Update readme

Caddyfile

@@ -1,12 +1,13 @@
+{
+	email %sslmail%
+}
+
 %interface% {
-	basicauth * {
-%userpw%	}
 	log {
 		output file /var/www/web.log
 		format console
 	}
 	php_fastcgi 127.0.0.1:9000
-	request_header +X-User {http.auth.user.id}
 	root * /var/www/uploadpage
 	file_server
 }

Dockerfile

@@ -10,10 +10,11 @@
 
 FROM alpine:latest
 MAINTAINER "gitlab.com/pepa65 <pepa65@passchier.net>"
-RUN apk update && apk add bash php php-fpm ffmpeg tzdata file && rm -rf /lib/apk/db
+RUN apk update && apk add bash php php-fpm ffmpeg tzdata file
 ADD https://good4.eu/mailer /usr/bin/mailer
-ADD https://good4.eu/caddy /usr/bin/caddy
 #ADD https://caddyserver.com/api/download?os=linux&arch=amd64&idempotency=74472262832423 /usr/bin/caddy
+ADD https://good4.eu/caddy /usr/bin/caddy
+COPY Caddyfile Dockerfile /root/
 WORKDIR /var/www
-COPY Caddyfile Dockerfile encode init stream vars ./
+COPY encode init stream vars mailhash ./
 ENTRYPOINT ./init

README.md

@@ -6,23 +6,23 @@
 ### Manual
 * Prepare a Linux server, set its timezone to the users' timezone
   (on deb-based systems: `dpkg-reconfigure tzdata`).
-* On the server, `cd` to the place where you want the files (make sure that
   the webserver user (often `www-data`) has access to the location!).
 * Make sure the packages `git php-fpm ffmpeg` are installed (on deb-based
   systems: `apt install git php-fpm ffmpeg`).
 * Clone repo: `git clone https://gitlab.com/pepa65/streamupload`.
-* `cd streamupload`. Now the output of `pwd` is the value for `$repopath`.
-* Copy `_vars` to `vars` and set the variables
-  `to`, `user`, `password`, `smtp` and `port` in it in order to
-  receive mail notifications when the encodes are finished.
+* Move the `streamupload` directory to a place that is accessible to the web
+  server, like: `mv streamupload /var/www` and `cd` to that place. Now the
+  output of `pwd` is the value for `$repopath`.
+* Copy `_vars` to `vars` and `_mailhash` to `mailhash` and set the variables
+  in `vars` (webserver, SMTP-server) and `mailhash` (usernames, emails and
+  bcrypt-password-hashes).
 * Make a crontab-entry: "* * * * *  $repopath/encode" (replace `$repopath`!).
 * Install the `mailer` binary by downloading it from the repo at
   https://https://github.com/pepa65/mailer/releases/latest and moving it to
   `/usr/local/bin` and make it executable: `chmod +x /usr/local/bin/mailer`.
-  If it's not installed, everything except the email will still work.
+  If it's not installed, everything (except the emails) will still work.
 * Run a php/webserver on `$repopath/uploadpage`:
   - Get it to restart on reboot.
-  - Setting up basicauth on the page is a good idea if others can get access!
   - Change the relevant `php.ini` to allow large file uploads:
     * `post_max_size` - Upper limit of uploaded video sizes, say `10G`.
     * `upload_max_filesize` - same value as `post_max_size`.
@@ -31,28 +31,25 @@
 If no webserver has been installed, an easy way to get going is to use Caddy
 from https://caddyserver.com/download and place the `caddy` binary in
 `/usr/local/bin` and make it executable: `chmod +x /usr/local/bin/caddy`.
-For php functionality, install `php-fpm` (on deb-based systems:
-`apt install php-fpm`) and make the config file `/root/Caddyfile` with:
+Make the config file `/root/Caddyfile` like:
 ```
-:80 {
-	basicauth {
-		$user $hashpassword
+{
+	email $email
 }
+
+:80 {
 	log {
-		output file /var/www/web.log
+		output file $weblogfile
 	}
 	php_fastcgi unix//run/php/php-fpm.sock
-	request_header +X-User {http.auth.user.id}
 	root * $repopath/uploadpage
 	file_server
 }
 ```
 * If the server IP has an DNS A record pointing to it, `:80` can be replaced
-  by the domainname with the A record.
-* Replace `$user` with the desired username for authentication and replace
-  `$hashpassword` with the output of `caddy hash-password` which will
-  ask for the password to be used for authentication. Multiple users (on
-  separate lines) are allowed.
+  by the domainname with the A record, and it will be SSL-encrypted.
+* Replace `$email` with an email for the SSL-certificates.
+* Replace `$weblogfile` with a path for a webserver logfile.
 * Replace `$repopath` (see above in Install).
 * The value of `/run/php/php-fpm.sock` might need to be adjusted, depending
   on the system used, it needs to be the unix socket for php.
@@ -75,15 +72,17 @@ sleep 1
   and make it executable: `chmod +x /root/Caddy`.
 
 ### Docker
-After cloning this repo and `cd streamupload`, a docker image can be built
-from the included `Dockerfile` by: `docker build -t streamupload .`.
-In the case of running on a LAN and not having a DNS A record, start it with:
+After cloning this repo, `cd streamupload`, and setting the variables in `vars` and
+`mailhash`, a docker image can be built from the included `Dockerfile` by:
+`docker build -t streamupload .`. In the case of running on a LAN and not having a
+DNS A record, start it with:
 `docker run -d -p 8080:80 -v $PWD/uploadpage:/var/www/uploadpage streamupload`.
 In case of a domainname, replace `8080:80` by `443:443`.
 
 ## Usage
 * Get a streamkey for the target by scheduling a stream
   (supported are: Restream.io, YouTube.com, Facebook.com).
-* Go to the server's IP address in the browser: `http://$ipaddress` or to the
+* Go to the server's URL in the browser: `http://$ipaddress:8080` or to the
   domainname if available: `https://$domainname`.
+* Log in with the username and passwors as prepared in `mailhash`.
 * Fill in the form, and click "Schedule Stream".

_mailhash

@@ -1,3 +1,3 @@
-# Separated by TABs: user/mail/bcrypt-hash
-# Get hash:  php -r "echo password_hash('$password', PASSWORD_BCRYPT);"
+# Separated by TABs: username / email / bcrypt-hash
+# Get bcrypt-hash:  php -r "echo password_hash('$password', PASSWORD_BCRYPT);"
 username	e@ma.il	$2y$10$XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX

_vars

@@ -1,18 +1,15 @@
 ## Variables for the install script
 # All have to be filled in, except if they have a default
 
+# Timezone for local user
+tz='Asia/Bangkok'
+
 # Interface for serving the page: ':80' or 'domain.name'
 # Defaults to ':80'
 interface=''
 
-# Timezone for local user
-tz='UTC'
-
-# Username / Email / Password/Hash (multiple users allowed)
-# Must have at least one Username and Email with either Password or Hash
-declare -A umail upw uhash
-u='username' umail[$u]='email' upw[$u]='password'
-u='username' umail[$u]='email' uhash[$u]='$(caddy hash-password)'
+# Email for registering SSL-certificate
+sslmail='(valid email)'
 
 # Variables for mailer
 user='(smtp login)'

init

@@ -15,21 +15,14 @@ crond
 line='SHELL=/bin/bash\n\n# Every minute\n* * * * *  /var/www/encode\n\n# Streams'
 echo -e "$line" |crontab -
 
+sed -i "s/%sslmail%/$sslmail/" /root/Caddyfile
+
 [[ $interface ]] || interface=:80
-sed -i "s/%interface%/$interface/" Caddyfile
+sed -i "s/%interface%/$interface/" /root/Caddyfile
 
 chmod +x /usr/bin/caddy /usr/bin/mailer
-up=
-shopt -s nullglob
-for u in "${!upw[@]}"
-do hash=${uhash[$u]}
-	[[ $hash ]] || hash=$(caddy hash-password --plaintext "${upw["$u"]}")
-	up+="\t\t$u $hash#"
-done
-sed "s/%userpw%/$(echo -en "$up")/" Caddyfile |tr '#' '\n' >/srv/c
-mv /srv/c Caddyfile
 
 php-fpm8 -R
-caddy start >caddy.log
+caddy start --config /root/Caddyfile --adapter caddyfile >caddy.log
 
 sleep 9999d