Merge pull request #649 from PAWECOGmbH/staging

Staging to Production

Author: ptruessel

config/backup/backup.sh

@@ -1,48 +1,91 @@
 #!/bin/bash
 
-# Enable automatic export of variables
 set -a
 
-# Load the .env file from the project root
+# --------------------------------------
+# CONFIGURATION
+# --------------------------------------
+
+LOGFILE="/var/log/backup-cron.log"
+echo "[BACKUP START] $(date)" | tee -a $LOGFILE
+
+# Load environment variables from .env
 source "$(dirname "$0")/../../.env"
 
-# Dynamically generate volume names based on the project
+# Setup volume names and timestamp
 DB_VOLUME="${COMPOSE_PROJECT_NAME}_db_volume"
 USERDATA_VOLUME="${COMPOSE_PROJECT_NAME}_userdata_volume"
-
-# Date format for versioning (e.g., 20241022_2300)
 TIMESTAMP=$(date +"%Y%m%d_%H%M")
 
-# Check if the /backup folder exists and create it if necessary
-if [ ! -d "/backup" ]; then
-    mkdir -p /backup
-fi
+# Ensure local backup directory exists
+mkdir -p /backup
 
 # Create remote directories if they don't exist
-ssh -i ${SSH_KEY_PATH} ${SERVER_USER}@${SERVER_IP} "mkdir -p ${REMOTE_BACKUP_PATH}/db ${REMOTE_BACKUP_PATH}/userdata ${REMOTE_BACKUP_PATH}/lucee"
+ssh -i ${SSH_KEY_PATH} ${SERVER_USER}@${SERVER_IP} \
+  "mkdir -p ${REMOTE_BACKUP_PATH}/{db,userdata,lucee}" >> $LOGFILE 2>&1
+
+# --------------------------------------
+# DATABASE BACKUP
+# --------------------------------------
+
+echo "[DB] Creating archive..." | tee -a $LOGFILE
+docker run --rm -v ${DB_VOLUME}:/volume -v /backup:/backup alpine sh -c \
+  "tar -czf /backup/database_${TIMESTAMP}.tar.gz -C /volume ." >> $LOGFILE 2>&1
+
+echo "[DB] Uploading to remote..." >> $LOGFILE
+scp -i ${SSH_KEY_PATH} /backup/database_${TIMESTAMP}.tar.gz \
+  ${SERVER_USER}@${SERVER_IP}:${REMOTE_BACKUP_PATH}/db/ >> $LOGFILE 2>&1
+
+# Verify and delete local backup if transfer succeeded
+ssh -i ${SSH_KEY_PATH} ${SERVER_USER}@${SERVER_IP} \
+  "[ -f ${REMOTE_BACKUP_PATH}/db/database_${TIMESTAMP}.tar.gz ]" \
+  && { echo "[DB] Remote verified, deleting local file" | tee -a $LOGFILE; rm /backup/database_${TIMESTAMP}.tar.gz; } \
+  || echo "[DB] Remote file missing – NOT deleted" | tee -a $LOGFILE
+
+# --------------------------------------
+# USERDATA BACKUP
+# --------------------------------------
+
+echo "[USERDATA] Creating archive..." | tee -a $LOGFILE
+docker run --rm -v ${USERDATA_VOLUME}:/volume -v /backup:/backup alpine sh -c \
+  "tar -czf /backup/userdata_${TIMESTAMP}.tar.gz -C /volume ." >> $LOGFILE 2>&1
+
+echo "[USERDATA] Uploading to remote..." | tee -a $LOGFILE
+scp -i ${SSH_KEY_PATH} /backup/userdata_${TIMESTAMP}.tar.gz \
+  ${SERVER_USER}@${SERVER_IP}:${REMOTE_BACKUP_PATH}/userdata/ >> $LOGFILE 2>&1
+
+ssh -i ${SSH_KEY_PATH} ${SERVER_USER}@${SERVER_IP} \
+  "[ -f ${REMOTE_BACKUP_PATH}/userdata/userdata_${TIMESTAMP}.tar.gz ]" \
+  && { echo "[USERDATA] Remote verified, deleting local file" | tee -a $LOGFILE; rm /backup/userdata_${TIMESTAMP}.tar.gz; } \
+  || echo "[USERDATA] Remote file missing – NOT deleted" | tee -a $LOGFILE
 
-# Backup database volume and store in the remote db directory
-docker run --rm -v ${DB_VOLUME}:/volume -v /backup:/backup alpine sh -c "tar -czf /backup/database_${TIMESTAMP}.tar.gz -C /volume ."
-scp -i ${SSH_KEY_PATH} /backup/database_${TIMESTAMP}.tar.gz ${SERVER_USER}@${SERVER_IP}:${REMOTE_BACKUP_PATH}/db/
+# --------------------------------------
+# LUCEE IMAGE BACKUP
+# --------------------------------------
 
-# Backup userdata volume and store in the remote userdata directory
-docker run --rm -v ${USERDATA_VOLUME}:/volume -v /backup:/backup alpine sh -c "tar -czf /backup/userdata_${TIMESTAMP}.tar.gz -C /volume ."
-scp -i ${SSH_KEY_PATH} /backup/userdata_${TIMESTAMP}.tar.gz ${SERVER_USER}@${SERVER_IP}:${REMOTE_BACKUP_PATH}/userdata/
+echo "[LUCEE] Saving Docker image..." | tee -a $LOGFILE
+docker save -o /backup/image_${LUCEE_IMAGE}_${LUCEE_IMAGE_VERSION}_${TIMESTAMP}.tar \
+  ${LUCEE_IMAGE}:${LUCEE_IMAGE_VERSION} >> $LOGFILE 2>&1
 
-# Backup Lucee image and store in the remote lucee directory
-docker save -o /backup/image_${LUCEE_IMAGE}_${LUCEE_IMAGE_VERSION}_${TIMESTAMP}.tar ${LUCEE_IMAGE}:${LUCEE_IMAGE_VERSION}
-scp -i ${SSH_KEY_PATH} /backup/image_${LUCEE_IMAGE}_${LUCEE_IMAGE_VERSION}_${TIMESTAMP}.tar ${SERVER_USER}@${SERVER_IP}:${REMOTE_BACKUP_PATH}/lucee/
+echo "[LUCEE] Uploading to remote..." | tee -a $LOGFILE
+scp -i ${SSH_KEY_PATH} /backup/image_${LUCEE_IMAGE}_${LUCEE_IMAGE_VERSION}_${TIMESTAMP}.tar \
+  ${SERVER_USER}@${SERVER_IP}:${REMOTE_BACKUP_PATH}/lucee/ >> $LOGFILE 2>&1
 
-# Rotate backups: Keep only the latest 30 backups per type
+ssh -i ${SSH_KEY_PATH} ${SERVER_USER}@${SERVER_IP} \
+  "[ -f ${REMOTE_BACKUP_PATH}/lucee/image_${LUCEE_IMAGE}_${LUCEE_IMAGE_VERSION}_${TIMESTAMP}.tar ]" \
+  && { echo "[LUCEE] Remote verified, deleting local file" | tee -a $LOGFILE; rm /backup/image_${LUCEE_IMAGE}_${LUCEE_IMAGE_VERSION}_${TIMESTAMP}.tar; } \
+  || echo "[LUCEE] Remote file missing – NOT deleted" | tee -a $LOGFILE
 
-# For database backups
-ssh -i ${SSH_KEY_PATH} ${SERVER_USER}@${SERVER_IP} "cd ${REMOTE_BACKUP_PATH}/db && ls -tp | grep -v '/$' | tail -n +31 | xargs -I {} rm -- {}"
+# --------------------------------------
+# REMOTE ROTATION
+# --------------------------------------
 
-# For userdata backups
-ssh -i ${SSH_KEY_PATH} ${SERVER_USER}@${SERVER_IP} "cd ${REMOTE_BACKUP_PATH}/userdata && ls -tp | grep -v '/$' | tail -n +31 | xargs -I {} rm -- {}"
+echo "[ROTATE] Cleaning up old remote backups..." | tee -a $LOGFILE
+for folder in db userdata lucee; do
+  ssh -i ${SSH_KEY_PATH} ${SERVER_USER}@${SERVER_IP} \
+    "cd ${REMOTE_BACKUP_PATH}/$folder && ls -tp | grep -v '/$' | tail -n +31 | xargs -I {} rm -- {}" >> $LOGFILE 2>&1
+done
 
-# For Lucee image backups
-ssh -i ${SSH_KEY_PATH} ${SERVER_USER}@${SERVER_IP} "cd ${REMOTE_BACKUP_PATH}/lucee && ls -tp | grep -v '/$' | tail -n +31 | xargs -I {} rm -- {}"
+echo "[BACKUP DONE] $(date)" | tee -a $LOGFILE
 
-# Disable automatic export of variables
 set +a

config/backup/readme.md

@@ -36,6 +36,7 @@ This will:
 -   Backup the **user data volume**.
 -   Backup the **Lucee image**.
 -   Securely transfer all backups to the remote backup server.
+-   Backups are only deleted locally if the remote transfer was successful.
 
 Each backup will be **timestamped** in the format `YYYYMMDD_HHMM`, ensuring you can differentiate between multiple backup versions.
 
@@ -60,15 +61,22 @@ To perform a restore, you need to specify which backup you want to restore by us
 - To list all available backups on the remote server:
  `bash restore.sh --list`
 
+ - After each restore, the downloaded backup file is automatically deleted from the `/restore/` folder to keep the system clean.
+
 
 ## **Automating Backups**
 
 To automate the backup process, you can set up a **cron job** to run the backup script at regular intervals (e.g., daily). For example, to run the backup every night at midnight, add the following entry to your crontab:
 `0 0 * * * /path/to/your/project/config/backup/backup.sh`
+Backup logs are written to /var/log/backup-cron.log
+You can review this log to verify execution and spot issues.
 
 
 ## **Notes**
 
 -   These backups are intended for the **production** and **staging** environments. Ensure that the environment variables in the `.env` file are correctly configured before running any backups or restores.
 -   The backup script automatically **rotates** backups, keeping only the **latest 30 backups** per backup type (database, user data, Lucee image) by removing older backups on the remote server.
 -   Always ensure that your **SSH keys** and **server information** are secure, as they are used for transferring backups between the production or staging environment and the remote server.
+-   Locally created backup files are deleted only if the remote copy exists to prevent data loss.
+-   Backups on the remote server are rotated automatically: only the latest 30 backups per type are kept.
+-   The restore script stops immediately if any step fails, ensuring that incomplete restores do not go unnoticed.

config/backup/restore.sh

@@ -1,93 +1,141 @@
 #!/bin/bash
 
+# Exit immediately if a command exits with a non-zero status
+set -e
+
+# Print error line if something goes wrong
+trap 'echo "ERROR: Restore failed at line $LINENO"; exit 1' ERR
+
 # Enable automatic export of variables
 set -a
 
-# Load the .env file from the project root
+# Load environment variables from the project root
 source "$(dirname "$0")/../../.env"
 
-# Dynamically generate volume names based on the project
+# Generate volume names
 DB_VOLUME="${COMPOSE_PROJECT_NAME}_db_volume"
 USERDATA_VOLUME="${COMPOSE_PROJECT_NAME}_userdata_volume"
 
-# Check if the /restore folder exists and create it if necessary
-if [ ! -d "/restore" ]; then
-    mkdir -p /restore
-fi
+# Ensure /restore directory exists
+mkdir -p /restore
 
-# Functions for the various restore processes
+# -------------------------
+# Restore functions
+# -------------------------
 
 restore_db() {
+    local BACKUP_NAME
     if [ -z "$1" ]; then
-        echo "Restoring the latest database backup..."
-        # Get the latest database backup
-        LATEST_DB_BACKUP=$(ssh -i ${SSH_KEY_PATH} ${SERVER_USER}@${SERVER_IP} "ls -t ${REMOTE_BACKUP_PATH}/db | head -n 1")
+        echo "[DB] Restoring latest backup..."
+        BACKUP_NAME=$(ssh -i ${SSH_KEY_PATH} ${SERVER_USER}@${SERVER_IP} "ls -t ${REMOTE_BACKUP_PATH}/db | head -n 1")
     else
-        echo "Restoring database backup from $1..."
-        LATEST_DB_BACKUP="database_$1.tar.gz"
+        echo "[DB] Restoring backup from timestamp: $1"
+        BACKUP_NAME="database_$1.tar.gz"
     fi
-    scp -i ${SSH_KEY_PATH} ${SERVER_USER}@${SERVER_IP}:${REMOTE_BACKUP_PATH}/db/${LATEST_DB_BACKUP} /restore/database.tar.gz
+
+    scp -i ${SSH_KEY_PATH} ${SERVER_USER}@${SERVER_IP}:${REMOTE_BACKUP_PATH}/db/${BACKUP_NAME} /restore/database.tar.gz
     docker run --rm -v ${DB_VOLUME}:/volume -v /restore:/restore alpine sh -c "tar -xzf /restore/database.tar.gz -C /volume"
+    rm /restore/database.tar.gz
     docker restart ${MYSQL_CONTAINER_NAME}
+    echo "[DB] Restore complete"
 }
 
 restore_userdata() {
+    local BACKUP_NAME
     if [ -z "$1" ]; then
-        echo "Restoring the latest userdata backup..."
-        # Get the latest userdata backup
-        LATEST_USERDATA_BACKUP=$(ssh -i ${SSH_KEY_PATH} ${SERVER_USER}@${SERVER_IP} "ls -t ${REMOTE_BACKUP_PATH}/userdata | head -n 1")
+        echo "[USERDATA] Restoring latest backup..."
+        BACKUP_NAME=$(ssh -i ${SSH_KEY_PATH} ${SERVER_USER}@${SERVER_IP} "ls -t ${REMOTE_BACKUP_PATH}/userdata | head -n 1")
     else
-        echo "Restoring userdata backup from $1..."
-        LATEST_USERDATA_BACKUP="userdata_$1.tar.gz"
+        echo "[USERDATA] Restoring backup from timestamp: $1"
+        BACKUP_NAME="userdata_$1.tar.gz"
     fi
-    scp -i ${SSH_KEY_PATH} ${SERVER_USER}@${SERVER_IP}:${REMOTE_BACKUP_PATH}/userdata/${LATEST_USERDATA_BACKUP} /restore/userdata.tar.gz
+
+    scp -i ${SSH_KEY_PATH} ${SERVER_USER}@${SERVER_IP}:${REMOTE_BACKUP_PATH}/userdata/${BACKUP_NAME} /restore/userdata.tar.gz
     docker run --rm -v ${USERDATA_VOLUME}:/volume -v /restore:/restore alpine sh -c "tar -xzf /restore/userdata.tar.gz -C /volume"
+    rm /restore/userdata.tar.gz
     docker restart ${LUCEE_CONTAINER_NAME}
+    echo "[USERDATA] Restore complete"
 }
 
 restore_lucee_image() {
+    local BACKUP_NAME
     if [ -z "$1" ]; then
-        echo "Restoring the latest Lucee image backup..."
-        # Get the latest Lucee image backup
-        LATEST_LUCEE_BACKUP=$(ssh -i ${SSH_KEY_PATH} ${SERVER_USER}@${SERVER_IP} "ls -t ${REMOTE_BACKUP_PATH}/lucee | head -n 1")
+        echo "[LUCEE] Restoring latest image..."
+        BACKUP_NAME=$(ssh -i ${SSH_KEY_PATH} ${SERVER_USER}@${SERVER_IP} "ls -t ${REMOTE_BACKUP_PATH}/lucee | head -n 1")
     else
-        echo "Restoring Lucee image backup from $1..."
-        LATEST_LUCEE_BACKUP="image_${LUCEE_IMAGE}_${LUCEE_IMAGE_VERSION}_$1.tar"
+        echo "[LUCEE] Restoring image from timestamp: $1"
+        BACKUP_NAME="image_${LUCEE_IMAGE}_${LUCEE_IMAGE_VERSION}_$1.tar"
     fi
-    scp -i ${SSH_KEY_PATH} ${SERVER_USER}@${SERVER_IP}:${REMOTE_BACKUP_PATH}/lucee/${LATEST_LUCEE_BACKUP} /restore/image_${LUCEE_IMAGE}_${LUCEE_IMAGE_VERSION}.tar
-    docker load -i /restore/image_${LUCEE_IMAGE}_${LUCEE_IMAGE_VERSION}.tar
+
+    scp -i ${SSH_KEY_PATH} ${SERVER_USER}@${SERVER_IP}:${REMOTE_BACKUP_PATH}/lucee/${BACKUP_NAME} /restore/image.tar
+    docker load -i /restore/image.tar
+    rm /restore/image.tar
+    echo "[LUCEE] Image restore complete"
 }
 
 list_backups() {
     echo "Available backups on remote server:"
-    echo "Database backups:"
+    echo "-----------------------------------"
+    echo "Database:"
     ssh -i ${SSH_KEY_PATH} ${SERVER_USER}@${SERVER_IP} "ls ${REMOTE_BACKUP_PATH}/db"
     echo ""
-    echo "Userdata backups:"
+    echo "Userdata:"
     ssh -i ${SSH_KEY_PATH} ${SERVER_USER}@${SERVER_IP} "ls ${REMOTE_BACKUP_PATH}/userdata"
     echo ""
-    echo "Lucee image backups:"
+    echo "Lucee images:"
     ssh -i ${SSH_KEY_PATH} ${SERVER_USER}@${SERVER_IP} "ls ${REMOTE_BACKUP_PATH}/lucee"
     echo ""
 }
 
-# Show help if no options have been specified
+# -------------------------
+# CLI Argument handling
+# -------------------------
+
 if [ $# -eq 0 ]; then
-    echo "Usage: $0 [--db [TIMESTAMP]] [--userdata [TIMESTAMP]] [--lucee-image [TIMESTAMP]] [--list]"
+    echo "Usage:"
+    echo "  $0 --db [TIMESTAMP]             Restore database (latest if none given)"
+    echo "  $0 --userdata [TIMESTAMP]       Restore userdata volume"
+    echo "  $0 --lucee-image [TIMESTAMP]    Restore Lucee image"
+    echo "  $0 --list                       List available backups"
     exit 1
 fi
 
-# Process the specified options
 while [[ "$#" -gt 0 ]]; do
     case $1 in
-        --db) restore_db "$2"; shift ;;
-        --userdata) restore_userdata "$2"; shift ;;
-        --lucee-image) restore_lucee_image "$2"; shift ;;
-        --list) list_backups; exit 0 ;;
-        *) echo "Unknown option: $1"; exit 1 ;;
+        --db)
+            if [[ -n "$2" && "$2" != --* ]]; then
+                restore_db "$2"
+                shift
+            else
+                restore_db
+            fi
+            ;;
+        --userdata)
+            if [[ -n "$2" && "$2" != --* ]]; then
+                restore_userdata "$2"
+                shift
+            else
+                restore_userdata
+            fi
+            ;;
+        --lucee-image)
+            if [[ -n "$2" && "$2" != --* ]]; then
+                restore_lucee_image "$2"
+                shift
+            else
+                restore_lucee_image
+            fi
+            ;;
+        --list)
+            list_backups
+            exit 0
+            ;;
+        *)
+            echo "ERROR: Unknown option: $1"
+            exit 1
+            ;;
     esac
     shift
 done
 
-# Disable automatic export of variables
 set +a

readme.md

@@ -44,7 +44,7 @@ Update the ```.env``` file with your configuration. You can also adopt the sugge
 
 <b>5. Copy the NGINX base settings</b><br>
 ```
-mv config/example.base.conf config/nginx/base.conf
+mv config/example.base.conf config/nginx/conf.d/base.conf
 ```
 
 <b>6. Set up the application configuration</b><br>

www/frontend/core/scheduletasks/tasks.cfm

@@ -122,11 +122,8 @@ if (url.pass eq variables.schedulePassword) {
                                 // Stop schedulecontrol
                                 application.objSysadmin.stopScheduleControl(url.task);
 
-                                // Deactivate the schedule task
-                                application.objSysadmin.deactivateTask(qGetTasks.intScheduletaskID);
-
                                 // Make log
-                                objLogs.logWrite("scheduletask", "error", "Something went wrong in schedule task, the task has been deactivated [File: #qGetTasks.strPath#, Error: #e.message#]", false);
+                                objLogs.logWrite("scheduletask", "error", "Something went wrong in schedule task [File: #qGetTasks.strPath#, Error: #e.message#]", false);
 
                                 // Send email to the developer with the error dump
                                 cfmail(subject="Error in included scheduletask file", to="#application.errorMail#", from="#application.fromEmail#" type="html" ) {