theo/agence66-nextcloud-docker
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Apply critical security fixes and major improvements to all scripts

Browse Source 
Security (CRITICAL):
- Add .env.example with strong password generation instructions
- Fix path traversal validation in restore.sh (now detects all .. patterns)
- Secure .env loading with set -a/set +a in all scripts
- Add logs/ to .gitignore to prevent credential leaks

Backup & Restore (IMPORTANT):
- Add file locking system to prevent concurrent backups
- Add disk space verification before backup operations
- Generate SHA256 checksums for all backups
- Verify checksums before restoration
- Create safety database backup before restore
- Implement comprehensive logging to ./logs/ directory
- Fix BACKUP_RETENTION_DAYS inconsistency
- Replace dangerous find -delete with safe iteration

Update & Recovery:
- Backup docker-compose.yml before updates with auto-rollback
- Add version display before/after updates
- Increase timeouts to 120s for slow containers
- Dynamic backup suggestion in recover.sh

Compatibility:
- Add Docker Compose v2 support with v1 fallback in all scripts
- Standardized log() function across all scripts

New Features:
- Add check-health.sh: comprehensive system health monitoring
- Add SECURITY.md: complete security documentation
- Update Makefile with check-health and recover commands
- Centralized logging with timestamps and levels

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
This commit is contained in:
BeauTroll
2025-12-17 18:27:00 +01:00
parent 701513ce15
commit c6de550329
10 changed files with 1037 additions and 201 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
Makefile
View File

@@ -1,4 +1,4 @@
.PHONY: help up down restart logs ps occ backup restore update health
.PHONY: help up down restart logs ps occ backup restore update health check-health recover
include .env
export
@@ -68,6 +68,12 @@ health:
@docker-compose exec nextcloud php occ config:list system
@docker-compose exec -T db sh -c 'mysql -u"$$MYSQL_USER" -p"$$MYSQL_PASSWORD" -e "SELECT 1"' 2>/dev/null && echo "✅ Base de données accessible" || echo "❌ Erreur base de données"
check-health:
@bash scripts/check-health.sh
recover:
@bash scripts/recover.sh
# Catch-all target pour permettre les arguments aux commandes occ et restore
%:
@: