Commit Graph

51 Commits

Author SHA1 Message Date
BeauTroll
fc1cac8e5a fix: properly configure Apache MPM Prefork with dedicated config file
- Create dedicated apache/mpm_prefork.conf to override default MPM settings
- Mount mpm_prefork.conf to /etc/apache2/mods-available/ to properly apply limits
- Remove MPM config from nextcloud.conf (was being ignored)
- Set ServerLimit and MaxRequestWorkers to 400 (up from 150 default)
- Configure optimized worker settings for better concurrency

This fixes the "server reached MaxRequestWorkers" error that was causing
sync failures and 404 errors by properly overriding Apache's default
configuration file instead of trying to set it in conf-enabled.

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
2026-01-03 04:14:41 +01:00
BeauTroll
5d610b9177 increase server limit 2026-01-03 04:07:31 +01:00
BeauTroll
8096d8985b Merge remote-tracking branch 'origin/main' 2026-01-03 04:03:16 +01:00
BeauTroll
8462b10e3b fix: increase Apache MaxRequestWorkers and optimize performance settings
- Increase MaxRequestWorkers from 150 to 400 to prevent "server reached MaxRequestWorkers" errors
- Configure MPM Prefork module with optimized worker settings
- Add AllowEncodedSlashes NoDecode for special characters in filenames
- Increase Redis maxmemory from 512MB to 2GB for better caching
- Extend PHP execution times from 1800s to 7200s for large operations
- Increase MariaDB max_allowed_packet to 1GB for large file uploads

These changes resolve sync failures caused by Apache worker exhaustion.

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
2026-01-03 04:00:12 +01:00
root
6bdd8e918c add traefik transport 2025-12-23 01:28:12 +01:00
root
44ec0a004a remove uncessary labels 2025-12-23 01:04:16 +01:00
root
c403419ea1 adapt for traefik labels 2025-12-23 00:23:18 +01:00
BeauTroll
a1b51599c6 feat: expose Apache logs to host for fail2ban integration
- Mount Apache logs directory to ./logs/apache
- Configure JSON file logging driver with rotation
- Set max log size to 10MB with 3 files retention
- Enable fail2ban to monitor access logs directly
- Prevents need for systemd service to export logs

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
2025-12-20 21:03:48 +01:00
BeauTroll
123f7b6a9c feat: add custom Docker image with ffmpeg for video previews
- Create Dockerfile extending nextcloud:latest with ffmpeg
- Add .dockerignore to optimize build context
- Update docker-compose.yml to use custom image build
- Modify update.sh to rebuild custom image on updates
- Document custom image setup in README
- Enable video preview generation for .mov, .mp4 files

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
2025-12-20 13:51:19 +01:00
BeauTroll
f02c9b36b2 chore: remove unused enable-modules.sh script
- Script not mounted in Docker container
- Cannot be executed from container
- Commands already documented in README
- Reduces maintenance overhead

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
2025-12-20 13:12:56 +01:00
BeauTroll
43517b36cc fix: increase Apache timeouts for large file uploads (>40MB)
- Add Timeout 3600 (1h) for long-running uploads
- Enable KeepAlive with 300s timeout to maintain connections
- Set MaxKeepAliveRequests to 200 for chunked uploads
- Fixes sync client errors on files larger than 40MB

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
2025-12-20 13:03:19 +01:00
BeauTroll
57db8b6111 docs: add Apache/Traefik configuration and troubleshooting guides
Add comprehensive documentation for Apache configuration behind Traefik reverse proxy, including module activation, debug mode troubleshooting, and client sync error resolution.

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
2025-12-20 12:59:48 +01:00
BeauTroll
53cc23e153 chore: restore MultiViews and add all required Apache modules
- Restore MultiViews option in Directory configuration
- Add headers, rewrite, dir, and mime modules to enable script
- Keep remoteip and env modules for Traefik integration

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
2025-12-20 12:51:36 +01:00
BeauTroll
a83426d198 feat: enhance Apache config for Traefik reverse proxy
- Add RemoteIP configuration to capture real client IPs
- Enable HTTPS detection via X-Forwarded-Proto header
- Add security headers (X-Frame-Options, CSP, etc.)
- Disable Apache WebDAV to prevent conflicts with Nextcloud
- Add module activation script for remoteip and env
- Optimize Directory options (FollowSymLinks without MultiViews)
- Add commented alternative PHP limits for reference

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
2025-12-20 12:37:23 +01:00
BeauTroll
6fa7704c13 feat: add custom Apache configuration for Nextcloud
Add custom Apache configuration file to optimize Nextcloud performance and security.
Mount nextcloud.conf into Apache's conf-enabled directory for automatic loading.

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
2025-12-19 18:41:19 +01:00
BeauTroll
b802c8a5cd docs: add debug mode documentation to README
Added comprehensive documentation about debug mode:

In "Résolution de problèmes" section:
- How to check debug mode status
- How to disable debug mode (production)
- How to enable temporarily (development only)
- Security warnings and risks explained

In "Sécurité" section:
- Added to best practices checklist
- Reminder to verify debug mode is disabled

Key warnings included:
- Security: exposes sensitive information
- Performance: excessive logging slows down app
- Disk space: fills up disk quickly
- Compliance: may log personal data (GDPR)

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
2025-12-18 04:08:37 +01:00
BeauTroll
b3ae8a8622 fix: measure actual Nextcloud user data instead of entire volume
Changed health check to measure the correct directory:
- Before: ./data (entire Docker volume including app code)
- After: ./data/data (actual Nextcloud user data)

Updated message from "Taille des données" to "Taille des données
utilisateurs" for clarity.

This provides more accurate metrics for monitoring actual user storage usage.

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
2025-12-18 03:28:58 +01:00
BeauTroll
7dcffd2ae0 fix: resolve health check issues with Redis and du commands
Fixed multiple issues in health check script:

1. Redis check failing due to missing .env loading
   - Re-added .env sourcing at script start
   - Redis container doesn't have REDIS_HOST_PASSWORD in env
   - Script needs to load it from .env file

2. Script exiting early when du returns non-zero exit code
   - du returns error code 1 when it can't read some subdirectories (permissions)
   - Even though it outputs the size successfully
   - Added || echo "" to handle non-zero exit codes gracefully
   - Fixed for DATA_SIZE, DB_SIZE, and LOGS_SIZE checks

3. Fixed typo in DB_SIZE validation (was checking DATA_SIZE instead)

These fixes ensure:
- Complete health check output with summary section
- No premature script exits
- Proper Redis authentication testing
- Robust handling of permission errors in du commands

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
2025-12-18 03:24:50 +01:00
BeauTroll
08fdfc3a2e fix: prevent spurious N/A output in health check
Fixed issue where "N/A" was being printed directly to stdout instead of
being captured in variables when du commands partially failed.

Changed from:
DATA_SIZE=$(du -sh ./data 2>/dev/null | cut -f1 || echo "N/A")

To:
DATA_SIZE=$(du -sh ./data 2>/dev/null | cut -f1)
if [ -z "$DATA_SIZE" ]; then
  DATA_SIZE="N/A"
fi

This prevents spurious "N/A" lines appearing in the health check output.

Fixed for:
- DATA_SIZE (data directory size)
- DB_SIZE (database directory size)
- LOGS_SIZE (logs directory size)

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
2025-12-18 03:12:37 +01:00
BeauTroll
51d42c6437 fix: handle passwords with special characters in health check
The health check was failing when MySQL passwords contained special
characters like # because it was sourcing .env as a bash script,
where # is treated as a comment.

Solution: Remove unnecessary .env sourcing and use environment variables
directly from the db container, which Docker Compose has already correctly
parsed from .env.

This fixes the "Impossible de se connecter à MySQL" error when passwords
contain #, $, !, or other special characters.

Benefits:
- Works with any special characters in passwords
- Simpler code (removed 4 lines)
- More reliable (uses container's environment directly)

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
2025-12-18 02:50:39 +01:00
BeauTroll
bd1e2dca27 fix: add database name to MySQL connection test in health check
The MySQL connection test was failing because it didn't specify the
database name. MySQL requires a database to be selected when using
the -e flag with SELECT queries.

Changed:
mysql -u"$MYSQL_USER" -e 'SELECT 1'

To:
mysql -u"$MYSQL_USER" "$MYSQL_DATABASE" -e 'SELECT 1'

This fixes the "Impossible de se connecter à MySQL" error in production
even when MySQL is working correctly.

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
2025-12-18 02:42:09 +01:00
BeauTroll
e055d708a5 feat: add automated backup system with Docker-based cron
Implement a dedicated Docker container (backup-cron) for automated daily
backups and maintenance tasks, eliminating the need for host cron configuration.

New features:
- backup-cron service: Alpine-based container with Docker CLI and cron
- Automated daily backup at 5:00 AM (Europe/Paris timezone)
- Automated health check at 6:00 AM (after backup)
- Weekly log cleanup on Sundays at 3:00 AM (removes logs >30 days)

Files added:
- cron/Dockerfile: Alpine Linux with docker-cli, bash, and tzdata
- cron/entrypoint.sh: Starts crond and displays configuration
- cron/crontab: Scheduled tasks configuration
- cron/README.md: Complete documentation for automated backups
- scripts/clean-old-logs.sh: Automated log cleanup script

Makefile enhancements:
- make cron-status: Display backup automation status and schedule
- make cron-logs: View logs from automated tasks

Configuration improvements:
- Auto-detect COMPOSE_PROJECT_NAME from directory name (portable)
- Fix df command to use POSIX format (-P flag) for consistent output
- Updated .env.example with COMPOSE_PROJECT_NAME documentation

Benefits:
- No host cron configuration required
- Portable across different environments
- Automatic timezone handling
- Integrated with existing backup/health check scripts
- Logs all automated tasks for monitoring

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
2025-12-18 02:24:48 +01:00
BeauTroll
a7c14f9000 fix: use absolute paths for log files in all scripts
Fixed issue where log file redirections would fail when scripts change
directories. All scripts now use $PROJECT_ROOT/logs/... instead of
relative paths ./logs/...

This prevents errors like "Aucun fichier ou dossier de ce nom" when
scripts execute commands in different directories (e.g., checksum
verification in restore.sh).

Affected files:
- scripts/backup.sh
- scripts/restore.sh
- scripts/update.sh
- scripts/recover.sh

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
2025-12-17 20:24:48 +01:00
BeauTroll
01c0db45f5 feat: enhance Makefile with Docker Compose v2 support and new utilities
Major improvements to the Makefile:

- Auto-detect Docker Compose v2 (docker compose) vs v1 (docker-compose)
- Add new utility commands:
  * make logs-all: View logs from all containers
  * make shell: Open bash in Nextcloud container
  * make db-shell: Open MySQL shell
  * make redis-shell: Open Redis CLI (with password support)
  * make permissions: Fix file permissions
  * make clean: Clean old logs (>30 days) and temp files

- Improve restore command:
  * Now requires FILE= parameter for better UX
  * Shows helpful error with list of available backups
  * Example: make restore FILE=./backups/backup.tar.gz

- Better help organization:
  * New "Monitoring" section
  * Better documentation for all commands
  * More detailed command descriptions

- Simplify health check:
  * Use comprehensive check-health.sh script
  * Remove duplicate check-health target

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
2025-12-17 20:19:23 +01:00
BeauTroll
b693ed1364 fix: add Redis password authentication support in health check
The health check script was not using the REDIS_HOST_PASSWORD environment
variable when checking Redis connectivity, causing failures when Redis is
password-protected. Now properly detects and uses the password from .env
when available.

Also includes minor cleanup in backup.sh (formatting and redundant log removal).

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
2025-12-17 20:10:20 +01:00
BeauTroll
dd27bdebb5 Fine-tune disk space estimation for maximum accuracy
Final optimizations based on real Nextcloud data characteristics:

Changes:
- Reduce DB estimate from 50MB to 10MB (mysqldump is tiny vs raw files)
- Adjust compression ratio from 90% to 30% (Nextcloud has pre-compressed files)
- Files are mostly images/PDFs already compressed, gzip gains are minimal

Results progression:
- Initial:  1.7GiB required → 55MB final (97% off)
- V2:       840MiB required → 55MB final (94% off)
- V3:       130MiB required → 55MB final (58% off)
- Final:    82MiB required  → 55MB final (5% off) ✓

The estimation is now extremely accurate because it accounts for:
1. Excluded directories (preview, cache, thumbnails)
2. SQL dump vs raw MySQL files difference
3. Realistic compression ratio for already-compressed files

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
2025-12-17 20:00:34 +01:00
BeauTroll
fcc60226ca Calculate accurate disk space by using same exclusions as backup
Major improvement: Calculate size from inside containers with the
same exclusions used during actual backup, resulting in much more
accurate space estimation.

Changes:
- Use docker-compose exec to calculate size from containers
- Apply same exclusions as tar backup (preview, cache, thumbnails)
- Calculate DB size from /var/lib/mysql directly
- Reduce default fallback from 2GB to 500MB (more realistic)

Results before/after:
- Before: 1.7GiB required → 55MB final (97% difference)
- After:  840MiB required → 55MB final (35% difference)

The estimation is now much closer to reality because we exclude
preview images, caches and thumbnails that aren't backed up.

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
2025-12-17 19:50:41 +01:00
BeauTroll
fb2a3585d4 Improve disk space estimation messages in backup
Add compressed size estimation and better error handling:
- Show both uncompressed (for safety) and estimated compressed size
- Handle calculation failure gracefully with clear message
- Estimate compression ratio at ~90% (divide by 10)
- Add conditional check to prevent arithmetic errors

Example output:
- Espace requis (non compressé + 20%): 1.7GiB
- Espace estimé après compression: 170MiB
- Archive finale: 55MiB (actual result)

This helps users understand why the required space seems larger
than the final backup size (compression factor).

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
2025-12-17 19:43:04 +01:00
BeauTroll
2ed5314537 Fix backup script - resolve permission issues and restructure
Major fixes:
- Fix script structure: load .env before defining variables
- Remove duplicate color definitions (use common.sh)
- Fix permission issue: use sudo for du command on data/db dirs
- Add fallback to 2GB if disk space calculation fails
- Improve error messages and logging

The main issue was that data/ and db/ directories are owned by
different users (http, 999), causing du to fail even with stderr
redirection. Using sudo or || echo "0" fallback fixes this.

Tested: Backup now completes successfully with proper logging

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
2025-12-17 19:37:56 +01:00
BeauTroll
85ed35923c Fix disk space calculation in backup.sh
The comparison was failing with "integer expression expected" error
because AVAILABLE_SPACE contained whitespace characters.

Changes:
- Add tr -d '[:space:]' to clean AVAILABLE_SPACE value
- Add validation for empty REQUIRED_SPACE (fallback to 1GB)
- Add validation for empty AVAILABLE_SPACE (exit with error)
- Add 2>/dev/null on comparison to prevent error messages
- Improve error handling for edge cases

Fixes: scripts/backup.sh: ligne 106 : [: 1712798932 0 : nombre entier attendu

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
2025-12-17 19:30:12 +01:00
BeauTroll
f3c74de015 Refactor all scripts to use common.sh for consistent colored logging
- Update restore.sh to use common.sh instead of inline log function
- Update update.sh to use common.sh instead of inline log function
- Update recover.sh to use common.sh instead of inline log function
- Update check-health.sh to import colors from common.sh

Benefits:
- DRY principle: color definitions in one place
- Consistent logging across all scripts
- Easier maintenance: change log format once
- All scripts now have colored output in terminal
- Reduced code duplication (48 lines removed)

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
2025-12-17 19:26:47 +01:00
BeauTroll
58bc9a47cc Add colored logging with shared common.sh library
- Create scripts/common.sh with reusable log() function and color definitions
- Refactor backup.sh to use common.sh for consistent logging
- Add color support: ERROR (red), WARN (yellow), SUCCESS (green), INFO (normal)
- Colors only appear in terminal, plain text in log files
- Improve code organization and DRY principle
- Fix shellcheck spacing warnings in backup.sh

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
2025-12-17 19:24:19 +01:00
BeauTroll
c6de550329 Apply critical security fixes and major improvements to all scripts
Security (CRITICAL):
- Add .env.example with strong password generation instructions
- Fix path traversal validation in restore.sh (now detects all .. patterns)
- Secure .env loading with set -a/set +a in all scripts
- Add logs/ to .gitignore to prevent credential leaks

Backup & Restore (IMPORTANT):
- Add file locking system to prevent concurrent backups
- Add disk space verification before backup operations
- Generate SHA256 checksums for all backups
- Verify checksums before restoration
- Create safety database backup before restore
- Implement comprehensive logging to ./logs/ directory
- Fix BACKUP_RETENTION_DAYS inconsistency
- Replace dangerous find -delete with safe iteration

Update & Recovery:
- Backup docker-compose.yml before updates with auto-rollback
- Add version display before/after updates
- Increase timeouts to 120s for slow containers
- Dynamic backup suggestion in recover.sh

Compatibility:
- Add Docker Compose v2 support with v1 fallback in all scripts
- Standardized log() function across all scripts

New Features:
- Add check-health.sh: comprehensive system health monitoring
- Add SECURITY.md: complete security documentation
- Update Makefile with check-health and recover commands
- Centralized logging with timestamps and levels

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
2025-12-17 18:27:00 +01:00
BeauTroll
701513ce15 Standardize error message prefixes in backup.sh
Replace emoji-based prefixes with consistent [ERR], [WARN], and [*]
prefixes for better parsing and logging compatibility.

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
2025-12-17 18:16:21 +01:00
BeauTroll
256d2632a1 fix escaping 2025-12-16 05:16:38 +01:00
BeauTroll
03821b5e18 fix quoted string 2025-12-16 05:15:04 +01:00
BeauTroll
b9c6122d4f add recover script 2025-12-16 05:09:47 +01:00
BeauTroll
f3655144a7 improve transparency and fix variable naming 2025-12-16 03:23:42 +01:00
BeauTroll
386f731c2b improve Makefile and secure bash scripts 2025-12-15 11:35:24 +01:00
BeauTroll
2dc57afab4 add backup to gitignore 2025-12-15 11:32:32 +01:00
BeauTroll
517e337a25 improve scripts security 2025-12-15 11:14:16 +01:00
BeauTroll
dc15b4665d fix env 2025-12-15 11:02:39 +01:00
BeauTroll
a7e6cf402d update readme 2025-12-15 11:00:58 +01:00
BeauTroll
db65cd7ec9 add dev/prod configuration 2025-12-15 03:47:03 +01:00
BeauTroll
764b78a12e fix indentation 2025-12-15 03:38:50 +01:00
BeauTroll
7c6a42587c add readme 2025-12-15 02:54:16 +01:00
BeauTroll
d0ce7d5185 remove redis host from env 2025-12-15 02:53:50 +01:00
root
ddc99b914f add scripts 2025-12-14 22:26:17 +01:00
root
5aa7471f80 add .env.example 2025-12-14 20:20:22 +01:00
root
323a16f287 refactor docker compose 2025-12-14 20:10:07 +01:00