From da6b3400a028461cfa38021355d0ea3e5bfb4dab Mon Sep 17 00:00:00 2001
From: Eliot Berriot <contact@eliotberriot.com>
Date: Fri, 5 Apr 2019 17:48:04 +0200
Subject: [PATCH] Better permissions on .env file, added a few missing env vars
 in mono-container install

---
 docs/installation/debian.rst | 4 +++-
 docs/installation/docker.rst | 7 +++++++
 2 files changed, 10 insertions(+), 1 deletion(-)

diff --git a/docs/installation/debian.rst b/docs/installation/debian.rst
index e8780fe8e..06449cf7f 100644
--- a/docs/installation/debian.rst
+++ b/docs/installation/debian.rst
@@ -199,6 +199,7 @@ Download the sample environment file:
 
         cp /srv/funkwhale/deploy/env.prod.sample /srv/funkwhale/config/.env
 
+
 Generate a secret key for Django::
 
     openssl rand -base64 45
@@ -208,7 +209,8 @@ configuration options are mentioned at the top of the file.
 
 .. code-block:: shell
 
-    nano /srv/funkwhale/api/.env
+    chmod 600 /srv/funkwhale/config/.env  # reduce permissions on the .env file since it contains sensitive data
+    nano /srv/funkwhale/config/.env
 
 Paste the secret key you generated earlier at the entry
 ``DJANGO_SECRET_KEY`` and populate the ``DATABASE_URL``
diff --git a/docs/installation/docker.rst b/docs/installation/docker.rst
index b6f67f5e4..f227ace61 100644
--- a/docs/installation/docker.rst
+++ b/docs/installation/docker.rst
@@ -52,10 +52,15 @@ Create an env file to store a few important configuration options:
     touch .env
     echo "FUNKWHALE_HOSTNAME=yourdomain.funkwhale" >> .env
     echo "FUNKWHALE_PROTOCOL=https" >> .env  # or http
+    echo "NGINX_MAX_BODY_SIZE=100M" >> .env
+    echo "FUNKWHALE_API_IP=127.0.0.1" >> .env
+    echo "FUNKWHALE_API_PORT=5000" >> .env  # or the container port you want to expose on the host
     echo "DJANGO_SECRET_KEY=$(openssl rand -hex 45)" >> .env  # generate and store a secure secret key for your instance
     # Remove this if you expose the container directly on ports 80/443
     echo "NESTED_PROXY=1" >> .env
 
+    chmod 600 .env  # reduce permissions on the .env file since it contains sensitive data
+
 Then start the container:
 
 .. code-block:: shell
@@ -179,8 +184,10 @@ Create your env file:
 
     curl -L -o .env "https://dev.funkwhale.audio/funkwhale/funkwhale/raw/|version|/deploy/env.prod.sample"
     sed -i "s/FUNKWHALE_VERSION=latest/FUNKWHALE_VERSION=$FUNKWHALE_VERSION/" .env
+    chmod 600 .env  # reduce permissions on the .env file since it contains sensitive data
     sudo nano .env
 
+
 Ensure to edit it to match your needs (this file is heavily commented), in particular ``DJANGO_SECRET_KEY`` and ``FUNKWHALE_HOSTNAME``.
 You should take a look at the `configuration reference <https://docs.funkwhale.audio/configuration.html#configuration-reference>`_ for more detailed information regarding each setting.