mirror of
				https://github.com/dani-garcia/vaultwarden.git
				synced 2025-10-25 02:41:13 +00:00 
			
		
		
		
	Add a persistent volume check.
This will add a persistent volume check to make sure when running containers someone is using a volume for persistent storage. This check can be bypassed if someone configures `I_REALLY_WANT_VOLATILE_STORAGE=true` as an environment variable. This should prevent issues like #2493 .
This commit is contained in:
		
					parent
					
						
							
								bf0b8d9968
							
						
					
				
			
			
				commit
				
					
						40ed505581
					
				
			
		
					 18 changed files with 116 additions and 0 deletions
				
			
		|  | @ -238,6 +238,12 @@ VOLUME /data | |||
| EXPOSE 80 | ||||
| EXPOSE 3012 | ||||
| 
 | ||||
| # Create a special empty file which we check within the application. | ||||
| # If this file exists, then we exit Vaultwarden to prevent data loss when someone forgets to use volumes. | ||||
| # If you really really want to use volatile storage you can set the env `I_REALLY_WANT_VOLATILE_STORAGE=true` | ||||
| # This file should disappear if a volume is mounted on-top of this using a docker volume. | ||||
| RUN touch /data/vaultwarden_docker_persistent_volume_check | ||||
| 
 | ||||
| # Copies the files from the context (Rocket.toml file and web-vault) | ||||
| # and the binary from the "build" stage to the current stage | ||||
| WORKDIR / | ||||
|  |  | |||
|  | @ -112,6 +112,12 @@ VOLUME /data | |||
| EXPOSE 80 | ||||
| EXPOSE 3012 | ||||
| 
 | ||||
| # Create a special empty file which we check within the application. | ||||
| # If this file exists, then we exit Vaultwarden to prevent data loss when someone forgets to use volumes. | ||||
| # If you really really want to use volatile storage you can set the env `I_REALLY_WANT_VOLATILE_STORAGE=true` | ||||
| # This file should disappear if a volume is mounted on-top of this using a docker volume. | ||||
| RUN touch /data/vaultwarden_docker_persistent_volume_check | ||||
| 
 | ||||
| # Copies the files from the context (Rocket.toml file and web-vault) | ||||
| # and the binary from the "build" stage to the current stage | ||||
| WORKDIR / | ||||
|  |  | |||
|  | @ -104,6 +104,12 @@ VOLUME /data | |||
| EXPOSE 80 | ||||
| EXPOSE 3012 | ||||
| 
 | ||||
| # Create a special empty file which we check within the application. | ||||
| # If this file exists, then we exit Vaultwarden to prevent data loss when someone forgets to use volumes. | ||||
| # If you really really want to use volatile storage you can set the env `I_REALLY_WANT_VOLATILE_STORAGE=true` | ||||
| # This file should disappear if a volume is mounted on-top of this using a docker volume. | ||||
| RUN touch /data/vaultwarden_docker_persistent_volume_check | ||||
| 
 | ||||
| # Copies the files from the context (Rocket.toml file and web-vault) | ||||
| # and the binary from the "build" stage to the current stage | ||||
| WORKDIR / | ||||
|  |  | |||
|  | @ -112,6 +112,12 @@ VOLUME /data | |||
| EXPOSE 80 | ||||
| EXPOSE 3012 | ||||
| 
 | ||||
| # Create a special empty file which we check within the application. | ||||
| # If this file exists, then we exit Vaultwarden to prevent data loss when someone forgets to use volumes. | ||||
| # If you really really want to use volatile storage you can set the env `I_REALLY_WANT_VOLATILE_STORAGE=true` | ||||
| # This file should disappear if a volume is mounted on-top of this using a docker volume. | ||||
| RUN touch /data/vaultwarden_docker_persistent_volume_check | ||||
| 
 | ||||
| # Copies the files from the context (Rocket.toml file and web-vault) | ||||
| # and the binary from the "build" stage to the current stage | ||||
| WORKDIR / | ||||
|  |  | |||
|  | @ -104,6 +104,12 @@ VOLUME /data | |||
| EXPOSE 80 | ||||
| EXPOSE 3012 | ||||
| 
 | ||||
| # Create a special empty file which we check within the application. | ||||
| # If this file exists, then we exit Vaultwarden to prevent data loss when someone forgets to use volumes. | ||||
| # If you really really want to use volatile storage you can set the env `I_REALLY_WANT_VOLATILE_STORAGE=true` | ||||
| # This file should disappear if a volume is mounted on-top of this using a docker volume. | ||||
| RUN touch /data/vaultwarden_docker_persistent_volume_check | ||||
| 
 | ||||
| # Copies the files from the context (Rocket.toml file and web-vault) | ||||
| # and the binary from the "build" stage to the current stage | ||||
| WORKDIR / | ||||
|  |  | |||
|  | @ -136,6 +136,12 @@ VOLUME /data | |||
| EXPOSE 80 | ||||
| EXPOSE 3012 | ||||
| 
 | ||||
| # Create a special empty file which we check within the application. | ||||
| # If this file exists, then we exit Vaultwarden to prevent data loss when someone forgets to use volumes. | ||||
| # If you really really want to use volatile storage you can set the env `I_REALLY_WANT_VOLATILE_STORAGE=true` | ||||
| # This file should disappear if a volume is mounted on-top of this using a docker volume. | ||||
| RUN touch /data/vaultwarden_docker_persistent_volume_check | ||||
| 
 | ||||
| # Copies the files from the context (Rocket.toml file and web-vault) | ||||
| # and the binary from the "build" stage to the current stage | ||||
| WORKDIR / | ||||
|  |  | |||
|  | @ -108,6 +108,12 @@ VOLUME /data | |||
| EXPOSE 80 | ||||
| EXPOSE 3012 | ||||
| 
 | ||||
| # Create a special empty file which we check within the application. | ||||
| # If this file exists, then we exit Vaultwarden to prevent data loss when someone forgets to use volumes. | ||||
| # If you really really want to use volatile storage you can set the env `I_REALLY_WANT_VOLATILE_STORAGE=true` | ||||
| # This file should disappear if a volume is mounted on-top of this using a docker volume. | ||||
| RUN touch /data/vaultwarden_docker_persistent_volume_check | ||||
| 
 | ||||
| # Copies the files from the context (Rocket.toml file and web-vault) | ||||
| # and the binary from the "build" stage to the current stage | ||||
| WORKDIR / | ||||
|  |  | |||
|  | @ -136,6 +136,12 @@ VOLUME /data | |||
| EXPOSE 80 | ||||
| EXPOSE 3012 | ||||
| 
 | ||||
| # Create a special empty file which we check within the application. | ||||
| # If this file exists, then we exit Vaultwarden to prevent data loss when someone forgets to use volumes. | ||||
| # If you really really want to use volatile storage you can set the env `I_REALLY_WANT_VOLATILE_STORAGE=true` | ||||
| # This file should disappear if a volume is mounted on-top of this using a docker volume. | ||||
| RUN touch /data/vaultwarden_docker_persistent_volume_check | ||||
| 
 | ||||
| # Copies the files from the context (Rocket.toml file and web-vault) | ||||
| # and the binary from the "build" stage to the current stage | ||||
| WORKDIR / | ||||
|  |  | |||
|  | @ -108,6 +108,12 @@ VOLUME /data | |||
| EXPOSE 80 | ||||
| EXPOSE 3012 | ||||
| 
 | ||||
| # Create a special empty file which we check within the application. | ||||
| # If this file exists, then we exit Vaultwarden to prevent data loss when someone forgets to use volumes. | ||||
| # If you really really want to use volatile storage you can set the env `I_REALLY_WANT_VOLATILE_STORAGE=true` | ||||
| # This file should disappear if a volume is mounted on-top of this using a docker volume. | ||||
| RUN touch /data/vaultwarden_docker_persistent_volume_check | ||||
| 
 | ||||
| # Copies the files from the context (Rocket.toml file and web-vault) | ||||
| # and the binary from the "build" stage to the current stage | ||||
| WORKDIR / | ||||
|  |  | |||
|  | @ -141,6 +141,12 @@ VOLUME /data | |||
| EXPOSE 80 | ||||
| EXPOSE 3012 | ||||
| 
 | ||||
| # Create a special empty file which we check within the application. | ||||
| # If this file exists, then we exit Vaultwarden to prevent data loss when someone forgets to use volumes. | ||||
| # If you really really want to use volatile storage you can set the env `I_REALLY_WANT_VOLATILE_STORAGE=true` | ||||
| # This file should disappear if a volume is mounted on-top of this using a docker volume. | ||||
| RUN touch /data/vaultwarden_docker_persistent_volume_check | ||||
| 
 | ||||
| # Copies the files from the context (Rocket.toml file and web-vault) | ||||
| # and the binary from the "build" stage to the current stage | ||||
| WORKDIR / | ||||
|  |  | |||
|  | @ -110,6 +110,12 @@ VOLUME /data | |||
| EXPOSE 80 | ||||
| EXPOSE 3012 | ||||
| 
 | ||||
| # Create a special empty file which we check within the application. | ||||
| # If this file exists, then we exit Vaultwarden to prevent data loss when someone forgets to use volumes. | ||||
| # If you really really want to use volatile storage you can set the env `I_REALLY_WANT_VOLATILE_STORAGE=true` | ||||
| # This file should disappear if a volume is mounted on-top of this using a docker volume. | ||||
| RUN touch /data/vaultwarden_docker_persistent_volume_check | ||||
| 
 | ||||
| # Copies the files from the context (Rocket.toml file and web-vault) | ||||
| # and the binary from the "build" stage to the current stage | ||||
| WORKDIR / | ||||
|  |  | |||
|  | @ -141,6 +141,12 @@ VOLUME /data | |||
| EXPOSE 80 | ||||
| EXPOSE 3012 | ||||
| 
 | ||||
| # Create a special empty file which we check within the application. | ||||
| # If this file exists, then we exit Vaultwarden to prevent data loss when someone forgets to use volumes. | ||||
| # If you really really want to use volatile storage you can set the env `I_REALLY_WANT_VOLATILE_STORAGE=true` | ||||
| # This file should disappear if a volume is mounted on-top of this using a docker volume. | ||||
| RUN touch /data/vaultwarden_docker_persistent_volume_check | ||||
| 
 | ||||
| # Copies the files from the context (Rocket.toml file and web-vault) | ||||
| # and the binary from the "build" stage to the current stage | ||||
| WORKDIR / | ||||
|  |  | |||
|  | @ -110,6 +110,12 @@ VOLUME /data | |||
| EXPOSE 80 | ||||
| EXPOSE 3012 | ||||
| 
 | ||||
| # Create a special empty file which we check within the application. | ||||
| # If this file exists, then we exit Vaultwarden to prevent data loss when someone forgets to use volumes. | ||||
| # If you really really want to use volatile storage you can set the env `I_REALLY_WANT_VOLATILE_STORAGE=true` | ||||
| # This file should disappear if a volume is mounted on-top of this using a docker volume. | ||||
| RUN touch /data/vaultwarden_docker_persistent_volume_check | ||||
| 
 | ||||
| # Copies the files from the context (Rocket.toml file and web-vault) | ||||
| # and the binary from the "build" stage to the current stage | ||||
| WORKDIR / | ||||
|  |  | |||
|  | @ -136,6 +136,12 @@ VOLUME /data | |||
| EXPOSE 80 | ||||
| EXPOSE 3012 | ||||
| 
 | ||||
| # Create a special empty file which we check within the application. | ||||
| # If this file exists, then we exit Vaultwarden to prevent data loss when someone forgets to use volumes. | ||||
| # If you really really want to use volatile storage you can set the env `I_REALLY_WANT_VOLATILE_STORAGE=true` | ||||
| # This file should disappear if a volume is mounted on-top of this using a docker volume. | ||||
| RUN touch /data/vaultwarden_docker_persistent_volume_check | ||||
| 
 | ||||
| # Copies the files from the context (Rocket.toml file and web-vault) | ||||
| # and the binary from the "build" stage to the current stage | ||||
| WORKDIR / | ||||
|  |  | |||
|  | @ -108,6 +108,12 @@ VOLUME /data | |||
| EXPOSE 80 | ||||
| EXPOSE 3012 | ||||
| 
 | ||||
| # Create a special empty file which we check within the application. | ||||
| # If this file exists, then we exit Vaultwarden to prevent data loss when someone forgets to use volumes. | ||||
| # If you really really want to use volatile storage you can set the env `I_REALLY_WANT_VOLATILE_STORAGE=true` | ||||
| # This file should disappear if a volume is mounted on-top of this using a docker volume. | ||||
| RUN touch /data/vaultwarden_docker_persistent_volume_check | ||||
| 
 | ||||
| # Copies the files from the context (Rocket.toml file and web-vault) | ||||
| # and the binary from the "build" stage to the current stage | ||||
| WORKDIR / | ||||
|  |  | |||
|  | @ -136,6 +136,12 @@ VOLUME /data | |||
| EXPOSE 80 | ||||
| EXPOSE 3012 | ||||
| 
 | ||||
| # Create a special empty file which we check within the application. | ||||
| # If this file exists, then we exit Vaultwarden to prevent data loss when someone forgets to use volumes. | ||||
| # If you really really want to use volatile storage you can set the env `I_REALLY_WANT_VOLATILE_STORAGE=true` | ||||
| # This file should disappear if a volume is mounted on-top of this using a docker volume. | ||||
| RUN touch /data/vaultwarden_docker_persistent_volume_check | ||||
| 
 | ||||
| # Copies the files from the context (Rocket.toml file and web-vault) | ||||
| # and the binary from the "build" stage to the current stage | ||||
| WORKDIR / | ||||
|  |  | |||
|  | @ -108,6 +108,12 @@ VOLUME /data | |||
| EXPOSE 80 | ||||
| EXPOSE 3012 | ||||
| 
 | ||||
| # Create a special empty file which we check within the application. | ||||
| # If this file exists, then we exit Vaultwarden to prevent data loss when someone forgets to use volumes. | ||||
| # If you really really want to use volatile storage you can set the env `I_REALLY_WANT_VOLATILE_STORAGE=true` | ||||
| # This file should disappear if a volume is mounted on-top of this using a docker volume. | ||||
| RUN touch /data/vaultwarden_docker_persistent_volume_check | ||||
| 
 | ||||
| # Copies the files from the context (Rocket.toml file and web-vault) | ||||
| # and the binary from the "build" stage to the current stage | ||||
| WORKDIR / | ||||
|  |  | |||
							
								
								
									
										14
									
								
								src/main.rs
									
										
									
									
									
								
							
							
						
						
									
										14
									
								
								src/main.rs
									
										
									
									
									
								
							|  | @ -276,6 +276,20 @@ fn check_data_folder() { | |||
|         } | ||||
|         exit(1); | ||||
|     } | ||||
| 
 | ||||
|     let persistent_volume_check_file = format!("{data_folder}/vaultwarden_docker_persistent_volume_check"); | ||||
|     let check_file = Path::new(&persistent_volume_check_file); | ||||
|     if check_file.exists() && std::env::var("I_REALLY_WANT_VOLATILE_STORAGE").is_err() { | ||||
|         error!( | ||||
|             "No persistent volume!\n\ | ||||
|             ########################################################################################\n\ | ||||
|             # It looks like you did not configure a persistent volume!                             #\n\ | ||||
|             # This will result in permanent data loss when the container is removed or updated!    #\n\ | ||||
|             # If you really want to use volatile storage set `I_REALLY_WANT_VOLATILE_STORAGE=true` #\n\ | ||||
|             ########################################################################################\n" | ||||
|         ); | ||||
|         exit(1); | ||||
|     } | ||||
| } | ||||
| 
 | ||||
| fn check_rsa_keys() -> Result<(), crate::error::Error> { | ||||
|  |  | |||
		Loading…
	
	Add table
		Add a link
		
	
		Reference in a new issue