I'm not familiar with Ruby on Rails, but I would like to deploy this app but have the input be a multiple line text field. I believe this piece is generating the html file but I'm not sure how to specify a larger text field:

https://github.com/pglombardo/PasswordPusher/blob/6b71cab195e4d164b756d58ef53f482d0ce1ba09/app/views/passwords/new.html.haml

The reason for this is I would use this to send more than just passwords.

To prevent someone from reading it from across the room. Also, blur effect is not quite blurry enough to prevent reading. Perhaps have copy to clipboard option so no need to display at all.

Hi there,

Got this thing up and running on Ubuntu 16.04 w/o issue. I know very little about rails apps. Now - a few quick questions:

On the page regarding production,

Does the export RAILS_ENV=production just get run on the CLI - I assume so.

Now - going above that, How would I deploy so that I could run forman at boot? I would then likely throw nginx in front of it and put a SSL cert on otherwise.

I have a low volume use case, so I was thinking of leaving the DB on sqllite. Or is it still worth moving to mariadb or something?

Just looking at filling in the gaps to moving it into production. Or have any external users done to top to bottom tutorial?

Hi!
I'm having some issues enabling SSL on my production server. Apologies for the noobish question but are there any additional steps besides adding the config.force_ssl = true line to production.rb? It still only responds to the 5000 port number.
Thanks!

Security issue from Hakiri: Session secret should not be included in version control in config/initializers/secret_token.rb

Getting this error message (and one about another add-on which I forget now) when trying to use the "Deploy to Heroku" link you have in the README.txt

is there a clear-text copy of the password on the server?

pwpush can be configured by modifying the values in config/environment.rb. We should add environment variables for each of those settings so that in Heroku, a user could simply run (as an example) heroku config:add EXPIRE_AFTER_DAYS_DEFAULT=1 to configure the default days value.

I have setup the app behind nginx and passenger. When I create a dummy helloworld app, I can serve up that rails app without issue. When I point to the PasswrodPusher, I am getting a 500 error. I made sure my production assets are precompiled, and so on. I'm not finding anything in my nginx logs either. Any ideas on where to look? Is there any logging within the app itself?

Thank you.

Is foreman required to make this work? Doing a new deployment today on a fresh CentOS 7 install and I don't have foreman installed.

https://hub.docker.com/r/pglombardo/passwordpusher/
https://github.com/pglombardo/PasswordPusher/blob/pwpush.com/Dockerfile

Add documentation adding/explaining:

• Docker
• Kubernetes
• Openshift
• Add pointers to docker hub of other images

First of all, I love pwpush - thanks for the time that you are putting in there.

I'm using it for receiving passwords from clients occasionally, and sometimes they set the view count to 1. Unfortunately the one view seems to be used when they're being redirected to the site for copying the link. So I'm getting expired passwords quite frequently.
Any chance to fix this, so that the first view of the person copying the link isn't counted?

Thanks,
Philipp

I'm receiving the following when trying to run bundle install --without development production test --deployment

The git source git://github.com/pglombardo/ezcrypto.git uses the git protocol, which transmits data without encryption. Disable this warning with bundle config git.allow_insecure true, or switch to the https protocol to keep your data secure.
The git source git://github.com/russfrisch/modernizr-rails.git uses the git protocol, which transmits data without encryption. Disable this warning with bundle config git.allow_insecure true, or switch to the https protocol to keep your data secure.
You are trying to install in deployment mode after changing
your Gemfile. Run bundle install elsewhere and add the
updated Gemfile.lock to version control.

You have added to the Gemfile:

• pry (= 0.9.12.4)

You have deleted from the Gemfile:

• pry
• pry-byebug

Hi. Everything seems to go well in setting up the server following the directions on GitHub, but when users put in a password and click "push it", the all go to /p and get a 500 error. What should I check? I did have to add gem devise in the gemfile to get the install to go through to begin with.

The pwpush_days and pwpush_views cookies expire at the end of the session by default.

I find it annoying to have to reset my password defaults every time my browser restarts.

Can you either extend the expiration time or provide a second link for users who want to make the settings "permanent".

Hi there,

first of all thanks for this great app. i get an error in assets compilation in production env and css more precisely.

Here is the output of bundle exec rake assets:precompile from log/production.log

Compiled users.css  (2ms)  (pid 48421)
Compiled application.css  (40ms)  (pid 48421)
Compiled jquery.js  (3ms)  (pid 48421)
Compiled jquery_ujs.js  (0ms)  (pid 48421)
Compiled api.js  (33ms)  (pid 48421)
Compiled errors.js  (1ms)  (pid 48421)
Compiled fd-slider.js  (1ms)  (pid 48421)
Compiled jquery-cookie.js  (0ms)  (pid 48421)
Compiled jquery.noty.js  (0ms)  (pid 48421)
Compiled layouts/top.js  (0ms)  (pid 48421)
Compiled passwords.js  (0ms)  (pid 48421)
Compiled spoiler.js  (0ms)  (pid 48421)
Compiled themes/default.js  (0ms)  (pid 48421)
Compiled modernizr.js  (0ms)  (pid 48421)
Compiled application.js  (78ms)  (pid 48421)
Warning. Error encountered while saving cache /Users/xx/xx-xx/xx-xx-xx/tmp/cache/sass/efcd6618511989f0583e175ca710234f909d501b/api.css.scssc: can't dump anonymous class #<Class:0x007f829b4b4c48>

Compiled api.css  (2ms)  (pid 48421)
Warning. Error encountered while saving cache /Users/xx/xx-xx/xx-xx-xx/tmp/cache/sass/efcd6618511989f0583e175ca710234f909d501b/errors.css.scssc: can't dump anonymous class #<Class:0x007f829b4b4c48>

Compiled errors.css  (1ms)  (pid 48421)
Compiled fd-slider.css  (1ms)  (pid 48421)
Warning. Error encountered while saving cache /Users/xx/xx-xx/xx-xx-xx/tmp/cache/sass/efcd6618511989f0583e175ca710234f909d501b/global.css.scssc: can't dump anonymous class #<Class:0x007f829b4b4c48>

Compiled global.css  (9ms)  (pid 48421)
Warning. Error encountered while saving cache /Users/xx/xx-xx/xx-xx-xx/tmp/cache/sass/efcd6618511989f0583e175ca710234f909d501b/passwords.css.scssc: can't dump anonymous class #<Class:0x007f829b4b4c48>

Compiled passwords.css  (14ms)  (pid 48421)
Warning. Error encountered while saving cache /Users/xx/xx-xx/xx-xx-xx/tmp/cache/sass/efcd6618511989f0583e175ca710234f909d501b/users.css.scssc: can't dump anonymous class #<Class:0x007f829b4b4c48>

Compiled users.css  (3ms)  (pid 48421)
Compiled application.css  (51ms)  (pid 48421)

sass is 3.4.22, any ideas ?

Thanks !

I love pwpush!

But... currently views are measured through each request that comes to the given link. However a lot of businesses have mail scanners installed which crawl each link for security reasons and possibly open it. This costs you a view.

The results of this are:

• I cannot set the views to 1 as I don't know for sure if they have a mail scanner like that.
• I must therefore set the views to 2 minimum and communicate that this link has 2 views, however the issue with this is. Most people don't know that they have a link crawling mail scanner so if they get to the page and think, "oh 0 views left but it should have been 1". They don't know if it was an intercepted password or the fault of an overzealous mail scanner.

Could you fix this?

P.S.
Something else, show ranges for the settings: this is view 1 of 3 for instance.

Per this thread, arrowsama and elite_killerX have graciously offered to translate the site strings into French, Spanish and Catalan.

This is happening on pwpush.com right now. Not sure if you know yet.

It would be nice to have the option to create a random pass. Even better if we cold choose the type (just numbers, special chars, etc...)

Great software by the way.

From dribbling user on Reddit:

I'm confused about something. When I choose for the password to disappear after x viewings 
(let's say, 3) and submit, the app automatically goes to a confirmation screen that spends one 
of these viewings.

This seems counterintuitive. The confirmation screen should not spend one of the viewings.

Is it a problem with my browser or connection? I don't think so.

Hi,

I'm a happy and frequent user of the hosted version of this tool.

I have an idea, and I hope it's ok to simply write it here. It would be great to have the opportunity to create pwpush URLs with Afred. I imagine it like:

Launch alfred > type in "pwp mypassword" > A pwpush.com site for this password opens (some default settings), and it's URL is copied into the clipboard automatically

Possible at all? Just dreaming :)

Philipp

I have a passpusher server deployed in my environment and am hoping to find the best way encrypt the interactions with the server. Wiresharking the interactions as of now shows the payload in plain text.

I tried to follow the advice listed at: #44

But had the same issues as OP - 403 Forbidden.

I'm not a Ruby guy, so I'm a bit in the dark on this one.

Thank you for your time and your great project.

Is it possible to specify a subdomain for this to run on? I don't want it to run on my site's root, but I'm not too familiar with Ruby to be able to change this myself.

The command docker build . is failing when using PasswordPusher/containerization/passwordpusher-postgres/Dockerfile

This is the output of the build command. It seems the build is failing because it can't reach the postgres server or more specifically it can't resolve the dns name postgres. The computer I'm building this on does not have access to the external postgres server. Can the docker image be built without access to the postgres server?

Bundle complete! 22 Gemfile dependencies, 73 gems now installed.
Gems in the groups development, private and test were not installed.
Bundled gems are installed into `./vendor/bundle`
A, [2018-06-20T23:33:08.003600 #14889]   ANY -- : Stan is on the scene.  Starting Instana instrumentation.
sh: 1: /sbin/ip: not found
The PGconn, PGresult, and PGError constants are deprecated, and will be
removed as of version 1.0.

You should use PG::Connection, PG::Result, and PG::Error instead, respectively.

Called from /opt/PasswordPusher/vendor/bundle/ruby/2.5.0/gems/activesupport-4.2.10/lib/active_support/dependencies.rb:240:in `load_dependency'
rake aborted!
PG::ConnectionBad: could not translate host name "postgres" to address: Temporary failure in name resolution
/opt/PasswordPusher/vendor/bundle/ruby/2.5.0/gems/activerecord-4.2.10/lib/active_record/connection_adapters/postgresql_adapter.rb:651:in `initialize'
/opt/PasswordPusher/vendor/bundle/ruby/2.5.0/gems/activerecord-4.2.10/lib/active_record/connection_adapters/postgresql_adapter.rb:651:in `new'
/opt/PasswordPusher/vendor/bundle/ruby/2.5.0/gems/activerecord-4.2.10/lib/active_record/connection_adapters/postgresql_adapter.rb:651:in `connect'
/opt/PasswordPusher/vendor/bundle/ruby/2.5.0/gems/activerecord-4.2.10/lib/active_record/connection_adapters/postgresql_adapter.rb:242:in `initialize'
/opt/PasswordPusher/vendor/bundle/ruby/2.5.0/gems/activerecord-4.2.10/lib/active_record/connection_adapters/postgresql_adapter.rb:44:in `new'
/opt/PasswordPusher/vendor/bundle/ruby/2.5.0/gems/activerecord-4.2.10/lib/active_record/connection_adapters/postgresql_adapter.rb:44:in `postgresql_connection'
/opt/PasswordPusher/vendor/bundle/ruby/2.5.0/gems/activerecord-4.2.10/lib/active_record/connection_adapters/abstract/connection_pool.rb:438:in `new_connection'
/opt/PasswordPusher/vendor/bundle/ruby/2.5.0/gems/activerecord-4.2.10/lib/active_record/connection_adapters/abstract/connection_pool.rb:448:in `checkout_new_connection'
/opt/PasswordPusher/vendor/bundle/ruby/2.5.0/gems/activerecord-4.2.10/lib/active_record/connection_adapters/abstract/connection_pool.rb:422:in `acquire_connection'
/opt/PasswordPusher/vendor/bundle/ruby/2.5.0/gems/activerecord-4.2.10/lib/active_record/connection_adapters/abstract/connection_pool.rb:349:in `block in checkout'
/opt/PasswordPusher/vendor/bundle/ruby/2.5.0/gems/activerecord-4.2.10/lib/active_record/connection_adapters/abstract/connection_pool.rb:348:in `checkout'
/opt/PasswordPusher/vendor/bundle/ruby/2.5.0/gems/activerecord-4.2.10/lib/active_record/connection_adapters/abstract/connection_pool.rb:263:in `block in connection'
/opt/PasswordPusher/vendor/bundle/ruby/2.5.0/gems/activerecord-4.2.10/lib/active_record/connection_adapters/abstract/connection_pool.rb:262:in `connection'
/opt/PasswordPusher/vendor/bundle/ruby/2.5.0/gems/activerecord-4.2.10/lib/active_record/connection_adapters/abstract/connection_pool.rb:571:in `retrieve_connection'
/opt/PasswordPusher/vendor/bundle/ruby/2.5.0/gems/activerecord-4.2.10/lib/active_record/connection_handling.rb:113:in `retrieve_connection'
/opt/PasswordPusher/vendor/bundle/ruby/2.5.0/gems/activerecord-4.2.10/lib/active_record/connection_handling.rb:87:in `connection'
/opt/PasswordPusher/vendor/bundle/ruby/2.5.0/gems/instana-1.7.11/lib/instana/frameworks/instrumentation/active_record.rb:26:in `<top (required)>'
/opt/PasswordPusher/vendor/bundle/ruby/2.5.0/gems/activesupport-4.2.10/lib/active_support/dependencies.rb:274:in `require'
/opt/PasswordPusher/vendor/bundle/ruby/2.5.0/gems/activesupport-4.2.10/lib/active_support/dependencies.rb:274:in `block in require'
/opt/PasswordPusher/vendor/bundle/ruby/2.5.0/gems/activesupport-4.2.10/lib/active_support/dependencies.rb:240:in `load_dependency'
/opt/PasswordPusher/vendor/bundle/ruby/2.5.0/gems/activesupport-4.2.10/lib/active_support/dependencies.rb:274:in `require'
/opt/PasswordPusher/vendor/bundle/ruby/2.5.0/gems/instana-1.7.11/lib/instana/frameworks/rails.rb:21:in `block in <class:Railtie>'
/opt/PasswordPusher/vendor/bundle/ruby/2.5.0/gems/activesupport-4.2.10/lib/active_support/lazy_load_hooks.rb:36:in `execute_hook'
/opt/PasswordPusher/vendor/bundle/ruby/2.5.0/gems/activesupport-4.2.10/lib/active_support/lazy_load_hooks.rb:45:in `block in run_load_hooks'
/opt/PasswordPusher/vendor/bundle/ruby/2.5.0/gems/activesupport-4.2.10/lib/active_support/lazy_load_hooks.rb:44:in `each'
/opt/PasswordPusher/vendor/bundle/ruby/2.5.0/gems/activesupport-4.2.10/lib/active_support/lazy_load_hooks.rb:44:in `run_load_hooks'
/opt/PasswordPusher/vendor/bundle/ruby/2.5.0/gems/railties-4.2.10/lib/rails/application/finisher.rb:62:in `block in <module:Finisher>'
/opt/PasswordPusher/vendor/bundle/ruby/2.5.0/gems/railties-4.2.10/lib/rails/initializable.rb:30:in `instance_exec'
/opt/PasswordPusher/vendor/bundle/ruby/2.5.0/gems/railties-4.2.10/lib/rails/initializable.rb:30:in `run'
/opt/PasswordPusher/vendor/bundle/ruby/2.5.0/gems/railties-4.2.10/lib/rails/initializable.rb:55:in `block in run_initializers'
/opt/PasswordPusher/vendor/bundle/ruby/2.5.0/gems/railties-4.2.10/lib/rails/initializable.rb:54:in `run_initializers'
/opt/PasswordPusher/vendor/bundle/ruby/2.5.0/gems/railties-4.2.10/lib/rails/application.rb:352:in `initialize!'
/opt/PasswordPusher/vendor/bundle/ruby/2.5.0/gems/railties-4.2.10/lib/rails/railtie.rb:194:in `public_send'
/opt/PasswordPusher/vendor/bundle/ruby/2.5.0/gems/railties-4.2.10/lib/rails/railtie.rb:194:in `method_missing'
/opt/PasswordPusher/config/environment.rb:42:in `<top (required)>'
/opt/PasswordPusher/vendor/bundle/ruby/2.5.0/gems/railties-4.2.10/lib/rails/application.rb:328:in `require'
/opt/PasswordPusher/vendor/bundle/ruby/2.5.0/gems/railties-4.2.10/lib/rails/application.rb:328:in `require_environment!'
/opt/PasswordPusher/vendor/bundle/ruby/2.5.0/gems/railties-4.2.10/lib/rails/application.rb:457:in `block in run_tasks_blocks'
/opt/PasswordPusher/vendor/bundle/ruby/2.5.0/gems/sprockets-rails-3.2.1/lib/sprockets/rails/task.rb:62:in `block (2 levels) in define'
/opt/PasswordPusher/vendor/bundle/ruby/2.5.0/gems/rake-12.3.1/exe/rake:27:in `<top (required)>'
Tasks: TOP => environment
(See full trace by running task with --trace)
W, [2018-06-20T23:33:08.070310 #14889]  WARN -- : Instana: Host agent not available.  Will retry periodically.
The command '/bin/sh -c bundle install --without development private test --deployment &&     bundle exec rake assets:precompile &&     RAILS_ENV=production' returned a non-zero code: 1

I've discovered a moderately severe security vulnerability, but luckily it's easy to fix and I've created a patch.

Can you e-mail me privately to discuss? [email protected]

We should possibly auto-disable blur for iPad user agents...

https://github.com/pglombardo/PasswordPusher/wiki/Password-API

The curl example says curl -d -X POST --data "pas... but -d and --data are redundant and since they require a parameter then -d -X POST is interpreted as -d "-X" followed by a hostname of POST.

Also, the examples use http://; when I try to post to http://pwpush.com/p.json I always get a blank response. It appears that the real API requires HTTPS? https://pwpush.com/p.json returns expected responses.

Hi everyone,

Could you help me... after press "push it!" the error message is displayed.

Webpage
We're sorry, but something went wrong.
We've been notified about this issue and we'll take a look at it shortly.

Terminal output

12:12:30 internalweb.1 | Processing by PasswordsController#create as HTML
12:12:30 internalweb.1 |   Parameters: {"utf8"=>"✓", "authenticity_token"=>"ZtNUdLLeD4XgnZ+pkl/ehPY5Nx8JXcQdy9IZBtLRqG4fAXxCU4RuoqgLD5vJ2Mjww2lPGAJn8oDOzeSzjWBMHw==", "password"=>"[FILTERED]", "commit"=>"Push it!"}
12:12:30 internalweb.1 |    (0.2ms)  begin transaction
12:12:30 internalweb.1 |   SQL (0.4ms)  INSERT INTO "passwords" ("expire_after_days", "expire_after_views", "deletable_by_viewer", "url_token", "first_view", "payload", "created_at", "updated_at") VALUES (?, ?, ?, ?, ?, ?, ?, ?)  [["expire_after_days", 1], ["expire_after_views", 1], ["deletable_by_viewer", "t"], ["url_token", "m1cvna0odqodl7n3"], ["first_view", "t"], ["payload", "7vc2R7lKzLdqoZyu4EGgQQ==\n"], ["created_at", "2018-01-09 14:12:30.947856"], ["updated_at", "2018-01-09 14:12:30.947856"]]
12:12:30 internalweb.1 |    (0.1ms)  rollback transaction
12:12:30 internalweb.1 | Completed 500 Internal Server Error in 25ms (ActiveRecord: 2.0ms)
12:12:30 internalweb.1 | 
12:12:30 internalweb.1 | ActiveRecord::StatementInvalid (SQLite3::ReadOnlyException: attempt to write a readonly database: INSERT INTO "passwords" ("expire_after_days", "expire_after_views", "deletable_by_viewer", "url_token", "first_view", "payload", "created_at", "updated_at") VALUES (?, ?, ?, ?, ?, ?, ?, ?)):
12:12:30 internalweb.1 |   app/controllers/passwords_controller.rb:89:in `block in create'
12:12:30 internalweb.1 |   app/controllers/passwords_controller.rb:88:in `create'

Ps: it was working perfectly.

Thank you

Yes. This project has gone too long without a good test suite.

Per @alexandrezia in this comment: #33 (comment)

the highlighting of a password is a bit confusing with it's custom CSS style. Let's standardize on something more traditional/normal.

per @NinoFloris in issue #42

I can run this fine from the rails server. once i add my apache config to run it as a virtual host I only get a page that says:
"We're sorry, but something went wrong." etc.
I turned on debug logging and see this:
Started GET "/" for 10.1.91.44 at Wed Aug 01 18:53:51 -0400 2012
Processing by PasswordsController#new as HTML
Rendered passwords/new.html.haml within layouts/application (18.8ms)
Completed 500 Internal Server Error in 110ms

ActionView::Template::Error (application.css isn't precompiled):
2: %html
3: %head
4: %title PasswordPusher
5: = stylesheet_link_tag "application"
6: = javascript_include_tag "application"
7: = csrf_meta_tags
8: = render :partial => "layouts/ga" if Rails.env == "production"
app/views/layouts/application.html.haml:5:in _app_views_layouts_application_html_haml___316259974_70142076888800' app/controllers/passwords_controller.rb:72:innew'

Any idea? I started with setting RAILS_ENV=private but got different errors so redid with "production". I'm not sure how to easily switch back and forth, IE which commands would have to be re-run.

Rails 3.2 is end-of-life. A security-oriented tool like PasswordPusher should not be running on a platform that will not receive timely security patches or bug fixes. The code base should be upgraded to Rails 5.x to ensure it receives essential security updates for the underlying platform.

http://guides.rubyonrails.org/maintenance_policy.html#unsupported-release-series

I love your app.

I've changed the default slider values to 10 days and 5 views. This worked technically but cosmetically the page still shows 30 days and 10 views. I have no idea why, I've restarted the server and cleared tmp/cache. The page I edited was app/views/passwords/new.html.haml on lines 13,15 and 17,19.

If the sliders are moved the display immediately changes to the correct value.

Any plans to update the app for a more current version of Ruby? Seems like newer versions of Ruby choke with:

Gem Load Error is: uninitialized constant Syck

This happens when trying to run:
RAILS_ENV=private bundle exec rake db:setup

Per this Twitter thread:
https://twitter.com/thanius/status/1001438709462523904

When passing password URLs to outside clients/customers, the front page form should be password protected and not accessible globally.

Depending on time available, I may just add basic HTTP auth to start but using devise like logins to also track created passwords would be ideal.

I think pwpush.com is a great service, but IMO the default expiration settings are way too loose. If a client sends me an e-mail with a link that doesn't expire for 30 days and 10 views, then that's a really large window for an attacker.

Ideally, I'd go for 3 days and 1 view, but that's probably too tight more the general public. Maybe 8 days and 2 views?

Reported by Zookee here:

When copying the text after clicking the pwpush link, sometimes it adds a
space at the end. I tested this in Firefox, IE, and Chrome, the trailing space
occurred in FF and IE but not Chrome.
Example, "testpassword" becomes "testpassword ".
Is this a bug or a browser issue?

Could you please add instructions to the documentation on how to redirect traffic from http to https?

Currently, only the first view of a newly-generated password displays a "copy to clipboard" link. It would be convenient (and potentially increase security) if subsequent views also had the ability to copy to the clipboard without de-obfuscating the password.

The code to do this is already in app/views/passwords/show.html.haml, but it would probably have to be hoisted into a helper or service object to keep it DRY. There may be other approaches, too, but that seems like the simplest solution.

I'm trying to create a /Slash command for slack to securely share passwords. Can someone point me in the right direction, please?

Hi there,

I'm deploying to a production system, and I am running the command:

RAILS_ENV=production bundle exec rake db:setup

And when I do, I get the following error:

-- create_table("passwords", {:force=>true})
rake aborted!
ActiveRecord::StatementInvalid: Mysql::Error: All parts of a PRIMARY KEY must be NOT NULL; if you need NULL in a key, use UNIQUE instead

Are there any known issues using mysql?

Instead of:

git clone [email protected]:pglombardo/PasswordPusher.git
cd PasswordPusher
gem install bundler
bundle install --without development production test --deployment
bundle exec rake assets:precompile
RAILS_ENV=private bundle exec rake db:setup
foreman start internalweb

Then view the site @ http://localhost:5000/.

we should provide a ruby executable to do this in one step. So the resulting instructions would be:

git clone [email protected]:pglombardo/PasswordPusher.git
cd PasswordPusher
./bin/run_private

Then view the site @ http://localhost:5000/.

That script can/should also:

1. Validate Ruby version
2. Existence of required base gems (e.g. bundler)
   etc...

PWPUSH is awesome! Such a life/timesaver!

I'm working on adding a different color scheme / layout to the page, however running into issues when doing so. Can you specify which css file(s) should be modified to accomplish this?

Also, I noticed when updated the css, the old pages get pulled from /tmp/cache and don't reflect the changes. Is this typical behavior or should there be a different way to refresh each time, other than removing these files?

Much appreciated, thank you!!!!
-Jon

Is it possible to secure the application itself?

I'll be using haproxy, and securing the front end.. but I want both the front end and back end secured.

After a bit of searching, it looks like a chain of proxies would be the way to go. That would ensure the traffic is encrypted all the way to the machine the application is on.

Am I overlooking anything?