v0.7

Password Pusher (pwpush)

By
Brian Johnson

A cool tool (both commercial and self-hosted versions) for securely transfering text and files and URLs.

Install

The docs section is outstanding and offers several ways to host/install pwpush. Here's the route I went:

  • Follow the instructions to download the docker-compose-pwpush.yml and Caddyfile to a directory.

  • Edit the Caddyfile to include your domain/subdomain.

The Caddyfile has a default email of like user@domain.com or something like that. Change that or the LetsEncrypt setup will fail!

  • Follow these instructions to get signups to work properly - the docs specifically state "All of the following environments need to be set (except SMTP authentication if none) for application logins to function properly."

Using the admin console

Once your instance is up, you can connect with the admin console to do back end tinkering:

docker exec -it <container_id> bash
cd /opt/PasswordPusher

The commands available are:

/bin/create_admin Create a new administrator account
./bin/promote_to_admin  Promote an existing user to administrator
./bin/demote_admin  Demote an existing administrator
./bin/list_admins List all administrators

Config file for use with postgres

Here's a sanitized version of my file that got me going. Once I got pwpush stood up and established my admin account, I shutdown the docker, disabled signups with PWP__DISABLE_SIGNUPS: enable and then started pwpush again.

version: '2.1'

services:
  # --> By default, this file will launch a Password Pusher instance with an
  # ephemeral (temporary) database of SQLite3.  The database will be lost on
  # restart.  If you want a persistent database, enable one of databases below.
  #
  # Uncomment to add a PostgreSQL service
  #
  postgres:
    image: docker.io/postgres:15
    volumes:
      - ./data/postgresql:/var/lib/postgresql/data
    ports:
      - "5432:5432"
    environment:
      POSTGRES_USER: pwpush_user
      POSTGRES_PASSWORD: YOURPOSTGRESPASSHERE
      POSTGRES_DB: pwpush_db

  # Uncomment to add a MySQL service
  #
  # mysql:
  #   image: mysql:8.0.32
  #   ports:
  #     - "3306:3306"
  #   environment:
  #     MYSQL_USER: 'pwpush_user'
  #     MYSQL_PASSWORD: 'pass'
  #     MYSQL_DATABASE: 'pwpush_db'
  #     MYSQL_RANDOM_ROOT_PASSWORD: 'yes'
  #   volumes:
  #     - ./data/mysql:/var/lib/mysql

  # Uncomment to add a MariaDB service
  #
  # mariadb:
  #   image: mariadb:10.6.5
  #   ports:
  #     - "3306:3306"
  #   environment:
  #     MARIADB_USER: 'pwpush_user'
  #     MARIADB_PASSWORD: 'pwpush_passwd'
  #     MARIADB_DATABASE: 'pwpush_db'
  #     MARIADB_RANDOM_ROOT_PASSWORD: 'yes'
  #   volumes:
  #     - /var/lib/pwpush-mariadb/data:/var/lib/mysql

  pwpush:
    image: docker.io/pglombardo/pwpush:latest
    ports:
      - "5100:5100"
    depends_on:
      - postgres
    links:
      - postgres:postgres
    environment:
      DATABASE_URL: 'postgres://pwpush_user:YOURPOSTGRESPASSHERE@postgres:5432/pwpush_db'
      PWP__DISABLE_SIGNUPS: false
      PWP__ENABLE_FILE_PUSHES: true
      PWP__ENABLE_LOGINS: true
      PWP__ENABLE_URL_PUSHES: false
      PWP__HOST_DOMAIN: 'passwordpusher.yourdomain.com'
      PWP__HOST_PROTOCOL: 'https'
      PWP__LOGIN_SESSION_TIMEOUT: '2 hours'
      PWP__MAIL__MAILER_SENDER: '"YOU" <you@you.com>'
      PWP__MAIL__OPEN_TIMEOUT: 10
      PWP__MAIL__RAISE_DELIVERY_ERRORS: true
      PWP__MAIL__READ_TIMEOUT: 10
      PWP__MAIL__SMTP_ADDRESS: 'smtp.gmail.com'
      PWP__MAIL__SMTP_AUTHENTICATION: 'login'
      PWP__MAIL__SMTP_PASSWORD: 'APP-PASSWORD-GOES-HERE'
      PWP__MAIL__SMTP_PORT: 587
      PWP__MAIL__SMTP_STARTTLS: true
      PWP__MAIL__SMTP_USER_NAME: 'YOU@GMAIL.COM'
      PWP__PW__EXPIRE_AFTER_DAYS_DEFAULT: "3"
      PWP__PW__EXPIRE_AFTER_VIEWS_DEFAULT: 3
      PWP__PW__EXPIRE_AFTER_VIEWS_MAX: 7
      PWP__PW__EXPIRE_AFTER_VIEWS_MIN: 2
      PWP__PW__RETRIEVAL_STEP_DEFAULT: "true"
      PWP__SHOW_GDPR_CONSENT_BANNER: true
      PWP__SHOW_VERSION: true
      PWP__TIMEZONE: 'America/Chicago'
      

  ssl_proxy:
    image: caddy:latest
    ports:
      - "80:80"
      - "443:443"
    volumes:
      - ./Caddyfile:/etc/caddy/Caddyfile
      - caddy_data:/data
      - caddy_config:/config
    depends_on:
      - pwpush

volumes:
  caddy_data:
  caddy_config:

###############################################################################
# Other Notes
###############################################################################
# See also the Password Pusher Configuration documentation
# https://github.com/pglombardo/PasswordPusher/blob/master/Configuration.md
#
# Current environment variables configuration:
#   PWP__DISABLE_SIGNUPS: 'false'
#   PWP__ENABLE_FILE_PUSHES: 'true'
#   PWP__ENABLE_LOGINS: 'true'
#   PWP__ENABLE_URL_PUSHES: 'false'
#   PWP__HOST_PROTOCOL: 'https'
#   PWP__LOGIN_SESSION_TIMEOUT: '2 hours'
#   PWP__PW__EXPIRE_AFTER_DAYS_DEFAULT: "3"
#   PWP__PW__EXPIRE_AFTER_VIEWS_DEFAULT: 3
#   PWP__PW__EXPIRE_AFTER_VIEWS_MAX: 7
#   PWP__PW__EXPIRE_AFTER_VIEWS_MIN: 2
#   PWP__PW__RETRIEVAL_STEP_DEFAULT: "true"
#   PWP__SHOW_GDPR_CONSENT_BANNER: true
#   PWP__SHOW_VERSION: true
#   PWP__TIMEZONE: 'America/Chicago'
#
# To customise the application via configuration file, see settings.yml:
# https://github.com/pglombardo/PasswordPusher/blob/master/config/settings.yml