Changed health check to measure the correct directory:
- Before: ./data (entire Docker volume including app code)
- After: ./data/data (actual Nextcloud user data)
Updated message from "Taille des données" to "Taille des données
utilisateurs" for clarity.
This provides more accurate metrics for monitoring actual user storage usage.
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
Fixed multiple issues in health check script:
1. Redis check failing due to missing .env loading
- Re-added .env sourcing at script start
- Redis container doesn't have REDIS_HOST_PASSWORD in env
- Script needs to load it from .env file
2. Script exiting early when du returns non-zero exit code
- du returns error code 1 when it can't read some subdirectories (permissions)
- Even though it outputs the size successfully
- Added || echo "" to handle non-zero exit codes gracefully
- Fixed for DATA_SIZE, DB_SIZE, and LOGS_SIZE checks
3. Fixed typo in DB_SIZE validation (was checking DATA_SIZE instead)
These fixes ensure:
- Complete health check output with summary section
- No premature script exits
- Proper Redis authentication testing
- Robust handling of permission errors in du commands
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
Fixed issue where "N/A" was being printed directly to stdout instead of
being captured in variables when du commands partially failed.
Changed from:
DATA_SIZE=$(du -sh ./data 2>/dev/null | cut -f1 || echo "N/A")
To:
DATA_SIZE=$(du -sh ./data 2>/dev/null | cut -f1)
if [ -z "$DATA_SIZE" ]; then
DATA_SIZE="N/A"
fi
This prevents spurious "N/A" lines appearing in the health check output.
Fixed for:
- DATA_SIZE (data directory size)
- DB_SIZE (database directory size)
- LOGS_SIZE (logs directory size)
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
The health check was failing when MySQL passwords contained special
characters like # because it was sourcing .env as a bash script,
where # is treated as a comment.
Solution: Remove unnecessary .env sourcing and use environment variables
directly from the db container, which Docker Compose has already correctly
parsed from .env.
This fixes the "Impossible de se connecter à MySQL" error when passwords
contain #, $, !, or other special characters.
Benefits:
- Works with any special characters in passwords
- Simpler code (removed 4 lines)
- More reliable (uses container's environment directly)
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
The MySQL connection test was failing because it didn't specify the
database name. MySQL requires a database to be selected when using
the -e flag with SELECT queries.
Changed:
mysql -u"$MYSQL_USER" -e 'SELECT 1'
To:
mysql -u"$MYSQL_USER" "$MYSQL_DATABASE" -e 'SELECT 1'
This fixes the "Impossible de se connecter à MySQL" error in production
even when MySQL is working correctly.
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
The health check script was not using the REDIS_HOST_PASSWORD environment
variable when checking Redis connectivity, causing failures when Redis is
password-protected. Now properly detects and uses the password from .env
when available.
Also includes minor cleanup in backup.sh (formatting and redundant log removal).
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
- Update restore.sh to use common.sh instead of inline log function
- Update update.sh to use common.sh instead of inline log function
- Update recover.sh to use common.sh instead of inline log function
- Update check-health.sh to import colors from common.sh
Benefits:
- DRY principle: color definitions in one place
- Consistent logging across all scripts
- Easier maintenance: change log format once
- All scripts now have colored output in terminal
- Reduced code duplication (48 lines removed)
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
Security (CRITICAL):
- Add .env.example with strong password generation instructions
- Fix path traversal validation in restore.sh (now detects all .. patterns)
- Secure .env loading with set -a/set +a in all scripts
- Add logs/ to .gitignore to prevent credential leaks
Backup & Restore (IMPORTANT):
- Add file locking system to prevent concurrent backups
- Add disk space verification before backup operations
- Generate SHA256 checksums for all backups
- Verify checksums before restoration
- Create safety database backup before restore
- Implement comprehensive logging to ./logs/ directory
- Fix BACKUP_RETENTION_DAYS inconsistency
- Replace dangerous find -delete with safe iteration
Update & Recovery:
- Backup docker-compose.yml before updates with auto-rollback
- Add version display before/after updates
- Increase timeouts to 120s for slow containers
- Dynamic backup suggestion in recover.sh
Compatibility:
- Add Docker Compose v2 support with v1 fallback in all scripts
- Standardized log() function across all scripts
New Features:
- Add check-health.sh: comprehensive system health monitoring
- Add SECURITY.md: complete security documentation
- Update Makefile with check-health and recover commands
- Centralized logging with timestamps and levels
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
