diff --git a/docs/advanced-installation.md b/docs/advanced-installation.md index f61b1a3e913..601f863d055 100644 --- a/docs/advanced-installation.md +++ b/docs/advanced-installation.md @@ -48,6 +48,8 @@ sudo BUILD_STACK=true STACK_URL=https://github.com/gliderlabs/herokuish.git make Once dokku is installed, if you are not using the web-installer, you'll want to configure a the virtualhost setup as well as the push user. If you do not, your installation will be considered incomplete and you will not be able to deploy applications. +*You should also stop and disable the `dokku-installer` service to remove public access to adding SSH keys.* + Set up a domain and a wildcard domain pointing to that host. Make sure `/home/dokku/VHOST` is set to this domain. By default it's set to whatever hostname the host has. This file is only created if the hostname can be resolved by dig (`dig +short $(hostname -f)`). Otherwise you have to create the file manually and set it to your preferred domain. If this file still is not present when you push your app, dokku will publish the app with a port number (i.e. `http://example.com:49154` - note the missing subdomain). Follow the [user management documentation](/dokku/deployment/user-management) in order to add users to dokku. diff --git a/docs/installation.md b/docs/installation.md index a72ccfbdc46..9bb10f5a2ec 100644 --- a/docs/installation.md +++ b/docs/installation.md @@ -31,6 +31,8 @@ The installation process takes about 5-10 minutes, depending upon internet conne Once the installation is complete, you can open a browser to setup your SSH key and virtualhost settings. Open your browser of choice and navigate to the host's IP address - or the domain you assigned to that IP previously - and configure dokku via the web admin. +*If you don't complete setup via the web installer (even if you set up SSH keys and virtual hosts otherwise) your dokku installation will remain vulnerable to anyone finding the setup page and inserting their key.* + #### 3. Deploy your first application Once you save your settings, the web admin will self-terminate and you should be able to run or deploy to the dokku installation.