Handle password securely, needs htpasswd to create user:password:

- Update tpotinit and entrypoint.sh to reflect this - Update install.sh to reflect this - Update .env / env.example to reflect this Reorder recommended packages in T-Pot Playbook Add packages to T-Pot Playbook to ensure manual deployment via Ansible will offer the same environment as manual local installation via install.sh and local Ansible deployment.
2025-07-02 01:27:27 -04:00 · 2023-07-05 23:03:41 +02:00
parent b3f1b71054
commit 12af5c9d46
5 changed files with 40 additions and 34 deletions
--- a/env.example
+++ b/env.example
@ -1,11 +1,10 @@
 # T-Pot config file. Do not remove.

-# Set Web username and password here, only required for first run
-#  Removing the password after first run is recommended
-#  You can always add or remove users as you see fit using htpasswd:
-#  htpasswd -b -c /<data_folder>/nginx/conf/nginxpasswd <username> <password>
-WEB_USER='changeme'
-WEB_PW='changeme'
+# Set Web username and password here, it will be used to create the Nginx password file nginxpasswd.
+#  Use 'htpasswd -n <username>' to create the WEB_USER if you want to manually deploy T-Pot
+#  Example: 'htpasswd -n tsec' will print tsec:$apr1$TdJGdsss$6yLsxPmOcXb2kaEZ7lKva0
+#  Copy the string and replace WEB_USER='tsec:$apr1$TdJGdsss$6yLsxPmOcXb2kaEZ7lKva0'
+WEB_USER='change:me'

 # T-Pot Blackhole
 #  ENABLED: T-Pot will download a db of known mass scanners and nullroute them
@ -32,9 +31,9 @@ TPOT_DOCKER_ENV=./.env
 TPOT_DOCKER_COMPOSE=./docker-compose.yml

 # T-Pot Repo
-#  Depending on where you are located you may choose between DockerHub and GHCR
-#  dtagdevsec: This will use the DockerHub image registry
-#  ghcr.io/telekom-security: This will use the GitHub container registry
+# Depending on where you are located you may choose between DockerHub and GHCR
+# dtagdevsec: This will use the DockerHub image registry
+# ghcr.io/telekom-security: This will use the GitHub container registry
 TPOT_REPO=dtagdevsec

 # T-Pot Version Tag