diff --git a/README.md b/README.md index 5d57036..26cbba4 100644 --- a/README.md +++ b/README.md @@ -46,7 +46,22 @@ Add favicon.ico to `static/favicon.ico` 5. Generate initial registration token: ```bash -openssl rand -base64 32 | tr -d '/+=' | head -c 32 > .registration_token +openssl rand -hex 16 > .registration_token +``` + +6. Set up token rotation: +```bash +# Copy and configure the token refresh script +cp example-refresh_token.sh refresh_token.sh +nano refresh_token.sh # configure paths for your environment + +# Make it executable +chmod +x refresh_token.sh + +# Add to crontab (runs at midnight UTC) +crontab -e +# Add this line: +0 0 * * * /path/to/your/hand_of_morpheus/refresh_token.sh 2>&1 ``` ## Configuration @@ -71,15 +86,6 @@ smtp: You can also customize the subject and body of the email that is sent. -## Token Rotation - -Add this to your crontab to rotate the registration token daily at 00:00 UTC: - -```bash -# Edit crontab with: crontab -e -0 0 * * * openssl rand -base64 32 | tr -d '/+=' | head -c 32 > /path/to/hand_of_morpheus/.registration_token -``` - ## Running the Server ```bash @@ -102,26 +108,4 @@ Consider running in a `tmux` session, or creating a system service for it. - Regularly backup `registrations.json` - Monitor logs for abuse patterns -## Example Conduwuit docker run command - -```bash -docker run -d \ - -p 127.0.0.1:8448:6167 \ - -v db:/var/lib/conduwuit/ \ - -v /path/to/hand_of_morpheus/.registration_token:/registration_token:ro \ - -e CONDUWUIT_SERVER_NAME="your.domain" \ - -e CONDUWUIT_DATABASE_PATH="/var/lib/conduwuit/conduwuit.db" \ - -e CONDUWUIT_DATABASE_BACKUP_PATH="/var/lib/conduwuit/backup" \ - -e CONDUWUIT_ALLOW_REGISTRATION=true \ - -e CONDUWUIT_REGISTRATION_TOKEN_FILE="/registration_token" \ - -e CONDUWUIT_PORT=6167 \ - -e CONDUWUIT_ADDRESS="0.0.0.0" \ - -e CONDUWUIT_NEW_USER_DISPLAYNAME_SUFFIX="" \ - -e CONDUWUIT_ALLOW_PUBLIC_ROOM_DIRECTORY_OVER_FEDERATION=true \ - -e CONDUWUIT_ALLOW_PUBLIC_ROOM_DIRECTORY_WITHOUT_AUTH=true \ - -e CONDUWUIT_ALLOW_FEDERATION=true \ - -e CONDUWUIT_AUTO_JOIN_ROOMS='["#community:your.domain","#welcome:your.domain"]' \ - --name conduwuit \ - --restart unless-stopped \ - ghcr.io/girlbossceo/conduwuit:v0.5.0-rc2-e5049cae4a3890dc5f61ead53281f23b36bf4c97 - ``` \ No newline at end of file +The included `refresh_token.sh` script handles both token rotation and conduwuit container management. Review and adjust its settings before use.