Skip to content

enhance installation guide with login salt recommendation and configuration details #128

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
wants to merge 1 commit into
base: staging
Choose a base branch
from
Open

enhance installation guide with login salt recommendation and configuration details #128

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
12 changes: 12 additions & 0 deletions admin_guide/customization.rst
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -9,6 +9,7 @@ The functionality as well as the look-and-feel of an instance can be customized

The purpose of the ``customize`` directory is to make it easier to upgrade CryptPad while maintaining customizations in place. Occasionally, a major new version may introduce breaking changes or require adjustments in the customizations. Administrators with customized instances are therefore encouraged to **read instructions carefully before each upgrade**.

.. _admin_application_config:

Application config
------------------
Expand All @@ -27,6 +28,17 @@ To disable unregistered use of CryptPad, add the following to ``customize/applic

AppConfig.registeredOnlyTypes = AppConfig.availablePadTypes;

This will prevent unregistered users from using any of the applications.

To block unregistered users from creating or saving new documents, add the following lines to ``customize/application_config.js``:

.. code:: javaScript

AppConfig.disableAnonymousPadCreation = true;
AppConfig.disableAnonymousStore = true;

However, documents can still be shared with unregistered users, allowing them to edit and view files via shared links.

.. note::

To close registration of new users on the instance, see :ref:`admin_close_registration` in the admin panel.
Expand Down
27 changes: 27 additions & 0 deletions admin_guide/installation.rst
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -344,6 +344,33 @@ contains at least:

httpSafeOrigin: "https://some-other-domain.xyz",


It is strongly recommended to set a login salt before users create accounts on your instance. This makes it more difficult for attackers to use rainbow tables or reuse credentials from other CryptPad instances.

.. warning::
The login salt can only be set when first creating your CryptPad instance.
**Changing it later will break logins for all existing users.**

Create ``customize/application_config.js`` file (see :ref:`admin_application_config`) and add the following configuration, replacing the preset value with a random string of your choice:

Generate a random 32 character string:

.. code:: bash

openssl rand -hex 32

Then add the following to ``customize/application_config.js``:

.. code:: javascript

AppConfig.loginSalt = '<RANDOM-SALT>';

You may also want to increase the minimum password length by adding:

.. code:: javascript

AppConfig.minimumPasswordLength = 8;

.. _admin_instance_setup:

Setup your instance
Expand Down