fix: server startup hardening

.env.prebuilt

@@ -105,21 +105,21 @@ NETWORK_GATEWAY=172.20.0.1
 # =====================
 # Change this to your server's public IP or domain name
 SERVER_ADDRESS=127.0.0.1
-REALM_PORT=8215
+REALM_PORT=8085
 
 # =====================
 # Ports
 # =====================
 # Authentication server
-AUTH_EXTERNAL_PORT=3784
+AUTH_EXTERNAL_PORT=3724
 AUTH_PORT=3724
 
 # World server
-WORLD_EXTERNAL_PORT=8215
+WORLD_EXTERNAL_PORT=8085
 WORLD_PORT=8085
 
 # SOAP/Remote access
-SOAP_EXTERNAL_PORT=7778
+SOAP_EXTERNAL_PORT=7878
 SOAP_PORT=7878
 
 # MySQL database (for external access)

.env.template

@@ -118,11 +118,11 @@ ALPINE_IMAGE=alpine:latest
 # =====================
 # Ports
 # =====================
-AUTH_EXTERNAL_PORT=3784
+AUTH_EXTERNAL_PORT=3724
 AUTH_PORT=3724
-WORLD_EXTERNAL_PORT=8215
+WORLD_EXTERNAL_PORT=8085
 WORLD_PORT=8085
-SOAP_EXTERNAL_PORT=7778
+SOAP_EXTERNAL_PORT=7878
 SOAP_PORT=7878
 
 # =====================
@@ -136,7 +136,7 @@ NETWORK_GATEWAY=172.20.0.1
 # Server address / realm
 # =====================
 SERVER_ADDRESS=127.0.0.1
-REALM_PORT=8215
+REALM_PORT=8085
 
 # =====================
 # MySQL / Database Layer

config/systemd/docker.service.d/nfs-dependencies.conf

@@ -0,0 +1,13 @@
+# AzerothCore RealmMaster - Docker NFS Dependencies
+# Ensures Docker waits for NFS mounts before starting to prevent race conditions
+# where containers create local directories before NFS mounts are ready
+
+[Unit]
+# Wait for NFS mounts to be active before starting Docker
+After=nfs-azerothcore.mount nfs-containers.mount
+
+# Require the primary backup NFS mount (critical for data integrity)
+Requires=nfs-azerothcore.mount
+
+# Prefer the containers NFS mount but don't fail if unavailable
+Wants=nfs-containers.mount

scripts/bash/install-docker-nfs-fix.sh

@@ -0,0 +1,96 @@
+#!/bin/bash
+# AzerothCore RealmMaster - Install Docker NFS Dependencies Fix
+# This script installs a systemd drop-in configuration to ensure Docker
+# waits for NFS mounts before starting, preventing backup folder deletion issues
+
+set -e
+
+SCRIPT_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)"
+PROJECT_ROOT="$(cd "$SCRIPT_DIR/../.." && pwd)"
+DROP_IN_SOURCE="$PROJECT_ROOT/config/systemd/docker.service.d/nfs-dependencies.conf"
+DROP_IN_TARGET="/etc/systemd/system/docker.service.d/nfs-dependencies.conf"
+
+# Colors for output
+RED='\033[0;31m'
+GREEN='\033[0;32m'
+YELLOW='\033[1;33m'
+BLUE='\033[0;34m'
+NC='\033[0m' # No Color
+
+log_info() { echo -e "${BLUE}ℹ️  $*${NC}"; }
+log_ok() { echo -e "${GREEN}✅ $*${NC}"; }
+log_warn() { echo -e "${YELLOW}⚠️  $*${NC}"; }
+log_err() { echo -e "${RED}❌ $*${NC}"; }
+
+# Check if running as root
+if [ "$EUID" -ne 0 ]; then
+  log_err "This script must be run as root (use sudo)"
+  exit 1
+fi
+
+# Check if source file exists
+if [ ! -f "$DROP_IN_SOURCE" ]; then
+  log_err "Source configuration file not found: $DROP_IN_SOURCE"
+  exit 1
+fi
+
+# Check if NFS mounts exist
+log_info "Checking NFS mount configuration..."
+if ! systemctl list-units --type=mount | grep -q "nfs-azerothcore.mount"; then
+  log_warn "nfs-azerothcore.mount not found. This fix requires NFS mounts to be configured."
+  log_warn "Continue anyway? (y/n)"
+  read -r response
+  if [[ ! "$response" =~ ^[Yy]$ ]]; then
+    log_info "Installation cancelled."
+    exit 0
+  fi
+fi
+
+# Create drop-in directory
+log_info "Creating systemd drop-in directory..."
+mkdir -p "$(dirname "$DROP_IN_TARGET")"
+log_ok "Drop-in directory ready: $(dirname "$DROP_IN_TARGET")"
+
+# Install configuration file
+log_info "Installing NFS dependencies configuration..."
+cp "$DROP_IN_SOURCE" "$DROP_IN_TARGET"
+chmod 644 "$DROP_IN_TARGET"
+log_ok "Configuration installed: $DROP_IN_TARGET"
+
+# Show what was installed
+echo ""
+log_info "Installed configuration:"
+echo "---"
+cat "$DROP_IN_TARGET"
+echo "---"
+echo ""
+
+# Reload systemd
+log_info "Reloading systemd daemon..."
+systemctl daemon-reload
+log_ok "Systemd daemon reloaded"
+
+# Verify configuration
+log_info "Verifying Docker service dependencies..."
+echo ""
+systemctl show -p After,Requires,Wants docker.service | grep -E '^(After|Requires|Wants)='
+echo ""
+
+# Check if Docker is running
+if systemctl is-active --quiet docker.service; then
+  log_warn "Docker is currently running"
+  log_warn "The new configuration will take effect on next Docker restart or system reboot"
+  echo ""
+  log_info "To apply immediately, restart Docker (WARNING: will stop all containers):"
+  echo "  sudo systemctl restart docker.service"
+  echo ""
+  log_info "Or reboot the system:"
+  echo "  sudo reboot"
+else
+  log_ok "Docker is not running - configuration will apply on next start"
+fi
+
+echo ""
+log_ok "Docker NFS dependencies fix installed successfully!"
+log_info "Docker will now wait for NFS mounts before starting"
+log_info "This prevents backup folders from being deleted during server restarts"

scripts/bash/migrate-stack.sh

@@ -253,7 +253,15 @@ STAGE_SQL_PATH_RAW="$(read_env_value STAGE_PATH_MODULE_SQL "${LOCAL_STORAGE_ROOT
 if [ -z "${STORAGE_PATH_LOCAL:-}" ]; then
   STORAGE_PATH_LOCAL="$LOCAL_STORAGE_ROOT"
 fi
-# Expand any env references (e.g., ${STORAGE_PATH_LOCAL})
+# Ensure STORAGE_PATH is defined to avoid set -u failures during expansion
+if [ -z "${STORAGE_PATH:-}" ]; then
+  STORAGE_PATH="$(read_env_value STORAGE_PATH "./storage")"
+fi
+# Ensure STORAGE_MODULE_SQL_PATH is defined to avoid set -u failures during expansion
+if [ -z "${STORAGE_MODULE_SQL_PATH:-}" ]; then
+  STORAGE_MODULE_SQL_PATH="$(read_env_value STORAGE_MODULE_SQL_PATH "${STORAGE_PATH}/module-sql-updates")"
+fi
+# Expand any env references (e.g., ${STORAGE_PATH_LOCAL}, ${STORAGE_MODULE_SQL_PATH})
 STAGE_SQL_PATH_RAW="$(eval "echo \"$STAGE_SQL_PATH_RAW\"")"
 LOCAL_STAGE_SQL_DIR="$(resolve_path_relative_to_project "$STAGE_SQL_PATH_RAW" "$PROJECT_ROOT")"
 REMOTE_STAGE_SQL_DIR="$(resolve_path_relative_to_project "$STAGE_SQL_PATH_RAW" "$PROJECT_DIR")"