2154ca1ce0
- Added BACKUP.md with comprehensive backup/restore documentation - Created backup-vaultwarden.sh for automated PostgreSQL and data backups - Created restore-vaultwarden.sh for safe backup restoration - Fixed HTTP response validation by configuring Vaultwarden-specific headers - Set X-XSS-Protection: 0 (as required by Vaultwarden) - Set X-Frame-Options: SAMEORIGIN for API calls - Removed conflicting secure-headers@file middleware - Added custom vaultwarden-headers middleware - Updated .gitignore to exclude backups/ directory Backup system: - Backs up to /srv/backups/vaultwarden/ (configurable) - Logs to /var/log/vaultwarden/backup.log - 30-day retention policy - Includes PostgreSQL database, RSA key, config, and .env Note: Backup scripts should be moved to /srv/backups/scripts/ for production use 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
88 lines
2.3 KiB
Bash
Executable File
88 lines
2.3 KiB
Bash
Executable File
#!/bin/bash
|
|
# Vaultwarden Restore Script
|
|
# Restores PostgreSQL database and critical data files from backup
|
|
|
|
set -e
|
|
|
|
# Check if backup timestamp provided
|
|
if [ -z "$1" ]; then
|
|
echo "Usage: $0 YYYYMMDD_HHMMSS"
|
|
echo ""
|
|
echo "Available backups:"
|
|
ls -1 /srv/backups/vaultwarden/vaultwarden_db_*.dump 2>/dev/null | \
|
|
sed 's/.*vaultwarden_db_\(.*\)\.dump/ \1/' | sort -r
|
|
exit 1
|
|
fi
|
|
|
|
TIMESTAMP=$1
|
|
BACKUP_DIR="/srv/backups/vaultwarden"
|
|
PGHOST="postgresql.pkartchner.com"
|
|
PGPORT="5432"
|
|
PGUSER="vaultwarden"
|
|
PGDATABASE="vaultwarden"
|
|
PGPASSWORD="lXleSC6e5mL1ZZs8qwG+NWhNh478ipGptRXsEMZRs28="
|
|
|
|
# Verify backup files exist
|
|
DB_BACKUP="$BACKUP_DIR/vaultwarden_db_$TIMESTAMP.dump"
|
|
DATA_BACKUP="$BACKUP_DIR/vaultwarden_data_$TIMESTAMP.tar.gz"
|
|
|
|
if [ ! -f "$DB_BACKUP" ]; then
|
|
echo "Error: Database backup not found: $DB_BACKUP"
|
|
exit 1
|
|
fi
|
|
|
|
if [ ! -f "$DATA_BACKUP" ]; then
|
|
echo "Error: Data backup not found: $DATA_BACKUP"
|
|
exit 1
|
|
fi
|
|
|
|
echo "=== Vaultwarden Restore Started: $(date) ==="
|
|
echo "WARNING: This will replace your current Vaultwarden data!"
|
|
echo "Database backup: $DB_BACKUP"
|
|
echo "Data backup: $DATA_BACKUP"
|
|
echo ""
|
|
read -p "Are you sure you want to continue? (yes/no): " CONFIRM
|
|
|
|
if [ "$CONFIRM" != "yes" ]; then
|
|
echo "Restore cancelled"
|
|
exit 0
|
|
fi
|
|
|
|
# Stop Vaultwarden container
|
|
echo ""
|
|
echo "Stopping Vaultwarden container..."
|
|
cd /srv/docker-compose/vaultwarden
|
|
docker compose stop vaultwarden
|
|
echo "✓ Container stopped"
|
|
|
|
# Restore database
|
|
echo ""
|
|
echo "Restoring PostgreSQL database..."
|
|
docker run --rm \
|
|
-e PGPASSWORD="$PGPASSWORD" \
|
|
-v "$BACKUP_DIR:/backup" \
|
|
postgres:18-alpine \
|
|
pg_restore -h "$PGHOST" -p "$PGPORT" -U "$PGUSER" -d "$PGDATABASE" \
|
|
--clean --if-exists -v "/backup/vaultwarden_db_$TIMESTAMP.dump" 2>&1 | \
|
|
grep -E "(restoring|processing|creating|finished)" || true
|
|
|
|
echo "✓ Database restored"
|
|
|
|
# Restore data directory
|
|
echo ""
|
|
echo "Restoring data directory..."
|
|
tar -xzf "$DATA_BACKUP" -C /srv/docker-compose/vaultwarden
|
|
echo "✓ Data directory restored"
|
|
|
|
# Start Vaultwarden container
|
|
echo ""
|
|
echo "Starting Vaultwarden container..."
|
|
docker compose start vaultwarden
|
|
sleep 3
|
|
docker compose ps vaultwarden
|
|
echo "✓ Container started"
|
|
|
|
echo ""
|
|
echo "=== Vaultwarden Restore Completed: $(date) ==="
|
|
echo "Please verify your Vaultwarden instance is working correctly."
|