mirror/formbricks
1
0
Fork 0
mirror of https://github.com/formbricks/formbricks.git synced 2026-01-05 16:19:55 -06:00
Code Issues Packages Projects Releases 118 Wiki Activity

feat: adds tls1.2 and 1.3 support, and HSTS config (#2897)

Browse Source 
Co-authored-by: Matthias Nannt <mail@matthiasnannt.com>
This commit is contained in:
Piyush Gupta
2024-08-07 20:22:14 +05:30
committed by GitHub
parent fffe71aa7e
commit 53fb976fb6
2 changed files with 363 additions and 82 deletions
Download Patch File Download Diff File Expand all files Collapse all files

266
apps/docs/app/self-hosting/one-click/page.mdx
View File

@@ -50,9 +50,10 @@ The script will prompt you for the following information:
<CodeGroup title="Docker GPG Keys Overwrite Prompt">
```bash
🧱 Welcome to the Formbricks single instance installer
🚀 Executing default step of installing Formbricks
🧱 Welcome to the Formbricks Setup Script
🛸 Fasten your seatbelts! We're setting up your Formbricks environment on your Ubuntu 22.04.2 LTS server.
🛸 Fasten your seatbelts! We're setting up your Formbricks environment on your Ubuntu 24.04 LTS server.
🧹 Time to sweep away any old Docker installations.
🔄 Updating your package list.
@@ -64,48 +65,21 @@ File '/etc/apt/keyrings/docker.gpg' exists. Overwrite? (y/N)
</CodeGroup>
</Col>
2. **Email Address**: Provide your email address for SSL certificate registration with Let's Encrypt.
2. **Domain Name**: You will be asked to enter the domain name where you want to host Formbricks. This domain will be used to generate an SSL certificate.
<Col>
<CodeGroup title="Email Prompt">
```bash
🧱 Welcome to the Formbricks single instance installer
🛸 Fasten your seatbelts! We're setting up your Formbricks environment on your Ubuntu 22.04.2 LTS server.
🚀 Executing default step of installing Formbricks
🧱 Welcome to the Formbricks Setup Script
🧹 Time to sweep away any old Docker installations.
🔄 Updating your package list.
📦 Installing the necessary dependencies.
🔑 Adding Docker's official GPG key and setting up the stable repository.
File '/etc/apt/keyrings/docker.gpg' exists. Overwrite? (y/N) y
🔄 Updating your package list again.
🐳 Installing Docker.
🚀 Testing your Docker installation.
🎉 Docker is installed!
🐳 Adding your user to the Docker group to avoid using sudo with docker commands.
🎉 Hooray! Docker is all set and ready to go. Youre now ready to run your Formbricks instance!
🚗 Installing Traefik...
📁 Created Formbricks Quickstart directory at ./formbricks.
💡 Please enter your email address for the SSL certificate:
```
</CodeGroup>
</Col>
3. **Domain Name**: Enter the domain name that Traefik will use to create the SSL certificate and forward requests to Formbricks. Please make sure that port 80 and 443 are open in your VM's Security Group to allow Traefik to create the SSL certificate.
<Col>
<CodeGroup title="Domain Name for SSL certificate Prompt">
```bash
🧱 Welcome to the Formbricks single instance installer
🛸 Fasten your seatbelts! We're setting up your Formbricks environment on your Ubuntu 22.04.2 LTS server.
🛸 Fasten your seatbelts! We're setting up your Formbricks environment on your Ubuntu 24.04 LTS server.
🧹 Time to sweep away any old Docker installations.
🔄 Updating your package list.
📦 Installing the necessary dependencies.
🔑 Adding Dockers official GPG key and setting up the stable repository.
🔑 Adding Docker's official GPG key and setting up the stable repository.
File '/etc/apt/keyrings/docker.gpg' exists. Overwrite? (y/N) y
🔄 Updating your package list again.
🐳 Installing Docker.
@@ -113,13 +87,186 @@ File '/etc/apt/keyrings/docker.gpg' exists. Overwrite? (y/N) y
🎉 Docker is installed!
🐳 Adding your user to the Docker group to avoid using sudo with docker commands.
🎉 Hooray! Docker is all set and ready to go. You're now ready to run your Formbricks instance!
🚗 Installing Traefik...
📁 Created Formbricks Quickstart directory at ./formbricks.
🔗 Please enter your domain name for the SSL certificate (🚨 do NOT enter the protocol (http/https/etc)):
```
</CodeGroup>
</Col>
3. **HTTPS Certificate Prompt**: The script will ask if you want to create an HTTPS certificate for your domain. Enter Y to proceed. This is highly recommended for secure access to your Formbricks instance.
<Col>
<CodeGroup>
```bash
🚀 Executing default step of installing Formbricks
🧱 Welcome to the Formbricks Setup Script
🛸 Fasten your seatbelts! We're setting up your Formbricks environment on your Ubuntu 24.04 LTS server.
🧹 Time to sweep away any old Docker installations.
🔄 Updating your package list.
📦 Installing the necessary dependencies.
🔑 Adding Docker's official GPG key and setting up the stable repository.
File '/etc/apt/keyrings/docker.gpg' exists. Overwrite? (y/N) y
🔄 Updating your package list again.
🐳 Installing Docker.
🚀 Testing your Docker installation.
🎉 Docker is installed!
🐳 Adding your user to the Docker group to avoid using sudo with docker commands.
🎉 Hooray! Docker is all set and ready to go. You're now ready to run your Formbricks instance!
📁 Created Formbricks Quickstart directory at ./formbricks.
🔗 Please enter your domain name for the SSL certificate (🚨 do NOT enter the protocol (http/https/etc)):
my.hosted.url.com
🔗 Do you want us to set up an HTTPS certificate for you? [Y/n]
```
</CodeGroup>
</Col>
4. **DNS Setup Prompt**: Ensure that your domain's DNS is correctly configured and ports 80 and 443 are open. Confirm this by entering Y. This step is crucial for proper SSL certificate issuance and secure server access.
<Col>
<CodeGroup>
```bash
🚀 Executing default step of installing Formbricks
🧱 Welcome to the Formbricks Setup Script
🛸 Fasten your seatbelts! We're setting up your Formbricks environment on your Ubuntu 24.04 LTS server.
🧹 Time to sweep away any old Docker installations.
🔄 Updating your package list.
📦 Installing the necessary dependencies.
🔑 Adding Docker's official GPG key and setting up the stable repository.
File '/etc/apt/keyrings/docker.gpg' exists. Overwrite? (y/N) y
🔄 Updating your package list again.
🐳 Installing Docker.
🚀 Testing your Docker installation.
🎉 Docker is installed!
🐳 Adding your user to the Docker group to avoid using sudo with docker commands.
🎉 Hooray! Docker is all set and ready to go. You're now ready to run your Formbricks instance!
📁 Created Formbricks Quickstart directory at ./formbricks.
🔗 Please enter your domain name for the SSL certificate (🚨 do NOT enter the protocol (http/https/etc)):
my.hosted.url.com
🔗 Do you want us to set up an HTTPS certificate for you? [Y/n]
Y
🔗 Please make sure that the domain points to the server's IP address and that ports 80 & 443 are open in your server's firewall. Is everything set up? [Y/n]
```
</CodeGroup>
</Col>
5. **Email Address**: Provide an email address for SSL certificate registration. This email will be used for notifications regarding your SSL certificate from Let's Encrypt.
<Col>
<CodeGroup title="Email Prompt">
```bash
🚀 Executing default step of installing Formbricks
🧱 Welcome to the Formbricks Setup Script
🛸 Fasten your seatbelts! We're setting up your Formbricks environment on your Ubuntu 24.04 LTS server.
🧹 Time to sweep away any old Docker installations.
🔄 Updating your package list.
📦 Installing the necessary dependencies.
🔑 Adding Docker's official GPG key and setting up the stable repository.
File '/etc/apt/keyrings/docker.gpg' exists. Overwrite? (y/N) y
🔄 Updating your package list again.
🐳 Installing Docker.
🚀 Testing your Docker installation.
🎉 Docker is installed!
🐳 Adding your user to the Docker group to avoid using sudo with docker commands.
🎉 Hooray! Docker is all set and ready to go. You're now ready to run your Formbricks instance!
📁 Created Formbricks Quickstart directory at ./formbricks.
🔗 Please enter your domain name for the SSL certificate (🚨 do NOT enter the protocol (http/https/etc)):
my.hosted.url.com
🔗 Do you want us to set up an HTTPS certificate for you? [Y/n]
Y
🔗 Please make sure that the domain points to the server's IP address and that ports 80 & 443 are open in your server's firewall. Is everything set up? [Y/n]
Y
💡 Please enter your email address for the SSL certificate:
```
</CodeGroup>
</Col>
6. **Enforce HTTPS (HSTS) Prompt**: Enforcing HTTPS with HSTS is a good security practice, as it ensures all communication with your server is encrypted. Enter Y to enable this setting.
<Col>
<CodeGroup title="Domain Name for SSL certificate Prompt">
```bash
🚀 Executing default step of installing Formbricks
🧱 Welcome to the Formbricks Setup Script
🛸 Fasten your seatbelts! We're setting up your Formbricks environment on your Ubuntu 24.04 LTS server.
🧹 Time to sweep away any old Docker installations.
🔄 Updating your package list.
📦 Installing the necessary dependencies.
🔑 Adding Docker's official GPG key and setting up the stable repository.
File '/etc/apt/keyrings/docker.gpg' exists. Overwrite? (y/N) y
🔄 Updating your package list again.
🐳 Installing Docker.
🚀 Testing your Docker installation.
🎉 Docker is installed!
🐳 Adding your user to the Docker group to avoid using sudo with docker commands.
🎉 Hooray! Docker is all set and ready to go. You're now ready to run your Formbricks instance!
📁 Created Formbricks Quickstart directory at ./formbricks.
🔗 Please enter your domain name for the SSL certificate (🚨 do NOT enter the protocol (http/https/etc)):
my.hosted.url.com
🔗 Do you want us to set up an HTTPS certificate for you? [Y/n]
Y
🔗 Please make sure that the domain points to the server's IP address and that ports 80 & 443 are open in your server's firewall. Is everything set up? [Y/n]
Y
💡 Please enter your email address for the SSL certificate:
docs@formbricks.com
💡 Created traefik.yaml file with your provided email address.
💡 Created acme.json file with correct permissions.
🔗 Do you want to enforce HTTPS (HSTS)? [Y/n]
```
</CodeGroup>
</Col>
7. **Email Service Setup Prompt**: The script will ask if you want to set up the email service. Enter `Y` to proceed.(default is `N`). You can skip this step if you don't want to set up the email service. You will still be able to use Formbricks without setting up the email service.
<Col>
<CodeGroup>
```bash
🚀 Executing default step of installing Formbricks
🧱 Welcome to the Formbricks Setup Script
🛸 Fasten your seatbelts! We're setting up your Formbricks environment on your Ubuntu 24.04 LTS server.
🧹 Time to sweep away any old Docker installations.
🔄 Updating your package list.
📦 Installing the necessary dependencies.
🔑 Adding Docker's official GPG key and setting up the stable repository.
File '/etc/apt/keyrings/docker.gpg' exists. Overwrite? (y/N) y
🔄 Updating your package list again.
🐳 Installing Docker.
🚀 Testing your Docker installation.
🎉 Docker is installed!
🐳 Adding your user to the Docker group to avoid using sudo with docker commands.
🎉 Hooray! Docker is all set and ready to go. You're now ready to run your Formbricks instance!
📁 Created Formbricks Quickstart directory at ./formbricks.
🔗 Please enter your domain name for the SSL certificate (🚨 do NOT enter the protocol (http/https/etc)):
my.hosted.url.com
🔗 Do you want us to set up an HTTPS certificate for you? [Y/n]
Y
🔗 Please make sure that the domain points to the server's IP address and that ports 80 & 443 are open in your server's firewall. Is everything set up? [Y/n]
Y
💡 Please enter your email address for the SSL certificate:
docs@formbricks.com
🔗 Do you want to enforce HTTPS (HSTS)? [Y/n]
Y
🚗 Configuring Traefik...
💡 Created traefik.yaml and traefik-dynamic.yaml file.
💡 Created acme.json file with correct permissions.
📧 Do you want to set up the email service? You will need SMTP credentials for the same! [y/N]
```
</CodeGroup>
@@ -131,39 +278,56 @@ docs@formbricks.com
<CodeGroup title="Successfully setup Formbricks on your Ubuntu machine">
```bash
🧱 Welcome to the Formbricks single instance installer
🚀 Executing default step of installing Formbricks
🧱 Welcome to the Formbricks Setup Script
🛸 Fasten your seatbelts! Were setting up your Formbricks environment on your Ubuntu 22.04.2 LTS server.
🛸 Fasten your seatbelts! We're setting up your Formbricks environment on your Ubuntu 24.04 LTS server.
🧹 Time to sweep away any old Docker installations.
🔄 Updating your package list.
📦 Installing the necessary dependencies.
🔑 Adding Dockers official GPG key and setting up the stable repository.
🔑 Adding Docker's official GPG key and setting up the stable repository.
File '/etc/apt/keyrings/docker.gpg' exists. Overwrite? (y/N) y
🔄 Updating your package list again.
🐳 Installing Docker.
🚀 Testing your Docker installation.
🎉 Docker is installed!
🐳 Adding your user to the Docker group to avoid using sudo with docker commands.
🎉 Hooray! Docker is all set and ready to go. Youre now ready to run your Formbricks instance!
🚗 Installing Traefik...
🎉 Hooray! Docker is all set and ready to go. You're now ready to run your Formbricks instance!
📁 Created Formbricks Quickstart directory at ./formbricks.
🔗 Please enter your domain name for the SSL certificate (🚨 do NOT enter the protocol (http/https/etc)):
docs@formbricks.com
🔗 Do you want us to set up an HTTPS certificate for you? [Y/n]
Y
🔗 Please make sure that the domain points to the server's IP address and that ports 80 & 443 are open in your server's firewall. Is everything set up? [Y/n]
Y
💡 Please enter your email address for the SSL certificate:
docs@formbricks.com
💡 Created traefik.yaml file with your provided email address.
🔗 Do you want to enforce HTTPS (HSTS)? [Y/n]
Y
🚗 Configuring Traefik...
💡 Created traefik.yaml and traefik-dynamic.yaml file.
💡 Created acme.json file with correct permissions.
🔗 Please enter your domain name for the SSL certificate (🚨 do NOT enter the protocol (http/https/etc)):
my.hosted.url.com
🚙 Updating NEXTAUTH_SECRET in the Formbricks container...
📧 Do you want to set up the email service? You will need SMTP credentials for the same! [y/N] N
📥 Downloading docker-compose.yml from Formbricks GitHub repository...
% Total % Received % Xferd Average Speed Time Time Time Current
Dload Upload Total Spent Left Speed
100 6632 100 6632 0 0 24280 0 --:--:-- --:--:-- --:--:-- 24382
🚙 Updating docker-compose.yml with your custom inputs...
🚗 NEXTAUTH_SECRET updated successfully!
🚗 ENCRYPTION_KEY updated successfully!
🚗 CRON_SECRET updated successfully!
[+] Running 4/4
✔ Network formbricks_default Created 0.1s
✔ Container formbricks-postgres-1 Started 0.5s
✔ Container formbricks-formbricks-1 Started 0.7s
✔ Container traefik Started 1.1s
✔ Network formbricks_default Created 0.2s
✔ Container formbricks-postgres-1 Started 1.0s
✔ Container formbricks-formbricks-1 Started 1.6s
✔ Container traefik Started 2.8s
🔗 To edit more variables and deeper config, go to the formbricks/docker-compose.yml, edit the file, and restart the container!
🚨 Make sure you have set up the DNS records as well as inbound rules for the domain name and IP address of this instance.
🎉 All done! Check the status of Formbricks & Traefik with 'cd formbricks && sudo docker compose ps.'
🎉 All done! Please setup your Formbricks instance by visiting your domain at https://tls.piyush.formbricks.com. You can check the status of Formbricks & Traefik with 'cd formbricks && sudo docker compose ps.'
```
</CodeGroup>

179
docker/formbricks.sh
View File

@@ -61,54 +61,159 @@ install_formbricks() {
mkdir -p formbricks && cd formbricks
echo "📁 Created Formbricks Quickstart directory at ./formbricks."
# Ask the user for their email address
echo "💡 Please enter your email address for the SSL certificate:"
read email_address
# Ask the user for their domain name
echo "🔗 Please enter your domain name for the SSL certificate (🚨 do NOT enter the protocol (http/https/etc)):"
read domain_name
echo "🔗 Do you want us to set up an HTTPS certificate for you? [Y/n]"
read https_setup
# Set default value for HTTPS setup
if [[ -z $https_setup ]]; then
https_setup="Y"
fi
if [[ $https_setup == "Y" ]]; then
echo "🔗 Please make sure that the domain points to the server's IP address and that ports 80 & 443 are open in your server's firewall. Is everything set up? [Y/n]"
read dns_setup
# Set default value for DNS setup
if [[ -z $dns_setup ]]; then
dns_setup="Y"
fi
if [[ $dns_setup == "Y" ]]; then
echo "💡 Please enter your email address for the SSL certificate:"
read email_address
echo "🔗 Do you want to enforce HTTPS (HSTS)? [Y/n]"
read hsts_enabled
# Set default value for HSTS
if [[ -z $hsts_enabled ]]; then
hsts_enabled="Y"
fi
else
echo "❌ Ports 80 & 443 are not open. We can't help you in providing the SSL certificate."
https_setup="n"
hsts_enabled="n"
fi
else
https_setup="n"
hsts_enabled="n"
fi
# Ask for HSTS configuration for HTTPS redirection if custom certificate is used
if [[ $https_setup == "n" ]]; then
echo "You have chosen not to set up HTTPS certificate for your domain. Please make sure to set up HTTPS on your own. You can refer to the Formbricks documentation(https://formbricks.com/docs/self-hosting/custom-ssl) for more information."
echo "🔗 Do you want to enforce HTTPS (HSTS)? [Y/n]"
read hsts_enabled
# Set default value for HSTS
if [[ -z $hsts_enabled ]]; then
hsts_enabled="Y"
fi
fi
# Installing Traefik
echo "🚗 Configuring Traefik..."
cat <<EOT >traefik.yaml
entryPoints:
web:
address: ":80"
http:
if [[ $hsts_enabled == "Y" ]]; then
hsts_middlewares="middlewares:
- hstsHeader"
http_redirection="http:
redirections:
entryPoint:
to: websecure
scheme: https
permanent: true
websecure:
address: ":443"
http:
tls:
certResolver: default
providers:
docker:
watch: true
exposedByDefault: false
certificatesResolvers:
permanent: true"
else
hsts_middlewares=""
http_redirection=""
fi
if [[ $https_setup == "Y" ]]; then
certResolver="certResolver: default"
certificates_resolvers="certificatesResolvers:
default:
acme:
email: $email_address
storage: acme.json
caServer: "https://acme-v01.api.letsencrypt.org/directory"
tlsChallenge: {}
tlsChallenge: {}"
else
certResolver=""
certificates_resolvers=""
fi
cat <<EOT >traefik.yaml
entryPoints:
web:
address: ":80"
$http_redirection
websecure:
address: ":443"
http:
tls:
$certResolver
options: default
$hsts_middlewares
providers:
docker:
watch: true
exposedByDefault: false
file:
directory: /
$certificates_resolvers
EOT
echo "💡 Created traefik.yaml file with your provided email address."
cat <<EOT >traefik-dynamic.yaml
# configuring min TLS version
tls:
options:
default:
minVersion: VersionTLS12
cipherSuites:
# TLS 1.2 Ciphers
- TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
- TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305
- TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA
- TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA
- TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256
- TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
- TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
- TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384
- TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256
- TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256
touch acme.json
chmod 600 acme.json
echo "💡 Created acme.json file with correct permissions."
# TLS 1.3 Ciphers (These are automatically used for TLS 1.3 connections)
- TLS_AES_128_GCM_SHA256
- TLS_AES_256_GCM_SHA384
- TLS_CHACHA20_POLY1305_SHA256
# Ask the user for their domain name
echo "🔗 Please enter your domain name for the SSL certificate (🚨 do NOT enter the protocol (http/https/etc)):"
read domain_name
# Fallback
- TLS_FALLBACK_SCSV
EOT
echo "💡 Created traefik.yaml and traefik-dynamic.yaml file."
if [[ $https_setup == "Y" ]]; then
touch acme.json
chmod 600 acme.json
echo "💡 Created acme.json file with correct permissions."
fi
# Prompt for email service setup
read -p "Do you want to set up the email service? (yes/no) You will need SMTP credentials for the same! " email_service
if [[ $email_service == "yes" ]]; then
read -p "📧 Do you want to set up the email service? You will need SMTP credentials for the same! [y/N]" email_service
# Set default value for email service setup
if [[ -z $email_service ]]; then
email_service="N"
fi
if [[ $email_service == "y" ]]; then
echo "Please provide the following email service details: "
echo -n "Enter your SMTP configured Email ID: "
@@ -163,7 +268,7 @@ EOT
sed -i "s|# SMTP_PASSWORD:|SMTP_PASSWORD: \"$smtp_password\"|" docker-compose.yml
fi
awk -v domain_name="$domain_name" '
awk -v domain_name="$domain_name" -v hsts_enabled="$hsts_enabled" '
/formbricks:/,/^ *$/ {
if ($0 ~ /depends_on:/) {
inserting_labels=1
@@ -173,7 +278,18 @@ EOT
print " - \"traefik.enable=true\" # Enable Traefik for this service"
print " - \"traefik.http.routers.formbricks.rule=Host(\`" domain_name "\`)\" # Use your actual domain or IP"
print " - \"traefik.http.routers.formbricks.entrypoints=websecure\" # Use the websecure entrypoint (port 443 with TLS)"
print " - \"traefik.http.routers.formbricks.tls=true\" # Enable TLS"
print " - \"traefik.http.routers.formbricks.tls.certresolver=default\" # Specify the certResolver"
print " - \"traefik.http.services.formbricks.loadbalancer.server.port=3000\" # Forward traffic to Formbricks on port 3000"
if (hsts_enabled == "Y") {
print " - \"traefik.http.middlewares.hstsHeader.headers.stsSeconds=31536000\" # Set HSTS (HTTP Strict Transport Security) max-age to 1 year (31536000 seconds)"
print " - \"traefik.http.middlewares.hstsHeader.headers.forceSTSHeader=true\" # Ensure the HSTS header is always included in responses"
print " - \"traefik.http.middlewares.hstsHeader.headers.stsPreload=true\" # Allow the domain to be preloaded in browser HSTS preload list"
print " - \"traefik.http.middlewares.hstsHeader.headers.stsIncludeSubdomains=true\" # Apply HSTS policy to all subdomains as well"
} else {
print " - \"traefik.http.routers.formbricks_http.entrypoints=web\" # Use the web entrypoint (port 80)"
print " - \"traefik.http.routers.formbricks_http.rule=Host(\`" domain_name "\`)\" # Use your actual domain or IP"
}
inserting_labels=0
}
print
@@ -192,6 +308,7 @@ EOT
print " - \"8080:8080\""
print " volumes:"
print " - ./traefik.yaml:/traefik.yaml"
print " - ./traefik-dynamic.yaml:/traefik-dynamic.yaml"
print " - ./acme.json:/acme.json"
print " - /var/run/docker.sock:/var/run/docker.sock:ro"
print ""
@@ -280,4 +397,4 @@ uninstall)
echo "🚀 Executing default step of installing Formbricks"
install_formbricks
;;
esac
esac