Merge pull request #2501 from BlackDex/add-persistent-volume-check-docker

Add a persistent volume check.
3 years ago · 5845ed2c92
18 changed files with 116 additions and 0 deletions
--- a/docker/Dockerfile.j2
+++ b/docker/Dockerfile.j2
@ -238,6 +238,12 @@ VOLUME /data
 EXPOSE 80
 EXPOSE 3012

+# Create a special empty file which we check within the application.
+# If this file exists, then we exit Vaultwarden to prevent data loss when someone forgets to use volumes.
+# If you really really want to use volatile storage you can set the env `I_REALLY_WANT_VOLATILE_STORAGE=true`
+# This file should disappear if a volume is mounted on-top of this using a docker volume.
+RUN touch /data/vaultwarden_docker_persistent_volume_check
+
 # Copies the files from the context (Rocket.toml file and web-vault)
 # and the binary from the "build" stage to the current stage
 WORKDIR /
--- a/docker/amd64/Dockerfile
+++ b/docker/amd64/Dockerfile
@ -112,6 +112,12 @@ VOLUME /data
 EXPOSE 80
 EXPOSE 3012

+# Create a special empty file which we check within the application.
+# If this file exists, then we exit Vaultwarden to prevent data loss when someone forgets to use volumes.
+# If you really really want to use volatile storage you can set the env `I_REALLY_WANT_VOLATILE_STORAGE=true`
+# This file should disappear if a volume is mounted on-top of this using a docker volume.
+RUN touch /data/vaultwarden_docker_persistent_volume_check
+
 # Copies the files from the context (Rocket.toml file and web-vault)
 # and the binary from the "build" stage to the current stage
 WORKDIR /
--- a/docker/amd64/Dockerfile.alpine
+++ b/docker/amd64/Dockerfile.alpine
@ -104,6 +104,12 @@ VOLUME /data
 EXPOSE 80
 EXPOSE 3012

+# Create a special empty file which we check within the application.
+# If this file exists, then we exit Vaultwarden to prevent data loss when someone forgets to use volumes.
+# If you really really want to use volatile storage you can set the env `I_REALLY_WANT_VOLATILE_STORAGE=true`
+# This file should disappear if a volume is mounted on-top of this using a docker volume.
+RUN touch /data/vaultwarden_docker_persistent_volume_check
+
 # Copies the files from the context (Rocket.toml file and web-vault)
 # and the binary from the "build" stage to the current stage
 WORKDIR /
--- a/docker/amd64/Dockerfile.buildx
+++ b/docker/amd64/Dockerfile.buildx
@ -112,6 +112,12 @@ VOLUME /data
 EXPOSE 80
 EXPOSE 3012

+# Create a special empty file which we check within the application.
+# If this file exists, then we exit Vaultwarden to prevent data loss when someone forgets to use volumes.
+# If you really really want to use volatile storage you can set the env `I_REALLY_WANT_VOLATILE_STORAGE=true`
+# This file should disappear if a volume is mounted on-top of this using a docker volume.
+RUN touch /data/vaultwarden_docker_persistent_volume_check
+
 # Copies the files from the context (Rocket.toml file and web-vault)
 # and the binary from the "build" stage to the current stage
 WORKDIR /
--- a/docker/amd64/Dockerfile.buildx.alpine
+++ b/docker/amd64/Dockerfile.buildx.alpine
@ -104,6 +104,12 @@ VOLUME /data
 EXPOSE 80
 EXPOSE 3012

+# Create a special empty file which we check within the application.
+# If this file exists, then we exit Vaultwarden to prevent data loss when someone forgets to use volumes.
+# If you really really want to use volatile storage you can set the env `I_REALLY_WANT_VOLATILE_STORAGE=true`
+# This file should disappear if a volume is mounted on-top of this using a docker volume.
+RUN touch /data/vaultwarden_docker_persistent_volume_check
+
 # Copies the files from the context (Rocket.toml file and web-vault)
 # and the binary from the "build" stage to the current stage
 WORKDIR /
--- a/docker/arm64/Dockerfile
+++ b/docker/arm64/Dockerfile
@ -136,6 +136,12 @@ VOLUME /data
 EXPOSE 80
 EXPOSE 3012

+# Create a special empty file which we check within the application.
+# If this file exists, then we exit Vaultwarden to prevent data loss when someone forgets to use volumes.
+# If you really really want to use volatile storage you can set the env `I_REALLY_WANT_VOLATILE_STORAGE=true`
+# This file should disappear if a volume is mounted on-top of this using a docker volume.
+RUN touch /data/vaultwarden_docker_persistent_volume_check
+
 # Copies the files from the context (Rocket.toml file and web-vault)
 # and the binary from the "build" stage to the current stage
 WORKDIR /
--- a/docker/arm64/Dockerfile.alpine
+++ b/docker/arm64/Dockerfile.alpine
@ -108,6 +108,12 @@ VOLUME /data
 EXPOSE 80
 EXPOSE 3012

+# Create a special empty file which we check within the application.
+# If this file exists, then we exit Vaultwarden to prevent data loss when someone forgets to use volumes.
+# If you really really want to use volatile storage you can set the env `I_REALLY_WANT_VOLATILE_STORAGE=true`
+# This file should disappear if a volume is mounted on-top of this using a docker volume.
+RUN touch /data/vaultwarden_docker_persistent_volume_check
+
 # Copies the files from the context (Rocket.toml file and web-vault)
 # and the binary from the "build" stage to the current stage
 WORKDIR /
--- a/docker/arm64/Dockerfile.buildx
+++ b/docker/arm64/Dockerfile.buildx
@ -136,6 +136,12 @@ VOLUME /data
 EXPOSE 80
 EXPOSE 3012

+# Create a special empty file which we check within the application.
+# If this file exists, then we exit Vaultwarden to prevent data loss when someone forgets to use volumes.
+# If you really really want to use volatile storage you can set the env `I_REALLY_WANT_VOLATILE_STORAGE=true`
+# This file should disappear if a volume is mounted on-top of this using a docker volume.
+RUN touch /data/vaultwarden_docker_persistent_volume_check
+
 # Copies the files from the context (Rocket.toml file and web-vault)
 # and the binary from the "build" stage to the current stage
 WORKDIR /
--- a/docker/arm64/Dockerfile.buildx.alpine
+++ b/docker/arm64/Dockerfile.buildx.alpine
@ -108,6 +108,12 @@ VOLUME /data
 EXPOSE 80
 EXPOSE 3012

+# Create a special empty file which we check within the application.
+# If this file exists, then we exit Vaultwarden to prevent data loss when someone forgets to use volumes.
+# If you really really want to use volatile storage you can set the env `I_REALLY_WANT_VOLATILE_STORAGE=true`
+# This file should disappear if a volume is mounted on-top of this using a docker volume.
+RUN touch /data/vaultwarden_docker_persistent_volume_check
+
 # Copies the files from the context (Rocket.toml file and web-vault)
 # and the binary from the "build" stage to the current stage
 WORKDIR /
--- a/docker/armv6/Dockerfile
+++ b/docker/armv6/Dockerfile
@ -141,6 +141,12 @@ VOLUME /data
 EXPOSE 80
 EXPOSE 3012

+# Create a special empty file which we check within the application.
+# If this file exists, then we exit Vaultwarden to prevent data loss when someone forgets to use volumes.
+# If you really really want to use volatile storage you can set the env `I_REALLY_WANT_VOLATILE_STORAGE=true`
+# This file should disappear if a volume is mounted on-top of this using a docker volume.
+RUN touch /data/vaultwarden_docker_persistent_volume_check
+
 # Copies the files from the context (Rocket.toml file and web-vault)
 # and the binary from the "build" stage to the current stage
 WORKDIR /
--- a/docker/armv6/Dockerfile.alpine
+++ b/docker/armv6/Dockerfile.alpine
@ -110,6 +110,12 @@ VOLUME /data
 EXPOSE 80
 EXPOSE 3012

+# Create a special empty file which we check within the application.
+# If this file exists, then we exit Vaultwarden to prevent data loss when someone forgets to use volumes.
+# If you really really want to use volatile storage you can set the env `I_REALLY_WANT_VOLATILE_STORAGE=true`
+# This file should disappear if a volume is mounted on-top of this using a docker volume.
+RUN touch /data/vaultwarden_docker_persistent_volume_check
+
 # Copies the files from the context (Rocket.toml file and web-vault)
 # and the binary from the "build" stage to the current stage
 WORKDIR /
--- a/docker/armv6/Dockerfile.buildx
+++ b/docker/armv6/Dockerfile.buildx
@ -141,6 +141,12 @@ VOLUME /data
 EXPOSE 80
 EXPOSE 3012

+# Create a special empty file which we check within the application.
+# If this file exists, then we exit Vaultwarden to prevent data loss when someone forgets to use volumes.
+# If you really really want to use volatile storage you can set the env `I_REALLY_WANT_VOLATILE_STORAGE=true`
+# This file should disappear if a volume is mounted on-top of this using a docker volume.
+RUN touch /data/vaultwarden_docker_persistent_volume_check
+
 # Copies the files from the context (Rocket.toml file and web-vault)
 # and the binary from the "build" stage to the current stage
 WORKDIR /
--- a/docker/armv6/Dockerfile.buildx.alpine
+++ b/docker/armv6/Dockerfile.buildx.alpine
@ -110,6 +110,12 @@ VOLUME /data
 EXPOSE 80
 EXPOSE 3012

+# Create a special empty file which we check within the application.
+# If this file exists, then we exit Vaultwarden to prevent data loss when someone forgets to use volumes.
+# If you really really want to use volatile storage you can set the env `I_REALLY_WANT_VOLATILE_STORAGE=true`
+# This file should disappear if a volume is mounted on-top of this using a docker volume.
+RUN touch /data/vaultwarden_docker_persistent_volume_check
+
 # Copies the files from the context (Rocket.toml file and web-vault)
 # and the binary from the "build" stage to the current stage
 WORKDIR /
--- a/docker/armv7/Dockerfile
+++ b/docker/armv7/Dockerfile
@ -136,6 +136,12 @@ VOLUME /data
 EXPOSE 80
 EXPOSE 3012

+# Create a special empty file which we check within the application.
+# If this file exists, then we exit Vaultwarden to prevent data loss when someone forgets to use volumes.
+# If you really really want to use volatile storage you can set the env `I_REALLY_WANT_VOLATILE_STORAGE=true`
+# This file should disappear if a volume is mounted on-top of this using a docker volume.
+RUN touch /data/vaultwarden_docker_persistent_volume_check
+
 # Copies the files from the context (Rocket.toml file and web-vault)
 # and the binary from the "build" stage to the current stage
 WORKDIR /
--- a/docker/armv7/Dockerfile.alpine
+++ b/docker/armv7/Dockerfile.alpine
@ -108,6 +108,12 @@ VOLUME /data
 EXPOSE 80
 EXPOSE 3012

+# Create a special empty file which we check within the application.
+# If this file exists, then we exit Vaultwarden to prevent data loss when someone forgets to use volumes.
+# If you really really want to use volatile storage you can set the env `I_REALLY_WANT_VOLATILE_STORAGE=true`
+# This file should disappear if a volume is mounted on-top of this using a docker volume.
+RUN touch /data/vaultwarden_docker_persistent_volume_check
+
 # Copies the files from the context (Rocket.toml file and web-vault)
 # and the binary from the "build" stage to the current stage
 WORKDIR /
--- a/docker/armv7/Dockerfile.buildx
+++ b/docker/armv7/Dockerfile.buildx
@ -136,6 +136,12 @@ VOLUME /data
 EXPOSE 80
 EXPOSE 3012

+# Create a special empty file which we check within the application.
+# If this file exists, then we exit Vaultwarden to prevent data loss when someone forgets to use volumes.
+# If you really really want to use volatile storage you can set the env `I_REALLY_WANT_VOLATILE_STORAGE=true`
+# This file should disappear if a volume is mounted on-top of this using a docker volume.
+RUN touch /data/vaultwarden_docker_persistent_volume_check
+
 # Copies the files from the context (Rocket.toml file and web-vault)
 # and the binary from the "build" stage to the current stage
 WORKDIR /
--- a/docker/armv7/Dockerfile.buildx.alpine
+++ b/docker/armv7/Dockerfile.buildx.alpine
@ -108,6 +108,12 @@ VOLUME /data
 EXPOSE 80
 EXPOSE 3012

+# Create a special empty file which we check within the application.
+# If this file exists, then we exit Vaultwarden to prevent data loss when someone forgets to use volumes.
+# If you really really want to use volatile storage you can set the env `I_REALLY_WANT_VOLATILE_STORAGE=true`
+# This file should disappear if a volume is mounted on-top of this using a docker volume.
+RUN touch /data/vaultwarden_docker_persistent_volume_check
+
 # Copies the files from the context (Rocket.toml file and web-vault)
 # and the binary from the "build" stage to the current stage
 WORKDIR /
--- a/src/main.rs
+++ b/src/main.rs
@ -276,6 +276,20 @@ fn check_data_folder() {
        }
        exit(1);
    }
+
+    let persistent_volume_check_file = format!("{data_folder}/vaultwarden_docker_persistent_volume_check");
+    let check_file = Path::new(&persistent_volume_check_file);
+    if check_file.exists() && std::env::var("I_REALLY_WANT_VOLATILE_STORAGE").is_err() {
+        error!(
+            "No persistent volume!\n\
+            ########################################################################################\n\
+            # It looks like you did not configure a persistent volume!                             #\n\
+            # This will result in permanent data loss when the container is removed or updated!    #\n\
+            # If you really want to use volatile storage set `I_REALLY_WANT_VOLATILE_STORAGE=true` #\n\
+            ########################################################################################\n"
+        );
+        exit(1);
+    }
 }

 fn check_rsa_keys() -> Result<(), crate::error::Error> {