mirror of
https://github.com/tiennm99/ccs.git
synced 2026-07-16 02:11:28 +00:00
docs(docker): use docker cp for token migration and fix bcrypt command
Replace direct volume mountpoint writes (requires root) with docker cp
which works without elevated permissions. Fix malformed npx bcrypt
command — use require('bcrypt') with Node module resolution. Add
security note about not committing password hashes to docker-compose.
This commit is contained in:
+15
-16
@@ -65,13 +65,11 @@ environment:
|
||||
Generate a bcrypt hash:
|
||||
|
||||
```bash
|
||||
docker exec ccs-cliproxy npx -y bcryptjs -e "
|
||||
const b = require('bcryptjs'); console.log(b.hashSync('your-password', 10));
|
||||
"
|
||||
# Or if bcrypt is available in the container's CCS install:
|
||||
docker exec ccs-cliproxy node -e "console.log(require('bcrypt').hashSync('your-password', 10))"
|
||||
```
|
||||
|
||||
> **Note:** Do not commit the password hash in `docker-compose.yml`. Use Docker secrets or a `.env` file (not tracked in git) for sensitive values like `CCS_DASHBOARD_PASSWORD_HASH`.
|
||||
|
||||
After configuring auth, restart the dashboard:
|
||||
|
||||
```bash
|
||||
@@ -90,12 +88,10 @@ ssh -L 3000:localhost:3000 my-server
|
||||
If you have existing CLIProxy OAuth tokens from a previous deployment, copy them into the Docker volume:
|
||||
|
||||
```bash
|
||||
# Find the new volume mountpoint
|
||||
docker volume inspect docker_ccs_home --format '{{.Mountpoint}}'
|
||||
# Example output: /var/lib/docker/volumes/docker_ccs_home/_data
|
||||
|
||||
# Copy auth files from old location to new volume
|
||||
cp /path/to/old/auth/*.json /var/lib/docker/volumes/docker_ccs_home/_data/cliproxy/auth/
|
||||
# Copy auth files into the running container
|
||||
for f in /path/to/old/auth/*.json; do
|
||||
docker cp "$f" ccs-cliproxy:/root/.ccs/cliproxy/auth/
|
||||
done
|
||||
|
||||
# Restart CLIProxy to load new tokens
|
||||
docker exec ccs-cliproxy supervisorctl -c /etc/supervisord.conf restart cliproxy
|
||||
@@ -104,16 +100,19 @@ docker exec ccs-cliproxy supervisorctl -c /etc/supervisord.conf restart cliproxy
|
||||
For remote deployments via `ccs docker up --host`:
|
||||
|
||||
```bash
|
||||
# Auth files are stored in the named volume, accessible on the host at:
|
||||
ssh my-server "docker volume inspect docker_ccs_home --format '{{.Mountpoint}}'"
|
||||
# Copy tokens into the running container (no root/sudo needed)
|
||||
scp /path/to/auth/*.json my-server:/tmp/ccs-auth/
|
||||
ssh my-server 'for f in /tmp/ccs-auth/*.json; do docker cp "$f" ccs-cliproxy:/root/.ccs/cliproxy/auth/; done'
|
||||
|
||||
# Copy tokens from old setup
|
||||
ssh my-server "cp /old/path/cliproxy/auth/*.json \$(docker volume inspect docker_ccs_home --format '{{.Mountpoint}}')/cliproxy/auth/"
|
||||
|
||||
# Restart CLIProxy
|
||||
# Restart CLIProxy to load new tokens
|
||||
ssh my-server "docker exec ccs-cliproxy supervisorctl -c /etc/supervisord.conf restart cliproxy"
|
||||
|
||||
# Clean up temp files
|
||||
ssh my-server "rm -rf /tmp/ccs-auth"
|
||||
```
|
||||
|
||||
> **Tip:** `docker cp` is preferred over writing directly to Docker volume mountpoints, which require root access.
|
||||
|
||||
### Post-Deployment: Verification Checklist
|
||||
|
||||
After `ccs docker up`, verify the deployment:
|
||||
|
||||
Reference in New Issue
Block a user