docs(docker): use docker cp for token migration and fix bcrypt command

Replace direct volume mountpoint writes (requires root) with docker cp
which works without elevated permissions. Fix malformed npx bcrypt
command — use require('bcrypt') with Node module resolution. Add
security note about not committing password hashes to docker-compose.
This commit is contained in:
Tam Nhu Tran
2026-03-29 11:17:38 -04:00
parent a23caf0051
commit f8c43a374d
+15 -16
View File
@@ -65,13 +65,11 @@ environment:
Generate a bcrypt hash:
```bash
docker exec ccs-cliproxy npx -y bcryptjs -e "
const b = require('bcryptjs'); console.log(b.hashSync('your-password', 10));
"
# Or if bcrypt is available in the container's CCS install:
docker exec ccs-cliproxy node -e "console.log(require('bcrypt').hashSync('your-password', 10))"
```
> **Note:** Do not commit the password hash in `docker-compose.yml`. Use Docker secrets or a `.env` file (not tracked in git) for sensitive values like `CCS_DASHBOARD_PASSWORD_HASH`.
After configuring auth, restart the dashboard:
```bash
@@ -90,12 +88,10 @@ ssh -L 3000:localhost:3000 my-server
If you have existing CLIProxy OAuth tokens from a previous deployment, copy them into the Docker volume:
```bash
# Find the new volume mountpoint
docker volume inspect docker_ccs_home --format '{{.Mountpoint}}'
# Example output: /var/lib/docker/volumes/docker_ccs_home/_data
# Copy auth files from old location to new volume
cp /path/to/old/auth/*.json /var/lib/docker/volumes/docker_ccs_home/_data/cliproxy/auth/
# Copy auth files into the running container
for f in /path/to/old/auth/*.json; do
docker cp "$f" ccs-cliproxy:/root/.ccs/cliproxy/auth/
done
# Restart CLIProxy to load new tokens
docker exec ccs-cliproxy supervisorctl -c /etc/supervisord.conf restart cliproxy
@@ -104,16 +100,19 @@ docker exec ccs-cliproxy supervisorctl -c /etc/supervisord.conf restart cliproxy
For remote deployments via `ccs docker up --host`:
```bash
# Auth files are stored in the named volume, accessible on the host at:
ssh my-server "docker volume inspect docker_ccs_home --format '{{.Mountpoint}}'"
# Copy tokens into the running container (no root/sudo needed)
scp /path/to/auth/*.json my-server:/tmp/ccs-auth/
ssh my-server 'for f in /tmp/ccs-auth/*.json; do docker cp "$f" ccs-cliproxy:/root/.ccs/cliproxy/auth/; done'
# Copy tokens from old setup
ssh my-server "cp /old/path/cliproxy/auth/*.json \$(docker volume inspect docker_ccs_home --format '{{.Mountpoint}}')/cliproxy/auth/"
# Restart CLIProxy
# Restart CLIProxy to load new tokens
ssh my-server "docker exec ccs-cliproxy supervisorctl -c /etc/supervisord.conf restart cliproxy"
# Clean up temp files
ssh my-server "rm -rf /tmp/ccs-auth"
```
> **Tip:** `docker cp` is preferred over writing directly to Docker volume mountpoints, which require root access.
### Post-Deployment: Verification Checklist
After `ccs docker up`, verify the deployment: