Calibre image has changed and need to add PASSWORD variable

[dwilliamhouston]

The calibre image has changed and no longer useres the GUAC_USER/GUAC_PASS variables. Have been changed so that default username is abc and default password is set using the PASSWORD environment variable. Current script needs to be updated to use the new settings otherwise it will default to username abc/password abc which is publicly available and make calbre insecure for users.

[azerial]

Looking into this, and I tried changing the env var to PASSWORD and having the user.pass hashed, but xrdp didnt want to accept it. Guacamole allowed the password to at least be hashed, whereas it would appear that xrdp does not. I dont feel super great about having the password for your setup as an env var on a container.

Environment variables from files (Docker secrets)

You can set any environment variable from a file by using a special prepend FILE__.

As an example:

-e FILE__PASSWORD=/run/secrets/mysecretpassword

Will set the environment variable PASSWORD based on the contents of the /run/secrets/mysecretpassword file.

I'm looking into implementing docker secrets into the ansible file, but i need to do a little research first (mostly to see if a plugin is included in the ansible config that cloudbox uses). Ideally this password would be stored in the docker secret storage, and then referenced in the env var as per LinuxServer's documentation on the docker image.

[azerial]

I looked into setting the htpasswd and just using that, but i wasnt getting what I expected (a user and password prompt). Im looking more into that.

[saltydk]

You can utilize docker secrets with https://docs.ansible.com/ansible/latest/collections/community/docker/docker_secret_module.html#ansible-collections-community-docker-docker-secret-module

[mariosemes]

I looked into setting the htpasswd and just using that, but i wasnt getting what I expected (a user and password prompt). Im looking more into that.

This just makes the most sense.

[dwilliamhouston]

Appreciate you all working on this. Its frustrating that linuxserver changed it to the way they did with having a password in cleartext in the environment variables. I wonder if they are changing all of their containers to this. Would it be worth Cloudbox creating their own Calibre image that works the way the old version did with the GUAC_USER/GUAC_PASS environment options as this way a user would then have to have correct username AND password. The way it is right now the username is always abc and person just has to guess the password. Just a thought.

[azerial]

I figured out why the htpasswd wasnt working, it was a casing issue. Testing and submitting a MR in the next few mins.

edit: it was late doh!

[azerial]

Oh cool looks like this has already been done. https://github.com/Cloudbox/Community/pull/365 Teamwork!

[azerial]

Appreciate you all working on this. Its frustrating that linuxserver changed it to the way they did with having a password in cleartext in the environment variables. I wonder if they are changing all of their containers to this. Would it be worth Cloudbox creating their own Calibre image that works the way the old version did with the GUAC_USER/GUAC_PASS environment options as this way a user would then have to have correct username AND password. The way it is right now the username is always abc and person just has to guess the password. Just a thought.

Looking at the commits, It would appear that maybe they did this because they updated the container to python3 (i could be wrong, but it was a massive rework). @mariosemes is a 💯 correct that just adding a htpasswd is the fix. In my testing, the user now receives a user/pass prompt similar to the way that rutorrent does. Its the simplest fix rather than going down a rabbit hole with docker secrets. I do agree with you @dwilliamhouston in not having any password in an environment var.

[dwilliamhouston]

Thanks for fixing this so quickly. Will try it out tonight..

Get Outlook for iOShttps://aka.ms/o0ukef

---

From: azerial @.> Sent: Wednesday, April 21, 2021 3:17:41 PM To: Cloudbox/Community @.> Cc: David Williams @.>; Mention @.> Subject: Re: [Cloudbox/Community] Calibre image has changed and need to add PASSWORD variable (#363)

Appreciate you all working on this. Its frustrating that linuxserver changed it to the way they did with having a password in cleartext in the environment variables. I wonder if they are changing all of their containers to this. Would it be worth Cloudbox creating their own Calibre image that works the way the old version did with the GUAC_USER/GUAC_PASS environment options as this way a user would then have to have correct username AND password. The way it is right now the username is always abc and person just has to guess the password. Just a thought.

Looking at the commitshttps://github.com/linuxserver/docker-calibre/compare/v5.14.0-ls107...v5.16.1-ls112, It would appear that maybe they did this because they updated the container to python3 (i could be wrong, but it was a massive rework). @mariosemeshttps://github.com/mariosemes is a 💯 correct that just adding a htpasswd is the fix. In my testing, the user now receives a user/pass prompt similar to the way that rutorrent does. Its the simplest fix rather than going down a rabbit hole with docker secrets. I do agree with you @dwilliamhoustonhttps://github.com/dwilliamhouston in not having any password in an environment var.

— You are receiving this because you were mentioned. Reply to this email directly, view it on GitHubhttps://github.com/Cloudbox/Community/issues/363#issuecomment-824330392, or unsubscribehttps://github.com/notifications/unsubscribe-auth/AA7LTQUER3F5I5A7WABT5T3TJ4XGLANCNFSM43EYWWQQ.

[azerial]

Can we close this? This is done. The application now uses the proxy username/password combo from the ansible vault.