feat: Add SSH-Key support for secure deployment authentication

- upload.sh: Conditional SSH-Key vs. password authentication - Automatic detection of SSH-Keys via FTP_SSH_KEY variable - CloudPanel-compatible SSH-Key integration - .env.upload.example: Added SSH-Key documentation - Secure SFTP uploads without passwords in code
2025-09-07 15:46:11 +02:00
parent 58764765dd
commit a6ae81f5b5
2 changed files with 40 additions and 9 deletions
--- a/deployment/scripts/.env.upload.example
+++ b/deployment/scripts/.env.upload.example
@@ -16,6 +16,10 @@ FTP_PATH="/htdocs"
 # SSH/SFTP Port (Standard: 22)
 FTP_PORT="22"

+# SSH-Key Authentifizierung (Optional, für SSH-Key-only Server)
+# Falls gesetzt, wird SSH-Key statt Passwort verwendet
+# FTP_SSH_KEY="$HOME/.ssh/id_rsa"
+
 # Beispiele für verschiedene Provider:
 # Strato:     FTP_HOST="ftp.strato.de"     FTP_PATH="/htdocs"
 # 1&1:        FTP_HOST="ftp.1und1.de"      FTP_PATH="/htdocs"  
--- a/deployment/scripts/upload.sh
+++ b/deployment/scripts/upload.sh
@@ -35,6 +35,15 @@ echo "   Host: $FTP_HOST"
 echo "   User: $FTP_USER"
 echo "   Port: $FTP_PORT"
 echo "   Path: $FTP_PATH"
+
+# SSH-Key Authentifizierung prüfen
+if [ -n "$FTP_SSH_KEY" ] && [ -f "$FTP_SSH_KEY" ]; then
+    echo "   Auth: SSH-Key ($FTP_SSH_KEY)"
+    USE_SSH_KEY=1
+else
+    echo "   Auth: Passwort"
+    USE_SSH_KEY=0
+fi
 echo ""

 # Prüfe ob wir im deployment/scripts/ Ordner sind und wechsle zur Projekt-Root
@@ -74,17 +83,35 @@ if [[ ! "$response" =~ ^[Yy]$ ]]; then
 fi

 echo "📤 Uploade via SFTP..."
-lftp -c "
-set sftp:auto-confirm yes;
-set ssl:verify-certificate no;
-open sftp://$FTP_USER:$FTP_PASS@$FTP_HOST:$FTP_PORT;
-cd $FTP_PATH;

-lcd deployment/build;
-mirror --reverse --delete --verbose --exclude-glob=node_modules/ --exclude-glob=.git/ --exclude-glob=.* --exclude area/ ./ ./;
+if [ $USE_SSH_KEY -eq 1 ]; then
+    # SSH-Key Authentifizierung
+    lftp -c "
+    set sftp:auto-confirm yes;
+    set ssl:verify-certificate no;
+    set sftp:connect-program 'ssh -i $FTP_SSH_KEY -p $FTP_PORT -o StrictHostKeyChecking=no -o UserKnownHostsFile=/dev/null';
+    open sftp://$FTP_USER@$FTP_HOST;
+    cd $FTP_PATH;
    
-bye
-"
+    lcd deployment/build;
+    mirror --reverse --delete --verbose --exclude-glob=node_modules/ --exclude-glob=.git/ --exclude-glob=.* --exclude area/ ./ ./;
+    
+    bye
+    "
+else
+    # Passwort Authentifizierung
+    lftp -c "
+    set sftp:auto-confirm yes;
+    set ssl:verify-certificate no;
+    open sftp://$FTP_USER:$FTP_PASS@$FTP_HOST:$FTP_PORT;
+    cd $FTP_PATH;
+
+    lcd deployment/build;
+    mirror --reverse --delete --verbose --exclude-glob=node_modules/ --exclude-glob=.git/ --exclude-glob=.* --exclude area/ ./ ./;
+
+    bye
+    "
+fi

 if [ $? -eq 0 ]; then
    echo "✅ Upload erfolgreich!"