diff --git a/.DS_Store b/.DS_Store
new file mode 100644
index 0000000..5138c56
Binary files /dev/null and b/.DS_Store differ
diff --git a/.gitignore b/.gitignore
new file mode 100644
index 0000000..f0772f0
--- /dev/null
+++ b/.gitignore
@@ -0,0 +1 @@
+lockbox/php/env.php
diff --git a/Dockerfile b/Dockerfile
new file mode 100644
index 0000000..f2989fe
--- /dev/null
+++ b/Dockerfile
@@ -0,0 +1,13 @@
+FROM php:7.4-apache
+
+# Set working directy at web server root
+WORKDIR /var/www/html
+
+# Manually installs Lockbox
+COPY ./lockbox/ .
+COPY ./config/env.example.php ./php/env.php
+COPY ./config/key.public .
+
+# Create directory to save submissions and adjust permissions
+RUN mkdir /var/www/data
+RUN chown -R www-data:www-data /var/www/data
\ No newline at end of file
diff --git a/README.md b/README.md
index a58375c..2de18fb 100644
--- a/README.md
+++ b/README.md
@@ -1,3 +1,13 @@
-
+
-This is the PHP/webserver component for Lockbox. For instructions visit [the Lockbox app's main repository](https://git.openprivacy.ca/openprivacy/lockbox).
\ No newline at end of file
+This is the PHP/webserver component for Lockbox. For instructions visit [the Lockbox app`s main repository](https://git.openprivacy.ca/openprivacy/lockbox).
+
+
+## Docker Install Instructions
+Right now, there is a very basic process to building and deploying a Docker image of Lockbox in a container that contains php and an instance of apache webserver. The image has been tested on linux base OS and will need to be run of a host that already has the OS installed. Future development will aim to have a more robust install.
+
+Note: This version of the Docker deployment is using an `env.php` file instead of environment variables due to some of the nuances with how php handles environment variables.
+
+The `.docker` directory contains a Dockerfile to build an image for your deployment. Do the following before building the image:
+* Modify `config/env.example.php` based on any customizations
+* Generate a keypair (you can use the script in the `cmd` folder (`genkeys.php.txt`, which needs to be renamed to `genkeys.php` prior to use, or use a key pair you have already generated) and place the public key in the `config` folder as `key.public`
\ No newline at end of file
diff --git a/config/env.example.php b/config/env.example.php
new file mode 100644
index 0000000..96318f7
--- /dev/null
+++ b/config/env.example.php
@@ -0,0 +1,16 @@
+ '',
+ 'LB_FILE' => '/var/www/data/lockbox.dat', // This is the submissions file -- it should not be in your web directory!!!
+ 'LB_PUBKEY_FILE' => '/var/www/html/key.public' // Absolute parth of public key file
+];
+
+// restrict the (optional) admin form to these IPs
+$ips = array(
+/* "127.0.0.1",
+ "192.168.0.0",
+ "172.16.0.0" */
+);
+
+?>
\ No newline at end of file
diff --git a/admin.php b/lockbox/admin.php
similarity index 95%
rename from admin.php
rename to lockbox/admin.php
index f9a3403..3820873 100644
--- a/admin.php
+++ b/lockbox/admin.php
@@ -2,8 +2,6 @@
require_once 'php/config.inc.php';
-$password = "sexworkiswork";
-
define('FORMCONTENTS', '');
@@ -30,7 +28,7 @@ if (count($ADMIN_IPS) > 0 && array_search($ip, $ADMIN_IPS) === false) {
include footer;
} else {
if (isset($_POST) && isset($_POST['password'])) {
- if ($_POST['password'] === $password) {
+ if ($_POST['password'] === DL_PASS) {
header('Content-Type: application/octet-stream');
header("Content-Transfer-Encoding: Binary");
header("Content-disposition: attachment; filename=\"submissions.dat\"");
diff --git a/css/custom.css b/lockbox/css/custom.css
similarity index 100%
rename from css/custom.css
rename to lockbox/css/custom.css
diff --git a/css/normalize.css b/lockbox/css/normalize.css
similarity index 100%
rename from css/normalize.css
rename to lockbox/css/normalize.css
diff --git a/css/skeleton.css b/lockbox/css/skeleton.css
similarity index 100%
rename from css/skeleton.css
rename to lockbox/css/skeleton.css
diff --git a/img/logo.png b/lockbox/img/logo.png
similarity index 100%
rename from img/logo.png
rename to lockbox/img/logo.png
diff --git a/index.php b/lockbox/index.php
similarity index 95%
rename from index.php
rename to lockbox/index.php
index df54247..d2f1188 100755
--- a/index.php
+++ b/lockbox/index.php
@@ -15,7 +15,7 @@ if (isset($_POST) && count($_POST)>0) {
$data = json_encode($_POST);
// pubkey is a base64-encoded key generated by sodium_crypto_box_keypair
- $pubKey = base64_decode(file_get_contents("key.public"));
+ $pubKey = base64_decode(file_get_contents(PK_FILE));
// for now, data is stored by encrypting each submission individually, base64 encoding it,
// and appending it as a separate line onto the end of the data file (prepending with a
diff --git a/php/config.inc.php b/lockbox/php/config.inc.php
similarity index 86%
rename from php/config.inc.php
rename to lockbox/php/config.inc.php
index a856334..01b2f86 100644
--- a/php/config.inc.php
+++ b/lockbox/php/config.inc.php
@@ -1,7 +1,9 @@
Our Awesome Org - All rights reserved. Form powered by Lockbox by Open Privacy');
// restrict the (optional) admin form to these IPs
-$ADMIN_IPS = array(
-/* "1.2.3.501", // erinn
- "9.5.1.06", // sarah
- "92.102.94.l" // dan*/
-);
+$ADMIN_IPS = $ips;
// if you would like you disable the IP check (not recommended!) you can use this line instead:
// $ADMIN_IPS = array();
// password for downloading submissions from the admin form
-define('DL_PASS', "");
+define('DL_PASS', $conf_vars['LB_DL_PASS']);
+// This is the path to the public key file
+define('PK_FILE', $conf_vars['LB_PUBKEY_FILE']);
// ============ include file locations -- you shouldn't need to change below this line
diff --git a/php/footer.tpl.php b/lockbox/php/footer.tpl.php
similarity index 100%
rename from php/footer.tpl.php
rename to lockbox/php/footer.tpl.php
diff --git a/php/form.inc.php b/lockbox/php/form.inc.php
similarity index 100%
rename from php/form.inc.php
rename to lockbox/php/form.inc.php
diff --git a/php/header.tpl.php b/lockbox/php/header.tpl.php
similarity index 100%
rename from php/header.tpl.php
rename to lockbox/php/header.tpl.php