vps2-backup.sh aktualisiert

vps2-backup.sh

@@ -138,43 +138,79 @@ check_prereqs
 
 # ── 1) Portainer-Backup via API (Token, JSON-POST) → fixer Dateiname ─────────
 log "▶  Stage: Portainer via API"
-PORTAINER_URL="http://172.18.0.4:9000"   # lokal ist robuster als Traefik
+
 PORTAINER_TOKEN="$(cat /root/.portainer-token 2>/dev/null || true)"
 PORTAINER_BACKUP_PASS="$(cat /root/.portainer-backup-pass 2>/dev/null || true)"
 OUT="${TMP_DIR}/portainer-backup.tar.gz"
 
 if [ -z "$PORTAINER_TOKEN" ]; then
-  log "WARN: /root/.portainer-token fehlt – Portainer-Backup übersprungen."
+  log "WARN: /root/.portainer-token fehlt – überspringe Portainer-Backup."
 else
-  log "[*] Portainer-Backup via API (Token, JSON POST)…"
-  JSON_BODY='{}'
-  [ -n "$PORTAINER_BACKUP_PASS" ] && JSON_BODY=$(printf '{"password":"%s"}' "$PORTAINER_BACKUP_PASS")
+  # Kandidaten in Priorität: lokal publishtes 9000/9443 → Container-IP → (optional) Traefik
+  PORTAINER_URL=""
+  CURL_INSECURE=""
+  set +e
 
-  if curl -fsS -X POST \
-       -H "X-API-Key: ${PORTAINER_TOKEN}" \
-       -H "Content-Type: application/json" \
-       -d "${JSON_BODY}" \
-       -o "${OUT}" \
-       "${PORTAINER_URL}/api/backup"
-  then
-    if file "${OUT}" | grep -qi 'gzip compressed data'; then
-      # Zielordner im rsync-Modul anlegen (portainer/)
-      ensure_remote_subdir "portainer"
-      # Datei unter FIXEM Namen hochladen:
-      rsync_put_as "${OUT}" "portainer/portainer-backup.tar.gz"
-      log "[OK] Portainer-Backup gespeichert."
+  # 1) Loopback published (empfohlen)
+  curl -fsS -m 3 -H "X-API-Key: $PORTAINER_TOKEN"  http://127.0.0.1:9000/api/status >/dev/null 2>&1 \
+    && { PORTAINER_URL="http://127.0.0.1:9000"; }
+  if [ -z "$PORTAINER_URL" ]; then
+    curl -fsS -m 3 -k -H "X-API-Key: $PORTAINER_TOKEN" https://127.0.0.1:9443/api/status >/dev/null 2>&1 \
+      && { PORTAINER_URL="https://127.0.0.1:9443"; CURL_INSECURE="-k"; }
+  fi
+
+  # 2) Container-IP direkt (wenn nichts gepublished ist)
+  if [ -z "$PORTAINER_URL" ]; then
+    PORTAINER_IP="$($DOCKER inspect -f '{{range .NetworkSettings.Networks}}{{.IPAddress}}{{end}}' portainer 2>/dev/null)"
+    if [ -n "$PORTAINER_IP" ]; then
+      curl -fsS -m 3 -H "X-API-Key: $PORTAINER_TOKEN"  http://"${PORTAINER_IP}":9000/api/status >/dev/null 2>&1 \
+        && { PORTAINER_URL="http://${PORTAINER_IP}:9000"; }
+      if [ -z "$PORTAINER_URL" ]; then
+        curl -fsS -m 3 -k -H "X-API-Key: $PORTAINER_TOKEN" https://"${PORTAINER_IP}":9443/api/status >/dev/null 2>&1 \
+          && { PORTAINER_URL="https://${PORTAINER_IP}:9443"; CURL_INSECURE="-k"; }
+      fi
+    fi
+  fi
+
+  # 3) (Optional) Traefik-Domain – nur wenn lokal nicht geht UND resolvbar
+  if [ -z "$PORTAINER_URL" ] && getent hosts portainer.davidt.cloud >/dev/null 2>&1; then
+    curl -fsS -m 3 -k -H "X-API-Key: $PORTAINER_TOKEN" https://portainer.davidt.cloud/api/status >/dev/null 2>&1 \
+      && { PORTAINER_URL="https://portainer.davidt.cloud"; CURL_INSECURE="-k"; }
+  fi
+  set -e
+
+  if [ -z "$PORTAINER_URL" ]; then
+    log "WARN: Keine erreichbare Portainer-URL gefunden – überspringe Portainer-Backup."
+  else
+    log "[*] Portainer erreichbar unter: $PORTAINER_URL"
+    JSON_BODY='{}'
+    [ -n "$PORTAINER_BACKUP_PASS" ] && JSON_BODY=$(printf '{"password":"%s"}' "$PORTAINER_BACKUP_PASS")
+
+    if curl -fsS $CURL_INSECURE -X POST \
+         -H "X-API-Key: ${PORTAINER_TOKEN}" \
+         -H "Content-Type: application/json" \
+         -d "${JSON_BODY}" \
+         -o "${OUT}" \
+         "${PORTAINER_URL}/api/backup"
+    then
+      if file "${OUT}" | grep -qi 'gzip compressed data'; then
+        ensure_remote_subdir "portainer"
+        rsync_put_as "${OUT}" "portainer/portainer-backup.tar.gz"
+        log "[OK] Portainer-Backup gespeichert."
+      else
+        log "ERROR: Antwort ist kein gzip (evtl. 401/HTML?) → Token/Berechtigungen prüfen:"
+        head -c 300 "${OUT}" | sed -e 's/[^[:print:]\t]/./g'
+        exit 1
+      fi
     else
-      log "ERROR: Portainer-Backup ist keine gzip-Datei – Antwort (erste 300 B):"
-      head -c 300 "${OUT}" | sed -e 's/[^[:print:]\t]/./g'
+      log "ERROR: Portainer-Backup-Request fehlgeschlagen."
       exit 1
     fi
-  else
-    log "ERROR: Portainer-Backup-Request fehlgeschlagen."
-    exit 1
   fi
 fi
 
 
+
 # --- Stage: Traefik -----------------------------------------------------------
 log "▶  Stage: Traefik"
 rsync_dir "$TRAEFIK_DYNAMIC" "traefik/dynamic"