
MYSQL_ROOT_USER="root"
MYSQL_ROOT_PASSWORD=""

# GIT REPO
GIT_REPO_URL="https://github.com/safesploit/doogle.git"

Build.sh script

Function Loading Order Explanation

In the bash script build.sh, the critical order is ensuring that passwords are generated and updated before loading environment variables from the .env file using the load_env function. This sequence ensures that the newly generated passwords are available for subsequent operations that depend on them, like updating configuration files and SQL scripts. By following this order, the script avoids issues related to missing or outdated passwords when modifying sensitive configurations.

  1. clone_app_repo ${GIT_REPO_URL}: This function clones a Git repository into a specified directory. It should be executed early in your script to ensure that the application source code is available before any other operations are performed on it.

  2. update_mysql_password_env $(generate_password 20): This function generates a random password and updates the environment variable MYSQL_DB_PASSWORD in the .env file. It should come after cloning the repository because it needs the repository's files (like .env) to operate on.

  3. update_mysql_root_password_env $(generate_password 20): Similar to the previous function, this one generates a random password and updates the environment variable MYSQL_ROOT_PASSWORD in the .env file. It also requires the repository's files to be in place.

  4. load_env ".env": This function loads environment variables from the .env file. It should be called after updating environment variables in steps 2 and 3 to ensure that the newly generated passwords are available for subsequent operations.

  5. update_config_php "config.php": This function updates the config.php file, replacing placeholders with actual environment variables. It relies on the loaded environment variables from step 4 to perform the replacements correctly.

  6. update_create_user_sql "sql-user.sql": This function updates the SQL script file sql-user.sql. Like the previous function, it relies on the loaded environment variables to update the script correctly.

  7. cleanup_backup_files: This function is executed at the end to clean up any backup or temporary files created during the script's execution. It can be placed at the end because it doesn't depend on other functions' results.

  8. start_containers: If uncommented, this function starts Docker containers. Its position at the end of the script indicates that it should be the last step in the process, after all other preparations have been completed.

By following this order, you ensure that each function has the necessary information and resources available to perform its specific task correctly, leading to a smooth and error-free execution of your script.

Explanation: The Need for the ALTER USER Command

In the SQL script, an issue arises when creating a user with an initial empty password:

CREATE USER IF NOT EXISTS 'doogle'@'%' IDENTIFIED WITH 'caching_sha2_password' BY '';

While this approach is acceptable in some cases, it may lead to authentication issues, especially when using certain authentication methods like 'caching_sha2_password'.

Here's why the ALTER USER command is necessary:

  • Proper Password Assignment: The CREATE USER statement sets an empty password initially. This can cause problems with authentication because many authentication methods, including 'caching_sha2_password', require a non-empty password for security reasons.

  • Updating Password: The ALTER USER statement is used to update the user's password to a secure and non-empty value, such as 'o2zE7yfG9zPCU0gMt4Un'. This ensures that the 'doogle' user has a valid password that can be used for authentication.

  • Preventing Authentication Errors: By updating the password with ALTER USER, you prevent authentication errors that could occur when attempting to log in with an empty password. It ensures that the user can authenticate successfully.

In summary, the ALTER USER command is needed to correct the initial empty password and assign a secure password to the user, ensuring proper authentication and preventing potential issues related to empty passwords.

doogle-docker's People

Contributors

safesploit avatar

Watchers

 avatar

doogle-docker's Issues

Environment Variables

Store sensitive environment variables (like database passwords) securely in a .env file and use them in docker-compose.yml.

This will make it easier to manage sensitive information without exposing it directly in the configuration.

Named Volumes for Persistence

Issue

Currently default volume management in Docker.

Solution

Instead, create named volumes for persistent data storage.

This ensures that your database data persists even if containers are recreated or removed. Define named volumes in your docker-compose.yml file

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    ๐Ÿ–– Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. ๐Ÿ“Š๐Ÿ“ˆ๐ŸŽ‰

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google โค๏ธ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.