nevets963
commented
2 years ago Hi @loganmarchione, not at this stage. 1 thing to note is that these services (such as databases) are typically only accessible inside the Docker bridge. Therefore they're not exposed on the host to ensure they're not accessable by the outside world with these default credentials...
There were some thoughts in the community to improve the current situation:
- Use deterministic passwords for services. These would be random strings, but always compute to the same string using some seed value
- The user enters some credentials when they first install the app
I'm sure this makes the initial point-and-click setup easier for new users, but I don't like the idea of my database username/password being publicly known and hardcoded. Is there a way to specify credentials before the docker-compose file will start?
Even if Umbrel isn't exposed to the internet, maybe put a warning here about hardcoded default credentials? Below are two examples, but I'm sure there are more.
Gitea https://github.com/getumbrel/umbrel-apps/blob/e7c053ffbd55091f5f1205522470d06563824f71/gitea/docker-compose.yml#L31
https://github.com/getumbrel/umbrel-apps/blob/e7c053ffbd55091f5f1205522470d06563824f71/gitea/docker-compose.yml#L45
Mempool
https://github.com/getumbrel/umbrel-apps/blob/e7c053ffbd55091f5f1205522470d06563824f71/mempool/docker-compose.yml#L42
https://github.com/getumbrel/umbrel-apps/blob/e7c053ffbd55091f5f1205522470d06563824f71/mempool/docker-compose.yml#L59