From e539195dbf21e0ce8e3b6f9b9533fd819d309838 Mon Sep 17 00:00:00 2001 From: Jason Bissict Date: Mon, 15 Jan 2024 10:35:21 +0200 Subject: [PATCH] Clean up .env configurations --- README.md | 25 +++++--------- frontend.env.dist | 33 ++++++++++++++----- switchboard.env.dist | 77 ++++++++++++++++++++++++++++++++------------ 3 files changed, 90 insertions(+), 45 deletions(-) diff --git a/README.md b/README.md index b596a95..3c0a602 100644 --- a/README.md +++ b/README.md @@ -64,17 +64,11 @@ $ sudo pip install -U docker-compose * We distribute two .env files that will be used for configuration, namely ```switchboard.env.dist``` and ```frontend.env.dist```. You'll need to copy/rename them to ```switchboard.env``` and ```frontend.env``` respectively (this ensures that your configuration doesn't get blown away if you pull changes). Once that is done, you can edit them: -1) Set the `CANARY_PUBLIC_IP` in both configurations to the same public IP used for the external public IP for switchboard which handles the Canarytoken triggers. +1) Please go through both your newly created configuration files, `switchboard.env` and `frontend.env`, and fill in the `Required Settings` section. The `Optional Settings` are not required to work and have sane defaults so don't change them if you don't need to. -2) Set the values for `CANARY_DOMAINS` in ```frontend.env```. These must be domains you own because you will need to add an A record to each `CANARY_DOMAINS` specified pointing the domain towards your docker's public IP. +2) Next decide on which email provider you want to use to send alerts. You will have to decide between `mailgun`, `SMTP` and `sendgrid`. The relevant required details can be found in the relevant `.env` file. -3) [NOTE: This step is only necessary if you want to use PDF tokens] Set the values for `CANARY_NXDOMAINS` in ```frontend.env```. These must be domains you own because you will need to add an NS record to each `CANARY_NXDOMAINS` specified pointing the domain towards your previously specified `CANARY_DOMAINS`. - -4) Uncomment 'CANARY_PUBLIC_DOMAIN' in ```switchboard.env``` and set it to one of the domains defined for `CANARY_DOMAINS` in ```frontend.env```(if you do not uncomment and set it, the Public IP will be used). - -5) Next decide on which email provider you want to use to send alerts. If you are using Mailgun to send emails, uncomment `CANARY_MAILGUN_DOMAIN_NAME` and `CANARY_MAILGUN_API_KEY` from ```switchboard.env``` and set the values. If you are using Mandrill or Sendgrid instead, uncomment the appropriate API key setting and set it. If using Mailgun's European infrastructure for your Canarytokens Server, you will need to add `CANARY_MAILGUN_BASE_URL=https://api.eu.mailgun.net` to your `switchboard.env`. - -6) Generate a single unique WireGuard key seed to set as `CANARY_WG_PRIVATE_KEY_SEED` in both `switchboard.env` and `frontend.env` with the command: +3) Generate a single unique WireGuard key seed to set as `CANARY_WG_PRIVATE_KEY_SEED` in both `switchboard.env` and `frontend.env` with the command: ``` dd bs=32 count=1 if=/dev/urandom 2>/dev/null | base64 @@ -90,25 +84,22 @@ dd bs=32 count=1 if=/dev/urandom 2>/dev/null | base64 * frontend.env ``` #These domains are used for general purpose tokens +CANARY_PUBLIC_IP=1.1.1.1 CANARY_DOMAINS=example1.com,example2.com #These domains are only used for PDF tokens CANARY_NXDOMAINS=example3.com #Requires a Google Cloud API key to generate an incident map on the history page with the Maps JavaScript API -#CANARY_GOOGLE_API_KEY= -CANARY_PUBLIC_IP=1.1.1.1 -CANARY_WG_PRIVATE_KEY_SEED=vk/GD+frlhve/hDTTSUvqpQ/WsQtioKAri0Rt5mg7dw= - +CANARY_GOOGLE_API_KEY= +LOG_FILE=frontend.log ``` * switchboard.env (Example using Mailgun for email) ``` +CANARY_PUBLIC_DOMAIN=mydomain.com +LOG_FILE=switchboard.log CANARY_MAILGUN_DOMAIN_NAME=x.y CANARY_MAILGUN_API_KEY=zzzzzzzzzz -#CANARY_MANDRILL_API_KEY= -#CANARY_SENDGRID_API_KEY= -CANARY_PUBLIC_IP=1.1.1.1 -CANARY_PUBLIC_DOMAIN=my.domain CANARY_ALERT_EMAIL_FROM_ADDRESS=noreply@example.com CANARY_ALERT_EMAIL_FROM_DISPLAY="Example Canarytokens" CANARY_ALERT_EMAIL_SUBJECT="Canarytoken" diff --git a/frontend.env.dist b/frontend.env.dist index 02f9529..cbb8ee5 100644 --- a/frontend.env.dist +++ b/frontend.env.dist @@ -1,11 +1,28 @@ -CANARY_DOMAINS=localhost -CANARY_NXDOMAINS=yourdomain.com -CANARY_PUBLIC_IP= +# Required Settings +CANARY_PUBLIC_IP= #str +CANARY_DOMAINS=yourdomain.com #list[str] +CANARY_NXDOMAINS=nx.yourdomain.com #list[str] +LOG_FILE=frontend.log #str -#CANARY_GOOGLE_API_KEY= +# Optional Settings (these have sane defaults) +#CANARY_API_APP_TITLE=Canarytokens #str +#CANARY_SENTRY_DSN= #HttpUrl +#CANARY_SENTRY_ENVIRONMENT= # ["prod", "staging", "dev", "ci", "local"] +#CANARY_SENTRY_ENABLE= # bool -CANARY_WEB_IMAGE_UPLOAD_PATH=/uploads -#Enter number so 1024*1024*10 = 10485760 -CANARY_MAX_UPLOAD_SIZE=10485760 +# upload settings +#CANARY_MAX_UPLOAD_SIZE= #int +#CANARY_WEB_IMAGE_UPLOAD_PATH= #str -LOG_FILE=frontend.log +# log settings +#CANARY_FRONTEND_LOG_SIZE= #int +#CANARY_FRONTEND_LOG_COUNT= #int + +# 3rd party settings +#CANARY_AWSID_URL= #str +#CANARY_AZURE_ID_TOKEN_URL= #str +#CANARY_AZURE_ID_TOKEN_AUTH= #str +#CANARY_GOOGLE_API_KEY= #str +#CANARY_EXTEND_EMAIL= #str +#CANARY_EXTEND_PASSWORD= #str +#CANARY_EXTEND_CARD_NAME= #str diff --git a/switchboard.env.dist b/switchboard.env.dist index 5b1c794..fb3163c 100644 --- a/switchboard.env.dist +++ b/switchboard.env.dist @@ -1,20 +1,57 @@ -#CANARY_MAILGUN_DOMAIN_NAME= -#CANARY_MAILGUN_API_KEY= -#CANARY_MANDRILL_API_KEY= -#CANARY_SENDGRID_API_KEY= -CANARY_PUBLIC_IP= -#CANARY_PUBLIC_DOMAIN= -CANARY_ALERT_EMAIL_FROM_ADDRESS= -CANARY_ALERT_EMAIL_FROM_DISPLAY= -CANARY_ALERT_EMAIL_SUBJECT= -#CANARY_IPINFO_API_KEY= - -CANARY_TOKEN_RETURN=fortune - -CANARY_WEB_IMAGE_UPLOAD_PATH=/uploads - -LOG_FILE=switchboard.log - -# Default protocol to use in notification links. If you don't use LetsEncrypt, set to http -PROTOCOL=https -ERROR_LOG_WEBHOOK= +# Required Settings +CANARY_PUBLIC_DOMAIN= #str +CANARY_WG_PRIVATE_KEY_SEED= #str +LOG_FILE=switchboard.log #str + +# Optional Settings (these have sane defaults) +#CANARY_CHANNEL_DNS_IP= #str +#CANARY_CHANNEL_DNS_PORT= #int +#CANARY_CHANNEL_HTTP_PORT= #int +#CANARY_CHANNEL_SMTP_PORT= #int +#CANARY_CHANNEL_MYSQL_PORT= #int +#CANARY_CHANNEL_MTLS_KUBECONFIG_PORT= #int +#CANARY_CHANNEL_WIREGUARD_PORT= #int +#CANARY_SWITCHBOARD_SCHEME= #["https", "http"] +#CANARY_FORCE_HTTPS= #bool +#CANARY_REAL_IP_HEADER= #str + +#CANARY_WG_PRIVATE_KEY_N= #str + +# Email Alert Settings +#CANARY_ALERT_EMAIL_FROM_ADDRESS= #str +#CANARY_ALERT_EMAIL_FROM_DISPLAY= #str +#CANARY_ALERT_EMAIL_SUBJECT= #str + +# Alert Settings +#CANARY_MAX_ALERTS_PER_MINUTE= #int +#CANARY_MAX_ALERT_FAILURES= #int + +# 3rd Party Settings +#CANARY_IPINFO_API_KEY= #str + +# Mailgun Required Settings +#CANARY_MAILGUN_API_KEY= #str +#CANARY_MAILGUN_BASE_URL= #str +#CANARY_MAILGUN_DOMAIN_NAME= #str + +# Sendgrid Required Settings +#CANARY_SENDGRID_API_KEY= #str +#CANARY_SENDGRID_SANDBOX_MODE= #str + +# SMTP Required Settings +#CANARY_SMTP_USERNAME= #str +#CANARY_SMTP_PASSWORD= #str +#CANARY_SMTP_SERVER= #str +#CANARY_SMTP_PORT= #str + +# Sentry Settings +#CANARY_SENTRY_DSN= #str +#CANARY_SENTRY_ENVIRONMENT= #["prod", "staging", "dev", "ci", "local"] +#CANARY_SENTRY_ENABLE= #bool + +# Logging Settings +#CANARY_SWITCHBOARD_LOG_SIZE= #int +#CANARY_SWITCHBOARD_LOG_COUNT= #int +#ERROR_LOG_WEBHOOK= #str + +#CANARY_TOKEN_RETURN= #["gif", "fortune"] \ No newline at end of file