[FEAT] be able to set a default webui password

[SrGesus]

Is this a new feature request?

• [X] I have searched the existing issues

Wanted change

Be able to easily set a webui password, for example through the use of an environment variable.

There isn't, and we won't be providing one. The upstream approach is a sensible one and we're not going to circumvent it (not least because salted PBKDF2 hashing in Bash is a nightmare).

There are multiple options if a one-time setting of the password isn't something you want to do. Originally posted by @thespad in https://github.com/linuxserver/docker-qbittorrent/issues/268#issuecomment-1830354548

Since, as thespad said in the comment above, being able to provide a password and setting that is out of the question, because it is not trivial, it seems to me like it would be much simpler to allow the user to provide the hash, thus not having to deal with the hashing in bash as mentioned, the user could simply do it himself with python for example, as outlined in this forum thread https://forum.qbittorrent.org/viewtopic.php?t=8149 .

Then it would be simply be a matter of setting and environment variable, e.g:

-e DEFAULT_PWD_PBKDF2="@ByteArray(q+12KDUV69nIdoK92Alh7Q==:HtvIsWsCSN9PnE/gayIruCDeDjnz8TXG+Cw2XUTWs1CJFRXQxyyOyz/FVyU9QtTgEJ9fwxZYJKHaURV42sB0JQ==)" 

or, alternatively:

-e DEFAULT_PWD_PBKDF2="q+12KDUV69nIdoK92Alh7Q==:HtvIsWsCSN9PnE/gayIruCDeDjnz8TXG+Cw2XUTWs1CJFRXQxyyOyz/FVyU9QtTgEJ9fwxZYJKHaURV42sB0JQ==" 

Reason for change

There's no pretty way to currently do that, it requires either manually going to the logs, extracting the password, and changing it, or adding the qBittorrent.conf which requires you to have access to that file (inconvenient), and it to be generated before the docker (bad), or else it will just be overwritten...

I want to be able to generate a random password with terraform, hash it with a python script and then startup the docker, without having to touch the qBittorrent.conf myself.

Proposed code change

If the config file does not exist yet it should be simple, could be a change to https://github.com/linuxserver/docker-qbittorrent/blob/master/root/etc/s6-overlay/s6-rc.d/init-qbittorrent-config/run

For example adding

# copy default config
if [[ ! -f /config/qBittorrent/qBittorrent.conf ]]; then
    cp /defaults/qBittorrent.conf /config/qBittorrent/qBittorrent.conf
    # append default password hash
    echo "WebUI\\Password_PBKDF2=\"@ByteArray(${DEFAULT_PWD_PBKDF2})\"" >> /config/qBittorrent/qBittorrent.conf
fi

[github-actions[bot]]

Thanks for opening your first issue here! Be sure to follow the relevant issue templates, or risk having this issue marked as invalid.

[aptalca]

We don't consider having to look at the logs to be an inconvenience. When you self host services like these, you become the server admin. As a server admin, you should be checking the logs periodically. It's more of a minimum requirement.

Expecting the user to run python commands manually to generate a hash on the other hand is definitely an inconvenience.

Upstream project expects (more llike wants) you to check the log to see the autogenerated password, and forces you to change it upon first login for specific and valid reasons they have stated openly.

We have no intention of circumventing that process.

With that said, you can customize the container however you like (at the expense of losing official support): https://www.linuxserver.io/blog/2019-09-14-customizing-our-containers

[SrGesus]

Having to stop a deployment to go manually grab a value from a log to then use it to continue the deployment, splitting into three steps what should have been a single stage is quite an inconvenience. It's not expecting users to run a python command manually, it would just be part of the deployment, much easier to integrate a script than a manual procedure. I don't see it as circumventing the process, but simply adding a way to add configurations other than the ports.

But either way, thank you for pointing me to the right direction, for my use case i think a custom script will work fine.