So, I finally got my install of the self-hosted environment to complete. I ran it in a Proxmox container, and used the browser-based VNC connection to enter information at the shell prompt. It worked wonderfully…until the very end when the script generated the initial set of admin passwords. That makes sense, but i wasn’t in a place to copy/paste the passwords because it was a browser-based VNC connection, and my attempts to pipe the screen output to a text file were…unsuccessful. I ended up having to SSH in and run the script again so I could copy/paste from my SSH client…which is fine, but a bit of a nuisance.
To remedy this, I would submit one of the following solutions:
Give end users a prompt to create their own passwords, rather than generating random ones.
Make a warning for users that they will need to be able to copy/paste passwords, and that those passwords will be output on the screen, and make that warning appear in the script prior to certificate generation.
Give end users the option to output the credentials to a text file somewhere in the file system besides the ones that can be accessed through the browser frontend.
Now, obviously, there are some security concerns regarding the last option, but I’d submit that if the files go into /root, then an assailant would have to already have root access to the server in order to gain those credentials.
Also, if you take a look at the scripts, you can find that passwords are stored in /mnt/repo-base/.env file.
You may be able to change Nextcloud and PostfixAdmin administrative accounts passwords using the product’s web interfaces, editing the .env file accordingly and restarting your containers (or reboot the server) ASAP.
As for Rspamd, it may need some command-line operations: https://www.rspamd.com/doc/quickstart.html#setting-the-controller-password (never tested here).
If that doesn’t fit your concerns, feel free to open a “feature proposal” issue.
I agree that SSH is the more common way of administering a Linux server, and I generally do. In my case, I’d needed the NoVNC connection to do the initial Debian install, so I just kept going with that connectivity rather than switching to SSH, because there didn’t seem like a need to copy/paste during the other parts of the script.
I apologize for my request that would have been adequately answered if I’d RTFM’d.
