pinned docker tag

[s4ke]

Something I noticed while working on our setup:

We already had an instance that was fully set up properly, but as the docker image seems to have been updated, the app started the "first launch setup" where you have to set up all users. Tbh, this spooked me a bit as I don't want this to happen in the future.

This seems to have been introduced in a recent update, but as currently only the :latest tag is available, I was wondering if it was possible to release under versions instead of :latest.

[JulianPrieber]

I was wondering if it was possible to release under versions instead of :latest.

I might be able to work that into my build script.

In the long run, I'd like to find a way to skip the setup on an already installed version.

Currently, the app checks if a certain file is present. If it is, the setup is displayed. Updating the docker of course adds that file again. I deliberately decided against checking if the database is set up already to test if the setup should be displayed or not. I did this to prevent possible hijacks of a page and unauthorized users becoming admins.

I see two ways how I could solve this. Either I'll turn it around and add a file after the setup is done, so if you update your instance and have persistent storage setup that file will still be present. Or I'll add an environment variable that skips the first setup check.

If you have your database already setup, the first setup will not overwrite your existing users. The only thing where you can actually change things, the last step where you can edit some settings.

[s4ke]

Which file are you checking to be present? Maybe it is missing in my mounts.

[JulianPrieber]

Which file are you checking to be present? Maybe it is missing in my mounts.

https://github.com/JulianPrieber/littlelink-custom/blob/main/INSTALLING

[s4ke]

hmm, thanks. Will have to come up with a workaround for the traefik setup then.

But I think checking in the database is the only way to do this properly, I am afraid.

The thing is this: If deployed with a container orchestrator like Docker Swarm or Kubernetes, this file will be recreated constantly.

[s4ke]

Something that can also work and would be compatible with the symlink approach in the deployment we contributed would be to not check if the file exists, but instead writing a value into it. This way, we could just symlink the file to a volume.

For example, if the installation is finished, you simply put the content "false" in there to signal we are not installing.

[JulianPrieber]

For example, if the installation is finished, you simply put the content "false" in there to signal we are not installing.

True.

[JulianPrieber]

I couldn't get the new method to work properly with the updater without normal systems going into the install state after updating. I might implement a proper fix later on, for now it's gonna be this:

I added a system that checks if the system is already setup. If it is, then you can just press the skip button and can use the instance just like normal.

It's not a perfect solution, but has to be good enough for now. If everything goes well, the update will come out later today.

[JulianPrieber]

I might simply modify it so that it doesn't even start the installation, but first I need to see if it's reliable enough.

[s4ke]

What happens if you click on "Next", if the service is already set up? I am thinking about auto-updating docker stacks here, where I don't want a service automatically leaving behind an open invitation to people taking over my server.

[JulianPrieber]

If you press skip, then the installer will be disabled.

I definitely see your problem, I might actually just implement the full skip now and see what happens.

[JulianPrieber]

I rolled back the patch and made a new system.

If you already set up your instance and for some reason the installer check file is added back in, the new system will just disable the updater and everything will function as normal.

[s4ke]

Great. Thanks for hearing me out. In the end this is a good thing for everyone using containers!

[JulianPrieber]

The new system is included in the latest update, which will be live in a few minutes on Docker.

Feel free to test the new feature if it's working correctly.