pkartch/vaultwarden
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
master
vaultwarden/backup-vaultwarden.sh
Paul Kartchner 2154ca1ce0 Add Vaultwarden backup system and fix HTTP header validation 
- Added BACKUP.md with comprehensive backup/restore documentation
- Created backup-vaultwarden.sh for automated PostgreSQL and data backups
- Created restore-vaultwarden.sh for safe backup restoration
- Fixed HTTP response validation by configuring Vaultwarden-specific headers
- Set X-XSS-Protection: 0 (as required by Vaultwarden)
- Set X-Frame-Options: SAMEORIGIN for API calls
- Removed conflicting secure-headers@file middleware
- Added custom vaultwarden-headers middleware
- Updated .gitignore to exclude backups/ directory

Backup system:
- Backs up to /srv/backups/vaultwarden/ (configurable)
- Logs to /var/log/vaultwarden/backup.log
- 30-day retention policy
- Includes PostgreSQL database, RSA key, config, and .env

Note: Backup scripts should be moved to /srv/backups/scripts/ for production use

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
2025-12-10 16:14:34 +00:00

82 lines
2.2 KiB
Bash
Executable File
Raw Permalink Blame History

#!/bin/bash
# Vaultwarden Backup Script
# Backs up PostgreSQL database and critical data files
set -e
# Configuration
BACKUP_DIR="/srv/backups/vaultwarden"
DATE=$(date +%Y%m%d_%H%M%S)
PGHOST="postgresql.pkartchner.com"
PGPORT="5432"
PGUSER="vaultwarden"
PGDATABASE="vaultwarden"
PGPASSWORD="lXleSC6e5mL1ZZs8qwG+NWhNh478ipGptRXsEMZRs28="
RETENTION_DAYS=30
# Create backup directory
mkdir -p "$BACKUP_DIR"
echo "=== Vaultwarden Backup Started: $(date) ==="
# PostgreSQL database backup (custom format - compressed and optimized)
echo "Backing up PostgreSQL database..."
docker run --rm \
-e PGPASSWORD="$PGPASSWORD" \
-v "$BACKUP_DIR:/backup" \
postgres:18-alpine \
pg_dump -h "$PGHOST" -p "$PGPORT" -U "$PGUSER" -d "$PGDATABASE" \
-F c -b -v -f "/backup/vaultwarden_db_$DATE.dump" 2>&1 | grep -v "^$"
if [ ${PIPESTATUS[0]} -eq 0 ]; then
echo "✓ Database backup completed"
else
echo "✗ Database backup failed"
exit 1
fi
# Data directory backup (critical files only)
echo "Backing up data directory..."
tar -czf "$BACKUP_DIR/vaultwarden_data_$DATE.tar.gz" \
-C /srv/docker-compose/vaultwarden \
--exclude='data/icon_cache' \
--exclude='data/tmp' \
data/config.json data/rsa_key.pem 2>&1
if [ $? -eq 0 ]; then
echo "✓ Data directory backup completed"
else
echo "✗ Data directory backup failed"
exit 1
fi
# Environment file backup (contains credentials)
echo "Backing up .env file..."
cp /srv/docker-compose/vaultwarden/.env "$BACKUP_DIR/vaultwarden_env_$DATE.env"
echo "✓ Environment file backup completed"
# Calculate backup sizes
DB_SIZE=$(du -h "$BACKUP_DIR/vaultwarden_db_$DATE.dump" | cut -f1)
DATA_SIZE=$(du -h "$BACKUP_DIR/vaultwarden_data_$DATE.tar.gz" | cut -f1)
echo ""
echo "=== Backup Summary ==="
echo "Database backup: $DB_SIZE"
echo "Data backup: $DATA_SIZE"
echo "Location: $BACKUP_DIR"
# Cleanup old backups
echo ""
echo "Cleaning up backups older than $RETENTION_DAYS days..."
DELETED=$(find "$BACKUP_DIR" -name "vaultwarden_*" -mtime +$RETENTION_DAYS -type f)
if [ -n "$DELETED" ]; then
echo "$DELETED"
find "$BACKUP_DIR" -name "vaultwarden_*" -mtime +$RETENTION_DAYS -type f -delete
echo "✓ Old backups cleaned up"
else
echo "No old backups to clean up"
fi
echo ""
echo "=== Vaultwarden Backup Completed: $(date) ==="
Reference in New Issue View Git Blame Copy Permalink