Spiegel von
https://github.com/dani-garcia/vaultwarden.git
synchronisiert 2024-11-22 05:10:29 +01:00
Add a persistent volume check.
This will add a persistent volume check to make sure when running containers someone is using a volume for persistent storage. This check can be bypassed if someone configures `I_REALLY_WANT_VOLATILE_STORAGE=true` as an environment variable. This should prevent issues like #2493 .
Dieser Commit ist enthalten in:
Ursprung
bf0b8d9968
Commit
40ed505581
18 geänderte Dateien mit 116 neuen und 0 gelöschten Zeilen
|
@ -238,6 +238,12 @@ VOLUME /data
|
||||||
EXPOSE 80
|
EXPOSE 80
|
||||||
EXPOSE 3012
|
EXPOSE 3012
|
||||||
|
|
||||||
|
# Create a special empty file which we check within the application.
|
||||||
|
# If this file exists, then we exit Vaultwarden to prevent data loss when someone forgets to use volumes.
|
||||||
|
# If you really really want to use volatile storage you can set the env `I_REALLY_WANT_VOLATILE_STORAGE=true`
|
||||||
|
# This file should disappear if a volume is mounted on-top of this using a docker volume.
|
||||||
|
RUN touch /data/vaultwarden_docker_persistent_volume_check
|
||||||
|
|
||||||
# Copies the files from the context (Rocket.toml file and web-vault)
|
# Copies the files from the context (Rocket.toml file and web-vault)
|
||||||
# and the binary from the "build" stage to the current stage
|
# and the binary from the "build" stage to the current stage
|
||||||
WORKDIR /
|
WORKDIR /
|
||||||
|
|
|
@ -112,6 +112,12 @@ VOLUME /data
|
||||||
EXPOSE 80
|
EXPOSE 80
|
||||||
EXPOSE 3012
|
EXPOSE 3012
|
||||||
|
|
||||||
|
# Create a special empty file which we check within the application.
|
||||||
|
# If this file exists, then we exit Vaultwarden to prevent data loss when someone forgets to use volumes.
|
||||||
|
# If you really really want to use volatile storage you can set the env `I_REALLY_WANT_VOLATILE_STORAGE=true`
|
||||||
|
# This file should disappear if a volume is mounted on-top of this using a docker volume.
|
||||||
|
RUN touch /data/vaultwarden_docker_persistent_volume_check
|
||||||
|
|
||||||
# Copies the files from the context (Rocket.toml file and web-vault)
|
# Copies the files from the context (Rocket.toml file and web-vault)
|
||||||
# and the binary from the "build" stage to the current stage
|
# and the binary from the "build" stage to the current stage
|
||||||
WORKDIR /
|
WORKDIR /
|
||||||
|
|
|
@ -104,6 +104,12 @@ VOLUME /data
|
||||||
EXPOSE 80
|
EXPOSE 80
|
||||||
EXPOSE 3012
|
EXPOSE 3012
|
||||||
|
|
||||||
|
# Create a special empty file which we check within the application.
|
||||||
|
# If this file exists, then we exit Vaultwarden to prevent data loss when someone forgets to use volumes.
|
||||||
|
# If you really really want to use volatile storage you can set the env `I_REALLY_WANT_VOLATILE_STORAGE=true`
|
||||||
|
# This file should disappear if a volume is mounted on-top of this using a docker volume.
|
||||||
|
RUN touch /data/vaultwarden_docker_persistent_volume_check
|
||||||
|
|
||||||
# Copies the files from the context (Rocket.toml file and web-vault)
|
# Copies the files from the context (Rocket.toml file and web-vault)
|
||||||
# and the binary from the "build" stage to the current stage
|
# and the binary from the "build" stage to the current stage
|
||||||
WORKDIR /
|
WORKDIR /
|
||||||
|
|
|
@ -112,6 +112,12 @@ VOLUME /data
|
||||||
EXPOSE 80
|
EXPOSE 80
|
||||||
EXPOSE 3012
|
EXPOSE 3012
|
||||||
|
|
||||||
|
# Create a special empty file which we check within the application.
|
||||||
|
# If this file exists, then we exit Vaultwarden to prevent data loss when someone forgets to use volumes.
|
||||||
|
# If you really really want to use volatile storage you can set the env `I_REALLY_WANT_VOLATILE_STORAGE=true`
|
||||||
|
# This file should disappear if a volume is mounted on-top of this using a docker volume.
|
||||||
|
RUN touch /data/vaultwarden_docker_persistent_volume_check
|
||||||
|
|
||||||
# Copies the files from the context (Rocket.toml file and web-vault)
|
# Copies the files from the context (Rocket.toml file and web-vault)
|
||||||
# and the binary from the "build" stage to the current stage
|
# and the binary from the "build" stage to the current stage
|
||||||
WORKDIR /
|
WORKDIR /
|
||||||
|
|
|
@ -104,6 +104,12 @@ VOLUME /data
|
||||||
EXPOSE 80
|
EXPOSE 80
|
||||||
EXPOSE 3012
|
EXPOSE 3012
|
||||||
|
|
||||||
|
# Create a special empty file which we check within the application.
|
||||||
|
# If this file exists, then we exit Vaultwarden to prevent data loss when someone forgets to use volumes.
|
||||||
|
# If you really really want to use volatile storage you can set the env `I_REALLY_WANT_VOLATILE_STORAGE=true`
|
||||||
|
# This file should disappear if a volume is mounted on-top of this using a docker volume.
|
||||||
|
RUN touch /data/vaultwarden_docker_persistent_volume_check
|
||||||
|
|
||||||
# Copies the files from the context (Rocket.toml file and web-vault)
|
# Copies the files from the context (Rocket.toml file and web-vault)
|
||||||
# and the binary from the "build" stage to the current stage
|
# and the binary from the "build" stage to the current stage
|
||||||
WORKDIR /
|
WORKDIR /
|
||||||
|
|
|
@ -136,6 +136,12 @@ VOLUME /data
|
||||||
EXPOSE 80
|
EXPOSE 80
|
||||||
EXPOSE 3012
|
EXPOSE 3012
|
||||||
|
|
||||||
|
# Create a special empty file which we check within the application.
|
||||||
|
# If this file exists, then we exit Vaultwarden to prevent data loss when someone forgets to use volumes.
|
||||||
|
# If you really really want to use volatile storage you can set the env `I_REALLY_WANT_VOLATILE_STORAGE=true`
|
||||||
|
# This file should disappear if a volume is mounted on-top of this using a docker volume.
|
||||||
|
RUN touch /data/vaultwarden_docker_persistent_volume_check
|
||||||
|
|
||||||
# Copies the files from the context (Rocket.toml file and web-vault)
|
# Copies the files from the context (Rocket.toml file and web-vault)
|
||||||
# and the binary from the "build" stage to the current stage
|
# and the binary from the "build" stage to the current stage
|
||||||
WORKDIR /
|
WORKDIR /
|
||||||
|
|
|
@ -108,6 +108,12 @@ VOLUME /data
|
||||||
EXPOSE 80
|
EXPOSE 80
|
||||||
EXPOSE 3012
|
EXPOSE 3012
|
||||||
|
|
||||||
|
# Create a special empty file which we check within the application.
|
||||||
|
# If this file exists, then we exit Vaultwarden to prevent data loss when someone forgets to use volumes.
|
||||||
|
# If you really really want to use volatile storage you can set the env `I_REALLY_WANT_VOLATILE_STORAGE=true`
|
||||||
|
# This file should disappear if a volume is mounted on-top of this using a docker volume.
|
||||||
|
RUN touch /data/vaultwarden_docker_persistent_volume_check
|
||||||
|
|
||||||
# Copies the files from the context (Rocket.toml file and web-vault)
|
# Copies the files from the context (Rocket.toml file and web-vault)
|
||||||
# and the binary from the "build" stage to the current stage
|
# and the binary from the "build" stage to the current stage
|
||||||
WORKDIR /
|
WORKDIR /
|
||||||
|
|
|
@ -136,6 +136,12 @@ VOLUME /data
|
||||||
EXPOSE 80
|
EXPOSE 80
|
||||||
EXPOSE 3012
|
EXPOSE 3012
|
||||||
|
|
||||||
|
# Create a special empty file which we check within the application.
|
||||||
|
# If this file exists, then we exit Vaultwarden to prevent data loss when someone forgets to use volumes.
|
||||||
|
# If you really really want to use volatile storage you can set the env `I_REALLY_WANT_VOLATILE_STORAGE=true`
|
||||||
|
# This file should disappear if a volume is mounted on-top of this using a docker volume.
|
||||||
|
RUN touch /data/vaultwarden_docker_persistent_volume_check
|
||||||
|
|
||||||
# Copies the files from the context (Rocket.toml file and web-vault)
|
# Copies the files from the context (Rocket.toml file and web-vault)
|
||||||
# and the binary from the "build" stage to the current stage
|
# and the binary from the "build" stage to the current stage
|
||||||
WORKDIR /
|
WORKDIR /
|
||||||
|
|
|
@ -108,6 +108,12 @@ VOLUME /data
|
||||||
EXPOSE 80
|
EXPOSE 80
|
||||||
EXPOSE 3012
|
EXPOSE 3012
|
||||||
|
|
||||||
|
# Create a special empty file which we check within the application.
|
||||||
|
# If this file exists, then we exit Vaultwarden to prevent data loss when someone forgets to use volumes.
|
||||||
|
# If you really really want to use volatile storage you can set the env `I_REALLY_WANT_VOLATILE_STORAGE=true`
|
||||||
|
# This file should disappear if a volume is mounted on-top of this using a docker volume.
|
||||||
|
RUN touch /data/vaultwarden_docker_persistent_volume_check
|
||||||
|
|
||||||
# Copies the files from the context (Rocket.toml file and web-vault)
|
# Copies the files from the context (Rocket.toml file and web-vault)
|
||||||
# and the binary from the "build" stage to the current stage
|
# and the binary from the "build" stage to the current stage
|
||||||
WORKDIR /
|
WORKDIR /
|
||||||
|
|
|
@ -141,6 +141,12 @@ VOLUME /data
|
||||||
EXPOSE 80
|
EXPOSE 80
|
||||||
EXPOSE 3012
|
EXPOSE 3012
|
||||||
|
|
||||||
|
# Create a special empty file which we check within the application.
|
||||||
|
# If this file exists, then we exit Vaultwarden to prevent data loss when someone forgets to use volumes.
|
||||||
|
# If you really really want to use volatile storage you can set the env `I_REALLY_WANT_VOLATILE_STORAGE=true`
|
||||||
|
# This file should disappear if a volume is mounted on-top of this using a docker volume.
|
||||||
|
RUN touch /data/vaultwarden_docker_persistent_volume_check
|
||||||
|
|
||||||
# Copies the files from the context (Rocket.toml file and web-vault)
|
# Copies the files from the context (Rocket.toml file and web-vault)
|
||||||
# and the binary from the "build" stage to the current stage
|
# and the binary from the "build" stage to the current stage
|
||||||
WORKDIR /
|
WORKDIR /
|
||||||
|
|
|
@ -110,6 +110,12 @@ VOLUME /data
|
||||||
EXPOSE 80
|
EXPOSE 80
|
||||||
EXPOSE 3012
|
EXPOSE 3012
|
||||||
|
|
||||||
|
# Create a special empty file which we check within the application.
|
||||||
|
# If this file exists, then we exit Vaultwarden to prevent data loss when someone forgets to use volumes.
|
||||||
|
# If you really really want to use volatile storage you can set the env `I_REALLY_WANT_VOLATILE_STORAGE=true`
|
||||||
|
# This file should disappear if a volume is mounted on-top of this using a docker volume.
|
||||||
|
RUN touch /data/vaultwarden_docker_persistent_volume_check
|
||||||
|
|
||||||
# Copies the files from the context (Rocket.toml file and web-vault)
|
# Copies the files from the context (Rocket.toml file and web-vault)
|
||||||
# and the binary from the "build" stage to the current stage
|
# and the binary from the "build" stage to the current stage
|
||||||
WORKDIR /
|
WORKDIR /
|
||||||
|
|
|
@ -141,6 +141,12 @@ VOLUME /data
|
||||||
EXPOSE 80
|
EXPOSE 80
|
||||||
EXPOSE 3012
|
EXPOSE 3012
|
||||||
|
|
||||||
|
# Create a special empty file which we check within the application.
|
||||||
|
# If this file exists, then we exit Vaultwarden to prevent data loss when someone forgets to use volumes.
|
||||||
|
# If you really really want to use volatile storage you can set the env `I_REALLY_WANT_VOLATILE_STORAGE=true`
|
||||||
|
# This file should disappear if a volume is mounted on-top of this using a docker volume.
|
||||||
|
RUN touch /data/vaultwarden_docker_persistent_volume_check
|
||||||
|
|
||||||
# Copies the files from the context (Rocket.toml file and web-vault)
|
# Copies the files from the context (Rocket.toml file and web-vault)
|
||||||
# and the binary from the "build" stage to the current stage
|
# and the binary from the "build" stage to the current stage
|
||||||
WORKDIR /
|
WORKDIR /
|
||||||
|
|
|
@ -110,6 +110,12 @@ VOLUME /data
|
||||||
EXPOSE 80
|
EXPOSE 80
|
||||||
EXPOSE 3012
|
EXPOSE 3012
|
||||||
|
|
||||||
|
# Create a special empty file which we check within the application.
|
||||||
|
# If this file exists, then we exit Vaultwarden to prevent data loss when someone forgets to use volumes.
|
||||||
|
# If you really really want to use volatile storage you can set the env `I_REALLY_WANT_VOLATILE_STORAGE=true`
|
||||||
|
# This file should disappear if a volume is mounted on-top of this using a docker volume.
|
||||||
|
RUN touch /data/vaultwarden_docker_persistent_volume_check
|
||||||
|
|
||||||
# Copies the files from the context (Rocket.toml file and web-vault)
|
# Copies the files from the context (Rocket.toml file and web-vault)
|
||||||
# and the binary from the "build" stage to the current stage
|
# and the binary from the "build" stage to the current stage
|
||||||
WORKDIR /
|
WORKDIR /
|
||||||
|
|
|
@ -136,6 +136,12 @@ VOLUME /data
|
||||||
EXPOSE 80
|
EXPOSE 80
|
||||||
EXPOSE 3012
|
EXPOSE 3012
|
||||||
|
|
||||||
|
# Create a special empty file which we check within the application.
|
||||||
|
# If this file exists, then we exit Vaultwarden to prevent data loss when someone forgets to use volumes.
|
||||||
|
# If you really really want to use volatile storage you can set the env `I_REALLY_WANT_VOLATILE_STORAGE=true`
|
||||||
|
# This file should disappear if a volume is mounted on-top of this using a docker volume.
|
||||||
|
RUN touch /data/vaultwarden_docker_persistent_volume_check
|
||||||
|
|
||||||
# Copies the files from the context (Rocket.toml file and web-vault)
|
# Copies the files from the context (Rocket.toml file and web-vault)
|
||||||
# and the binary from the "build" stage to the current stage
|
# and the binary from the "build" stage to the current stage
|
||||||
WORKDIR /
|
WORKDIR /
|
||||||
|
|
|
@ -108,6 +108,12 @@ VOLUME /data
|
||||||
EXPOSE 80
|
EXPOSE 80
|
||||||
EXPOSE 3012
|
EXPOSE 3012
|
||||||
|
|
||||||
|
# Create a special empty file which we check within the application.
|
||||||
|
# If this file exists, then we exit Vaultwarden to prevent data loss when someone forgets to use volumes.
|
||||||
|
# If you really really want to use volatile storage you can set the env `I_REALLY_WANT_VOLATILE_STORAGE=true`
|
||||||
|
# This file should disappear if a volume is mounted on-top of this using a docker volume.
|
||||||
|
RUN touch /data/vaultwarden_docker_persistent_volume_check
|
||||||
|
|
||||||
# Copies the files from the context (Rocket.toml file and web-vault)
|
# Copies the files from the context (Rocket.toml file and web-vault)
|
||||||
# and the binary from the "build" stage to the current stage
|
# and the binary from the "build" stage to the current stage
|
||||||
WORKDIR /
|
WORKDIR /
|
||||||
|
|
|
@ -136,6 +136,12 @@ VOLUME /data
|
||||||
EXPOSE 80
|
EXPOSE 80
|
||||||
EXPOSE 3012
|
EXPOSE 3012
|
||||||
|
|
||||||
|
# Create a special empty file which we check within the application.
|
||||||
|
# If this file exists, then we exit Vaultwarden to prevent data loss when someone forgets to use volumes.
|
||||||
|
# If you really really want to use volatile storage you can set the env `I_REALLY_WANT_VOLATILE_STORAGE=true`
|
||||||
|
# This file should disappear if a volume is mounted on-top of this using a docker volume.
|
||||||
|
RUN touch /data/vaultwarden_docker_persistent_volume_check
|
||||||
|
|
||||||
# Copies the files from the context (Rocket.toml file and web-vault)
|
# Copies the files from the context (Rocket.toml file and web-vault)
|
||||||
# and the binary from the "build" stage to the current stage
|
# and the binary from the "build" stage to the current stage
|
||||||
WORKDIR /
|
WORKDIR /
|
||||||
|
|
|
@ -108,6 +108,12 @@ VOLUME /data
|
||||||
EXPOSE 80
|
EXPOSE 80
|
||||||
EXPOSE 3012
|
EXPOSE 3012
|
||||||
|
|
||||||
|
# Create a special empty file which we check within the application.
|
||||||
|
# If this file exists, then we exit Vaultwarden to prevent data loss when someone forgets to use volumes.
|
||||||
|
# If you really really want to use volatile storage you can set the env `I_REALLY_WANT_VOLATILE_STORAGE=true`
|
||||||
|
# This file should disappear if a volume is mounted on-top of this using a docker volume.
|
||||||
|
RUN touch /data/vaultwarden_docker_persistent_volume_check
|
||||||
|
|
||||||
# Copies the files from the context (Rocket.toml file and web-vault)
|
# Copies the files from the context (Rocket.toml file and web-vault)
|
||||||
# and the binary from the "build" stage to the current stage
|
# and the binary from the "build" stage to the current stage
|
||||||
WORKDIR /
|
WORKDIR /
|
||||||
|
|
14
src/main.rs
14
src/main.rs
|
@ -276,6 +276,20 @@ fn check_data_folder() {
|
||||||
}
|
}
|
||||||
exit(1);
|
exit(1);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
let persistent_volume_check_file = format!("{data_folder}/vaultwarden_docker_persistent_volume_check");
|
||||||
|
let check_file = Path::new(&persistent_volume_check_file);
|
||||||
|
if check_file.exists() && std::env::var("I_REALLY_WANT_VOLATILE_STORAGE").is_err() {
|
||||||
|
error!(
|
||||||
|
"No persistent volume!\n\
|
||||||
|
########################################################################################\n\
|
||||||
|
# It looks like you did not configure a persistent volume! #\n\
|
||||||
|
# This will result in permanent data loss when the container is removed or updated! #\n\
|
||||||
|
# If you really want to use volatile storage set `I_REALLY_WANT_VOLATILE_STORAGE=true` #\n\
|
||||||
|
########################################################################################\n"
|
||||||
|
);
|
||||||
|
exit(1);
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
fn check_rsa_keys() -> Result<(), crate::error::Error> {
|
fn check_rsa_keys() -> Result<(), crate::error::Error> {
|
||||||
|
|
Laden …
In neuem Issue referenzieren