CorneliousJD Posted March 19, 2021 Share Posted March 19, 2021 (edited) What is a One-Time Secret? A one-time secret is a link that can be viewed only one time. A single-use URI. Demo here: https://onetimesecret.com/ Note: This version does not feature sign ups or accounts, and can be customized with different logos/colors. Why would I want to use it? When you send people sensitive info like passwords and private links via email or chat, there are copies of that information stored in many places. If you use a one-time link instead, the information persists for a single viewing which means it can't be read by someone else later. This allows you to send sensitive information in a safe way knowing it's seen by one person only. Think of it like a self-destructing message. Dependencies Redis (with a password set). This can easily be achieved by installing the bitnami/redis (A75G's repository) container, and choose "No" for the "allow empty password" option, and setting a password. Note that I had issues connecting when my Redis passwords had special characters. Considerations You will probably want to enable persistent storage for Redis so that any pending links that haven't been viewed or expired yet are not lost when the Redis container is restarted/updated/etc. You can read more about persisting Redis here for the Bitnami container here: https://github.com/bitnami/bitnami-docker-redis#persisting-your-database This is my current Redis setup, which has persistence enabled from mapping the volume. I chose to disable AOF on my specific instance since it will not need to "play-back" from the log file, just a database snapshot for my purpsoes is enough. Reverse Proxy (NPM) This should just work without any extra config. Reverse Proxy (SWAG) Credit to @christ777 server { listen 443 ssl; listen [::]:443 ssl; server_name onetime.*; #change onetime.* if you use other subdomain than the standard one you. include /config/nginx/ssl.conf; client_max_body_size 0; location / { include /config/nginx/proxy.conf; resolver 127.0.0.11 valid=30s; set $upstream_app OneTimeSecret; set $upstream_port 7143; set $upstream_proto http; proxy_pass $upstream_proto://$upstream_app:$upstream_port; } } Edited October 17, 2021 by CorneliousJD Quote Link to comment
Shad0wWulf Posted March 20, 2021 Share Posted March 20, 2021 Thanks for this, But getting a error: ##### Performing vars check ##### All required vars are set. ##### Building OTS configuration file from environment variables ##### ##### Apply style customisations ##### % Total % Received % Xferd Average Speed Time Time Time Current Dload Upload Total Spent Left Speed ##### Starting OTS ##### `/` is not writable. Bundler will use `/tmp/bundler/home/unknown' as your home directory temporarily. Tried using a container path of /data but not going to use / as thats everything. Quote Link to comment
CorneliousJD Posted March 20, 2021 Author Share Posted March 20, 2021 2 hours ago, Shad0wWulf said: Thanks for this, But getting a error: ##### Performing vars check ##### All required vars are set. ##### Building OTS configuration file from environment variables ##### ##### Apply style customisations ##### % Total % Received % Xferd Average Speed Time Time Time Current Dload Upload Total Spent Left Speed ##### Starting OTS ##### `/` is not writable. Bundler will use `/tmp/bundler/home/unknown' as your home directory temporarily. Tried using a container path of /data but not going to use / as thats everything. That error shouldn't matter actually, it doesn't make a different in operation, no data is required to be stored long-term in this container. Redis persistence is the only thing you would want (and that's even a maybe, since all this data is burned so quickly anyways) PS - Sorry about leaving an image URL in there, was using that for testing, editing template now to remove it whoops! Quote Link to comment
Shad0wWulf Posted March 20, 2021 Share Posted March 20, 2021 It doesn't work, It will appear as if its booting. chuck out all of this in the log, and then it will quit. No warnings, no errors no nothing. ##### Performing vars check ##### All required vars are set. ##### Building OTS configuration file from environment variables ##### ##### Apply style customisations ##### % Total % Received % Xferd Average Speed Time Time Time Current Dload Upload Total Spent Left Speed ##### Starting OTS ##### `/` is not writable. Bundler will use `/tmp/bundler/home/unknown' as your home directory temporarily. /usr/local/lib/ruby/2.6.0/fileutils/version.rb:4: warning: already initialized constant FileUtils::VERSION /usr/local/bundle/gems/fileutils-1.3.0/lib/fileutils/version.rb:4: warning: previous definition of VERSION was here /usr/local/lib/ruby/2.6.0/fileutils.rb:1267: warning: already initialized constant FileUtils::Entry_::S_IF_DOOR /usr/local/bundle/gems/fileutils-1.3.0/lib/fileutils.rb:1285: warning: previous definition of S_IF_DOOR was here /usr/local/lib/ruby/2.6.0/fileutils.rb:1540: warning: already initialized constant FileUtils::Entry_::DIRECTORY_TERM /usr/local/bundle/gems/fileutils-1.3.0/lib/fileutils.rb:1568: warning: previous definition of DIRECTORY_TERM was here /usr/local/lib/ruby/2.6.0/fileutils.rb:1595: warning: already initialized constant FileUtils::OPT_TABLE /usr/local/bundle/gems/fileutils-1.3.0/lib/fileutils.rb:1626: warning: previous definition of OPT_TABLE was here /usr/local/lib/ruby/2.6.0/fileutils.rb:1649: warning: already initialized constant FileUtils::LOW_METHODS /usr/local/bundle/gems/fileutils-1.3.0/lib/fileutils.rb:1685: warning: previous definition of LOW_METHODS was here /usr/local/lib/ruby/2.6.0/fileutils.rb:1656: warning: already initialized constant FileUtils::METHODS /usr/local/bundle/gems/fileutils-1.3.0/lib/fileutils.rb:1692: warning: previous definition of METHODS was here /source/onetime/vendor/bundle/ruby/2.6.0/gems/thin-1.5.0/lib/thin/server.rb:104: warning: constant ::Fixnum is deprecated /source/onetime/lib/onetime/core_ext.rb:30: warning: constant ::Fixnum is deprecated /source/onetime/vendor/bundle/ruby/2.6.0/gems/attic-0.5.3/lib/attic.rb:13: warning: constant ::Fixnum is deprecated /source/onetime/vendor/bundle/ruby/2.6.0/gems/gibbler-0.8.9/lib/gibbler.rb:654: warning: constant ::Fixnum is deprecated /source/onetime/vendor/bundle/ruby/2.6.0/gems/gibbler-0.8.9/lib/gibbler.rb:655: warning: constant ::Bignum is deprecated This is the create command from Docker root@localhost:# /usr/local/emhttp/plugins/dynamix.docker.manager/scripts/docker create --name='OneTimeSecret' --net='bridge' --privileged=true -e TZ="UTC" -e HOST_OS="Unraid" -e 'OTS_DOMAIN'='onetimepw.mydomain.com' -e 'OTS_MASTER_KEY'='myrandomkey' -e 'OTS_REDIS_HOST'='192.168.1.6' -e 'OTS_REDIS_PORT'='6379' -e 'OTS_REDIS_PW'='redispw' -e 'OTS_IMAGE_FAV_ICON'='' -e 'OTS_IMAGE_LOGO'='https://www.computingtech.net/wp-content/uploads/2016/08/Full_Flat_CT_Logo.png' -e 'OTS_COLOR'='#DD4A22' -e 'OTS_SSL'='true' -p '5000:5000/tcp' 'siw36/onetimesecret' Quote Link to comment
CorneliousJD Posted March 20, 2021 Author Share Posted March 20, 2021 2 hours ago, Shad0wWulf said: It doesn't work, It will appear as if its booting. chuck out all of this in the log, and then it will quit. No warnings, no e This is the create command from Docker root@localhost:# /usr/local/emhttp/plugins/dynamix.docker.manager/scripts/docker create --name='OneTimeSecret' --net='bridge' --privileged=true -e TZ="UTC" -e HOST_OS="Unraid" -e 'OTS_DOMAIN'='onetimepw.mydomain.com' -e 'OTS_MASTER_KEY'='myrandomkey' -e 'OTS_REDIS_HOST'='192.168.1.6' -e 'OTS_REDIS_PORT'='6379' -e 'OTS_REDIS_PW'='redispw' -e 'OTS_IMAGE_FAV_ICON'='' -e 'OTS_IMAGE_LOGO'='https://www.computingtech.net/wp-content/uploads/2016/08/Full_Flat_CT_Logo.png' -e 'OTS_COLOR'='#DD4A22' -e 'OTS_SSL'='true' -p '5000:5000/tcp' 'siw36/onetimesecret' So the warnings you posted are normal, that's just how this container is, but it still works (I didn't create OneTimeSecret or this container, simply bringing it to CA as a template.) Try keeping it simple at first, try with the following settings instead, because I just spun up a new container on a test server and it's all still working for me there. It looks like you're setting privelaged to true, setting a domain, setting SSL to true, and changing ports BOTH to 5000? (Don't do this, container port needs to remain 7143 or you'll never connect...) Try not doing all that, start with a base setup with no other modifications, something like this. Quote Link to comment
Shad0wWulf Posted March 21, 2021 Share Posted March 21, 2021 Right, Those settings were only changed to try and fix it. I removed my very long 120 char master key and removed all symbols and made it alot shorter and that seems to have fixed it, But not on the first run after a fair few of retrys it eventually started. So i guess some odd config was saved in the .env file which now was overwritten. Very odd Thanks Quote Link to comment
CorneliousJD Posted March 21, 2021 Author Share Posted March 21, 2021 3 hours ago, Shad0wWulf said: Right, Those settings were only changed to try and fix it. I removed my very long 120 char master key and removed all symbols and made it alot shorter and that seems to have fixed it, But not on the first run after a fair few of retrys it eventually started. So i guess some odd config was saved in the .env file which now was overwritten. Very odd Thanks Interesting, thanks for sharing your findings. I did more testing and I used a 64 character key with special characters without issue, but I did run into an issue it seems if my Redis passwords had special charcaters in it, but it straight up told me it couldn't connect to Redis at that point, so it gave the proper error on that one. Quote Link to comment
christ777 Posted October 16, 2021 Share Posted October 16, 2021 Thanks! What an awesome application, perfect for running on an unraid machine. I used this config file for setting up the reverse proxy with Swag server { listen 443 ssl; listen [::]:443 ssl; server_name onetime.*; #change onetime.* if you use other subdomain than the standard one you. include /config/nginx/ssl.conf; client_max_body_size 0; location / { include /config/nginx/proxy.conf; resolver 127.0.0.11 valid=30s; set $upstream_app OneTimeSecret; set $upstream_port 7143; set $upstream_proto http; proxy_pass $upstream_proto://$upstream_app:$upstream_port; } } Quote Link to comment
CorneliousJD Posted October 17, 2021 Author Share Posted October 17, 2021 On 10/16/2021 at 6:17 PM, christ777 said: Thanks! What an awesome application, perfect for running on an unraid machine. I used this config file for setting up the reverse proxy with Swag thanks for this, I'll add it to the first post and credit you for this Quote Link to comment
Wes Posted April 3, 2022 Share Posted April 3, 2022 Could you provide any guidance on the customization settings? I've entered a url to a png file but best I ever get is the OTS secret logo disappearing without my logo showing. Here is what I see at the start of the log: today at 9:52:41 PM##### Performing vars check ##### today at 9:52:41 PMAll required vars are set. today at 9:52:41 PM##### Building OTS configuration file from environment variables ##### today at 9:52:41 PM##### Apply style customisations ##### today at 9:52:41 PM % Total % Received % Xferd Average Speed Time Time Time Current today at 9:52:41 PM Dload Upload Total Spent Left Speed today at 9:52:41 PM today at 9:52:41 PM##### Starting OTS ##### Quote Link to comment
CorneliousJD Posted April 3, 2022 Author Share Posted April 3, 2022 18 hours ago, Wes said: Could you provide any guidance on the customization settings? I've entered a url to a png file but best I ever get is the OTS secret logo disappearing without my logo showing. Here is what I see at the start of the log: today at 9:52:41 PM##### Performing vars check ##### today at 9:52:41 PMAll required vars are set. today at 9:52:41 PM##### Building OTS configuration file from environment variables ##### today at 9:52:41 PM##### Apply style customisations ##### today at 9:52:41 PM % Total % Received % Xferd Average Speed Time Time Time Current today at 9:52:41 PM Dload Upload Total Spent Left Speed today at 9:52:41 PM today at 9:52:41 PM##### Starting OTS ##### Do you have n HTTP/HTTPS mis-match between the container being served (HTTPS via reverse proxy) and the logo image (http link to a logo?) If so an HTTPS page may not load the HTTP image. I am serving my container via reverse proxy (NginxProxyManager) and the logo and favicon are both linked via HTTPS as well, working fine on my end. Quote Link to comment
Wes Posted April 4, 2022 Share Posted April 4, 2022 I don't believe that's the issue. My site is being served with NginxProxyManager as well via HTTPS and the my test image is linked from imgur which is HTTPS as well. Any other thoughts? Quote Link to comment
CorneliousJD Posted April 4, 2022 Author Share Posted April 4, 2022 5 minutes ago, Wes said: I don't believe that's the issue. My site is being served with NginxProxyManager as well via HTTPS and the my test image is linked from imgur which is HTTPS as well. Any other thoughts? Try hosting your own image, not imgur. It sounds like the code is working to load the image in place of the default, but it's failing to actually grab said image file to display. if you have no other way to host your own image you could always fire up an nginx docker, reverse-proxy that, and serve the image from there. Quote Link to comment
Wes Posted April 6, 2022 Share Posted April 6, 2022 Two days later and suddenly it's working without any changes on my end. Not sure what changed. Perhaps cloudflare cached the original logo.png? Either way, appreciate the help and suggestions. Quote Link to comment
pmcnano Posted May 20, 2022 Share Posted May 20, 2022 @CorneliousJD any reason to require a redis password? What if my redis instance has no password? 🤔 Quote Link to comment
CorneliousJD Posted May 21, 2022 Author Share Posted May 21, 2022 5 hours ago, pmcnano said: @CorneliousJD any reason to require a redis password? What if my redis instance has no password? 🤔 if I recall that's just how it was made -- but given the sensitive nature of what's being stored, even temporarily, i wouldn't run it without a redis pass anyways, no sense in leaving anything open for any reason. Quote Link to comment
shpitz461 Posted October 6, 2023 Share Posted October 6, 2023 Hi, how do I enter a Redis password with special chars? Quote /source/onetime/vendor/bundle/ruby/2.6.0/gems/thin-1.5.0/lib/thin/server.rb:104: warning: constant ::Fixnum is deprecated /source/onetime/lib/onetime/core_ext.rb:30: warning: constant ::Fixnum is deprecated /source/onetime/vendor/bundle/ruby/2.6.0/gems/attic-0.5.3/lib/attic.rb:13: warning: constant ::Fixnum is deprecated /source/onetime/vendor/bundle/ruby/2.6.0/gems/gibbler-0.8.9/lib/gibbler.rb:654: warning: constant ::Fixnum is deprecated /source/onetime/vendor/bundle/ruby/2.6.0/gems/gibbler-0.8.9/lib/gibbler.rb:655: warning: constant ::Bignum is deprecated bundler: failed to load command: thin (/source/onetime/vendor/bundle/ruby/2.6.0/bin/thin) /usr/local/lib/ruby/2.6.0/uri/rfc3986_parser.rb:67:in `split': bad URI(is not URI?): "redis://user:H8^*t@7o7413aazf@42uu#i#246%#__OTS_REDIS_PW5ix!8kt$iazofs!%A@redis:6379/0?timeout=10&thread_safe=false&logging=false" (URI::InvalidURIError) from /usr/local/lib/ruby/2.6.0/uri/rfc3986_parser.rb:73:in `parse' from /usr/local/lib/ruby/2.6.0/uri/common.rb:234:in `parse' from /source/onetime/vendor/bundle/ruby/2.6.0/gems/familia-0.7.1/lib/familia.rb:59:in `uri=' from /source/onetime/lib/onetime.rb:55:in `load!' from config.ru:28:in `block in <main>' from /source/onetime/vendor/bundle/ruby/2.6.0/gems/rack-1.4.5/lib/rack/builder.rb:51:in `instance_eval' from /source/onetime/vendor/bundle/ruby/2.6.0/gems/rack-1.4.5/lib/rack/builder.rb:51:in `initialize' from config.ru:1:in `new' from config.ru:1:in `<main>' from /source/onetime/vendor/bundle/ruby/2.6.0/gems/thin-1.5.0/lib/rack/adapter/loader.rb:33:in `eval' from /source/onetime/vendor/bundle/ruby/2.6.0/gems/thin-1.5.0/lib/rack/adapter/loader.rb:33:in `load' from /source/onetime/vendor/bundle/ruby/2.6.0/gems/thin-1.5.0/lib/thin/controllers/controller.rb:181:in `load_rackup_config' from /source/onetime/vendor/bundle/ruby/2.6.0/gems/thin-1.5.0/lib/thin/controllers/controller.rb:71:in `start' from /source/onetime/vendor/bundle/ruby/2.6.0/gems/thin-1.5.0/lib/thin/runner.rb:187:in `run_command' from /source/onetime/vendor/bundle/ruby/2.6.0/gems/thin-1.5.0/lib/thin/runner.rb:152:in `run!' from /source/onetime/vendor/bundle/ruby/2.6.0/gems/thin-1.5.0/bin/thin:6:in `<top (required)>' from /source/onetime/vendor/bundle/ruby/2.6.0/bin/thin:23:in `load' from /source/onetime/vendor/bundle/ruby/2.6.0/bin/thin:23:in `<top (required)>' from /usr/local/bundle/gems/bundler-2.2.32/lib/bundler/cli/exec.rb:58:in `load' from /usr/local/bundle/gems/bundler-2.2.32/lib/bundler/cli/exec.rb:58:in `kernel_load' from /usr/local/bundle/gems/bundler-2.2.32/lib/bundler/cli/exec.rb:23:in `run' from /usr/local/bundle/gems/bundler-2.2.32/lib/bundler/cli.rb:478:in `exec' from /usr/local/bundle/gems/bundler-2.2.32/lib/bundler/vendor/thor/lib/thor/command.rb:27:in `run' from /usr/local/bundle/gems/bundler-2.2.32/lib/bundler/vendor/thor/lib/thor/invocation.rb:127:in `invoke_command' from /usr/local/bundle/gems/bundler-2.2.32/lib/bundler/vendor/thor/lib/thor.rb:392:in `dispatch' from /usr/local/bundle/gems/bundler-2.2.32/lib/bundler/cli.rb:31:in `dispatch' from /usr/local/bundle/gems/bundler-2.2.32/lib/bundler/vendor/thor/lib/thor/base.rb:485:in `start' from /usr/local/bundle/gems/bundler-2.2.32/lib/bundler/cli.rb:25:in `start' from /usr/local/bundle/gems/bundler-2.2.32/exe/bundle:49:in `block in <top (required)>' from /usr/local/bundle/gems/bundler-2.2.32/lib/bundler/friendly_errors.rb:103:in `with_friendly_errors' from /usr/local/bundle/gems/bundler-2.2.32/exe/bundle:37:in `<top (required)>' from /usr/local/bundle/bin/bundle:23:in `load' from /usr/local/bundle/bin/bundle:23:in `<main>' ##### Performing vars check ##### All required vars are set. ##### Building OTS configuration file from environment variables ##### ##### Apply style customisations ##### ##### Starting OTS ##### Quote Link to comment
shpitz461 Posted October 6, 2023 Share Posted October 6, 2023 I've put the redis password in single quotes and now I don't get the error, but the container would not start. Quote /source/onetime/vendor/bundle/ruby/2.6.0/gems/thin-1.5.0/lib/thin/server.rb:104: warning: constant ::Fixnum is deprecated /source/onetime/lib/onetime/core_ext.rb:30: warning: constant ::Fixnum is deprecated /source/onetime/vendor/bundle/ruby/2.6.0/gems/attic-0.5.3/lib/attic.rb:13: warning: constant ::Fixnum is deprecated /source/onetime/vendor/bundle/ruby/2.6.0/gems/gibbler-0.8.9/lib/gibbler.rb:654: warning: constant ::Fixnum is deprecated /source/onetime/vendor/bundle/ruby/2.6.0/gems/gibbler-0.8.9/lib/gibbler.rb:655: warning: constant ::Bignum is deprecated /source/onetime/vendor/bundle/ruby/2.6.0/gems/thin-1.5.0/lib/thin/server.rb:104: warning: constant ::Fixnum is deprecated /source/onetime/lib/onetime/core_ext.rb:30: warning: constant ::Fixnum is deprecated /source/onetime/vendor/bundle/ruby/2.6.0/gems/attic-0.5.3/lib/attic.rb:13: warning: constant ::Fixnum is deprecated /source/onetime/vendor/bundle/ruby/2.6.0/gems/gibbler-0.8.9/lib/gibbler.rb:654: warning: constant ::Fixnum is deprecated /source/onetime/vendor/bundle/ruby/2.6.0/gems/gibbler-0.8.9/lib/gibbler.rb:655: warning: constant ::Bignum is deprecated ##### Performing vars check ##### All required vars are set. ##### Building OTS configuration file from environment variables ##### ##### Apply style customisations ##### ##### Starting OTS ##### ##### Performing vars check ##### All required vars are set. ##### Building OTS configuration file from environment variables ##### ##### Apply style customisations ##### ##### Starting OTS ##### Is all I get, no errors shown on screen when I start the container in Docker tab. Any idea what's wrong? Quote Link to comment
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.