Merge pull request #14 from Aterfax/Update-run_include-to-silence-healthcheck-output

Update run_include to silence healthcheck output.

README.md

@@ -40,6 +40,9 @@ For more in depth instructions, see: [Using-the-DockerHub-provided-image](#Using
 
 ### Using the DockerHub provided image
 
+> [!WARNING]  
+> It is possible, but highly discouraged for you to make unencrypted backups by setting `UNENCRYPTED=1` in your ``.env`` file. This will bypass the automatic key generation process but **this is a bad idea** as the backed-up data will be stored in plaintext. This means that the owner of the PBS backup server you are backing up to will have full access to explore the backed-up content.
+
 * Run the image with the provided docker-compose file after amending it and the ``.env`` file where needed.
   * If allowing the container to conduct an auto setup, don't set a  ``PBS_ENCRYPTION_PASSWORD`` value yet as the container first run will autogenerate one for you.
   * Supply your desired ``master-public.pem``, ``master-private.pem`` and ``encryption-key.json`` files with a matching ``PBS_ENCRYPTION_PASSWORD`` or allow the container to automatically generate these for you on first run.
@@ -97,6 +100,11 @@ See also:
 - https://github.com/Aterfax/pbs-client-docker/issues/8
 - https://forum.proxmox.com/threads/backup-client-encryption-not-working-inside-docker-container.139054/
 
+> [!WARNING]  
+> It is possible, but highly discouraged for you to bypass this issue by taking unencrypted backups. You can do this by setting `UNENCRYPTED=1` in your ``.env`` file and this will bypass the automatic key generation process.
+>
+>**This is a bad idea** as the backed-up data will be stored in plaintext. This means that the owner of the PBS backup server you are backing up to will have full access to explore the backed-up content.
+
 ## Troubleshooting
 
 If you encounter issues, check the [Troubleshooting section](TROUBLESHOOTING.md)  for solutions to common problems.

docker-compose/.env.example

@@ -1,29 +1,34 @@
 # The 4 variables below are required.
-PBS_ENCRYPTION_PASSWORD="123456789abcdefghijklmn"
+PBS_ENCRYPTION_PASSWORD=123456789abcdefghijklmn
-PBS_ENDPOINT="pbs.mydomain.com"
+PBS_ENDPOINT=pbs.mydomain.com
-PBS_DATASTORE="test-datastore"
+PBS_DATASTORE=test-datastore
-CRON_SCHEDULE="0 */4 * * *"
+CRON_SCHEDULE=0 */4 * * *
 # If you want to skip backup on startup, set CRON_BACKUP_ONLY=1 otherwise CRON_BACKUP_ONLY=0
 CRON_BACKUP_ONLY=0
 
+# Set UNENCRYPTED=1 to bypass automatic encryption key generation and allow the backups to be unencrypted.
+# This is a bad idea as the owner of the PBS backup server you are backing up to will have full access to 
+# explore the backed-up content.
+UNENCRYPTED=0
+
 # Use of the PBS_API_KEY_NAME and PBS_API_KEY_SECRET is recommended!
 # If unset, ensure PBS_USER and PBS_PASSWORD are set.
-PBS_API_KEY_NAME="username@pam!test"
+PBS_API_KEY_NAME=username@pam!test
-PBS_API_KEY_SECRET="4054356a-f1a6-441e-86fc-e338367db185"
+PBS_API_KEY_SECRET=4054356a-f1a6-441e-86fc-e338367db185
 
 # PBS_USER is not required if PBS_API_KEY_NAME is set.
 # PBS_PASSWORD is not required if PBS_API_KEY_SECRET is set.
-PBS_USER=""
+PBS_USER=
-PBS_PASSWORD=""
+PBS_PASSWORD=
 
 # PBS_DATASTORE_NS is optional but should be set if using namespaces.
-PBS_DATASTORE_NS="test"
+PBS_DATASTORE_NS=test
 
 # PBS_FINGERPRINT is required if using a self signed SSL certificate.
-PBS_FINGERPRINT=""
+PBS_FINGERPRINT=
 
 # Healthchecks.io details - Optional. 
-HEALTHCHECKSUUID="aa7b0de3-2c17-4fce-b051-388a5415e656"
+HEALTHCHECKSUUID=aa7b0de3-2c17-4fce-b051-388a5415e656
-HEALTHCHECKSHOSTNAME="https://healthchecks.mydomain.com"
+HEALTHCHECKSHOSTNAME=https://healthchecks.mydomain.com
 
 TZ=Etc/UTC

docker/src/helper_scripts/restore-backup

@@ -116,7 +116,7 @@ read -rp "Are these details correct? Press Enter to continue or Ctrl+C to cancel
 #proxmox-backup-client restore host/elsa/2019-12-03T09:35:01Z root.pxar /target/path/
 # We need to build this command in case namespaces are in use.
 RESTORECMD="proxmox-backup-client restore ${selected_backup_type}/${selected_backup_id}/${selected_backup_time} ${selected_file} ${restore_path}"
-if [ -n "$RESTORECMD" ]; then
+if [ -n "$PBS_DATASTORE_NS" ]; then
     RESTORECMD+=" --ns ${PBS_DATASTORE_NS}"
 fi
 echo -e "\nRestore command:"

docker/src/s6-services/backup/run_include

@@ -60,7 +60,7 @@ fi
 # to allow the first backup or we're
 if [ "$CRON_BACKUP_ONLY" = "0" ] || [ -e "${lastrunfile}" ]; then
     if [ -n "$HEALTHCHECKSURL" ]; then
-        curl -fsS -m 10 --retry 5 $HEALTHCHECKSURL/start
+        curl -fsS -m 10 --retry 5 -o /dev/null $HEALTHCHECKSURL/start
     fi
 
     # Run the actual backup command.
@@ -72,7 +72,7 @@ if [ "$CRON_BACKUP_ONLY" = "0" ] || [ -e "${lastrunfile}" ]; then
 
     if [ -n "$HEALTHCHECKSURL" ]; then
         # We pipe the exit code to healthchecks, if it isn't zero, a warning will fire.
-        curl -fsS -m 10 --retry 5 ${HEALTHCHECKSURL}/${BACKUP_EXIT_CODE}
+        curl -fsS -m 10 --retry 5 -o /dev/null ${HEALTHCHECKSURL}/${BACKUP_EXIT_CODE}
     fi
 elif [ "$CRON_BACKUP_ONLY" = "1" ]; then
     echo "CRON_BACKUP_ONLY=1, skipping container start up initial backup."

docker/src/s6-services/key_setup/run

@@ -20,6 +20,14 @@ handle_error() {
 }
 trap handle_error ERR
 
+# Check if encryption is disabled via environment variable
+if [ "${UNENCRYPTED}" = "1" ]; then
+    echo "Encrypted backups are disabled. Skipping key setup process."
+    echo ""
+    echo "This is a bad idea as the owner of the PBS backup server you are backing up to will have full access to explore the backed-up content."
+    exit 0
+fi
+
 client_encryption_keyfile="/root/.config/proxmox-backup/encryption-key.json"
 master_private_keyfile="/root/.config/proxmox-backup/master-private.pem"
 master_public_keyfile="/root/.config/proxmox-backup/master-public.pem"

docker/src/s6-services/setup_check/run_include

@@ -30,8 +30,11 @@ if [ -z "$PBS_PASSWORD" ]; then
     exit 1
 fi
 
-HEALTHCHECKSURL="${HEALTHCHECKSHOSTNAME}/ping/${HEALTHCHECKSUUID}"
+# Evaluate each subvariable and replace all spaces with nothing - if not zero length set variable.
+if [[ ! -z "${HEALTHCHECKSHOSTNAME// }" ]] && [[ ! -z "${HEALTHCHECKSUUID// }" ]]; then
+  HEALTHCHECKSURL="${HEALTHCHECKSHOSTNAME}/ping/${HEALTHCHECKSUUID}"
+  export HEALTHCHECKSURL="${HEALTHCHECKSURL}"
+fi
 
-export HEALTHCHECKSURL="${HEALTHCHECKSURL}"
 export PBS_PASSWORD="${PBS_PASSWORD}"
 export PBS_REPOSITORY="${PBS_USER}@${PBS_ENDPOINT}:${PBS_DATASTORE}"