From b4e2d274b1f8320968489fcd9c434bf811cfbd74 Mon Sep 17 00:00:00 2001
From: Elijah <88380595+elijahdev0@users.noreply.github.com>
Date: Mon, 29 Jun 2026 13:10:19 -0400
Subject: [PATCH 1/3] fix: resolve server from parent entity in
 deployment.readLogs (#4689)
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

The readLogs endpoint only checked deployment.serverId and
deployment.schedule?.serverId to determine where to read log files.
For application and compose deployments on remote servers, serverId
is not stored on the deployment record — the server is resolved from
the parent entity (application.serverId, compose.serverId).

This caused readLogs to fall through to local execAsync, which would
silently fail (2>/dev/null) because the log file lives on the remote
server, returning empty content.

Fix by loading the compose relation in findDeploymentById and adding
fallback resolution through application?.serverId and compose?.serverId.

Fixes #4687

Co-authored-by: Roo <roo@agent.com>
---
 apps/dokploy/server/api/routers/deployment.ts | 6 +++++-
 packages/server/src/services/deployment.ts    | 1 +
 2 files changed, 6 insertions(+), 1 deletion(-)

diff --git a/apps/dokploy/server/api/routers/deployment.ts b/apps/dokploy/server/api/routers/deployment.ts
index d17a04dfb..0d7a91371 100644
--- a/apps/dokploy/server/api/routers/deployment.ts
+++ b/apps/dokploy/server/api/routers/deployment.ts
@@ -243,7 +243,11 @@ export const deploymentRouter = createTRPCRouter({
 			}
 
 			const command = `tail -n ${input.tail} "${deployment.logPath}" 2>/dev/null || echo ""`;
-			const serverId = deployment.serverId || deployment.schedule?.serverId;
+			const serverId =
+				deployment.serverId ||
+				deployment.schedule?.serverId ||
+				deployment.application?.serverId ||
+				deployment.compose?.serverId;
 			if (serverId) {
 				const { stdout } = await execAsyncRemote(serverId, command);
 				return stdout;
diff --git a/packages/server/src/services/deployment.ts b/packages/server/src/services/deployment.ts
index a5ff57779..0431de18e 100644
--- a/packages/server/src/services/deployment.ts
+++ b/packages/server/src/services/deployment.ts
@@ -84,6 +84,7 @@ export const findDeploymentById = async (deploymentId: string) => {
 		where: eq(deployments.deploymentId, deploymentId),
 		with: {
 			application: true,
+			compose: true,
 			schedule: true,
 		},
 	});

From ed0abb24656bf997641a87f397d674e04fd88547 Mon Sep 17 00:00:00 2001
From: Mauricio Siu <47042324+Siumauricio@users.noreply.github.com>
Date: Mon, 29 Jun 2026 12:01:26 -0600
Subject: [PATCH 2/3] feat: enhance TLS certificate selection UI in AddDomain
 component (#4705)

* feat: enhance TLS certificate selection UI in AddDomain component

- Added descriptive FormDescriptions for different TLS certificate options (None, Let's Encrypt, Custom) to improve user understanding of certificate provisioning.
- Updated placeholder text for the custom certificate resolver input field to provide clearer guidance on expected input format.

This update enhances the user experience by providing contextual information directly within the form.

* [autofix.ci] apply automated fixes

---------

Co-authored-by: autofix-ci[bot] <114827586+autofix-ci[bot]@users.noreply.github.com>
---
 .../application/domains/handle-domain.tsx     | 42 ++++++++++++++++++-
 1 file changed, 41 insertions(+), 1 deletion(-)

diff --git a/apps/dokploy/components/dashboard/application/domains/handle-domain.tsx b/apps/dokploy/components/dashboard/application/domains/handle-domain.tsx
index b232591e4..fef973ab2 100644
--- a/apps/dokploy/components/dashboard/application/domains/handle-domain.tsx
+++ b/apps/dokploy/components/dashboard/application/domains/handle-domain.tsx
@@ -763,6 +763,37 @@ export const AddDomain = ({ id, type, domainId = "", children }: Props) => {
 																<SelectItem value={"custom"}>Custom</SelectItem>
 															</SelectContent>
 														</Select>
+														<FormDescription>
+															{field.value === "none" && (
+																<>
+																	<strong>None</strong> serves TLS using any
+																	certificate you created in the{" "}
+																	<Link
+																		href="/dashboard/settings/certificates"
+																		className="text-primary"
+																	>
+																		Certificates
+																	</Link>{" "}
+																	section whose CN/SAN matches this host —
+																	Traefik selects it automatically via SNI.
+																</>
+															)}
+															{field.value === "letsencrypt" && (
+																<>
+																	<strong>Let's Encrypt</strong> auto-provisions
+																	a certificate automatically for this host.
+																</>
+															)}
+															{field.value === "custom" && (
+																<>
+																	<strong>Custom</strong> uses a Traefik cert
+																	resolver by name (defined in your static
+																	configuration).
+																</>
+															)}
+															{!field.value &&
+																"Select a certificate provider to see how TLS will be served for this host."}
+														</FormDescription>
 														<FormMessage />
 													</FormItem>
 												);
@@ -777,10 +808,19 @@ export const AddDomain = ({ id, type, domainId = "", children }: Props) => {
 													return (
 														<FormItem>
 															<FormLabel>Custom Certificate Resolver</FormLabel>
+															<FormDescription>
+																Enter the <strong>name</strong> of a Traefik
+																cert resolver defined in your static
+																configuration (e.g. <code>letsencrypt</code>) —
+																not certificate or private key content. To use a
+																certificate you pasted in the Certificates
+																section, choose <strong>None</strong> instead
+																and Traefik will match it by SNI.
+															</FormDescription>
 															<FormControl>
 																<Input
 																	className="w-full"
-																	placeholder="Enter your custom certificate resolver"
+																	placeholder="e.g. letsencrypt"
 																	{...field}
 																	value={field.value || ""}
 																	onChange={(e) => {

From 8b6481501e6e379b9ce32c4da4201fcb7a65364a Mon Sep 17 00:00:00 2001
From: viky <112059651+vikyw89@users.noreply.github.com>
Date: Tue, 30 Jun 2026 02:03:13 +0800
Subject: [PATCH 3/3] fix: add method="post" to auth forms to prevent
 credential leak in URL (#4683)

Auth forms (login, register, 2FA, backup-code, reset-password) had no
method attribute, defaulting to GET. react-hook-form's handleSubmit
preventDefault()s only after hydration; submitting in the pre-hydration
or no-JS window triggers a native GET to the current URL, leaking
email/password into the URL, history, access logs and Referer header.

Setting method="post" makes the native fallback a POST so credentials
go in the request body instead. Normal JS submit path is unchanged.
Verified in a browser: GET (?email&password) -> POST (clean URL).

Co-authored-by: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
---
 apps/dokploy/pages/index.tsx               | 8 +++++++-
 apps/dokploy/pages/register.tsx            | 1 +
 apps/dokploy/pages/reset-password.tsx      | 1 +
 apps/dokploy/pages/send-reset-password.tsx | 1 +
 4 files changed, 10 insertions(+), 1 deletion(-)

diff --git a/apps/dokploy/pages/index.tsx b/apps/dokploy/pages/index.tsx
index a9aaf7263..8e53e4658 100644
--- a/apps/dokploy/pages/index.tsx
+++ b/apps/dokploy/pages/index.tsx
@@ -182,6 +182,7 @@ export default function Home({ IS_CLOUD, enforceSSO }: Props) {
 			{IS_CLOUD && <SignInWithGoogle />}
 			<Form {...loginForm}>
 				<form
+					method="post"
 					onSubmit={loginForm.handleSubmit(onSubmit)}
 					className="space-y-4"
 					id="login-form"
@@ -263,6 +264,7 @@ export default function Home({ IS_CLOUD, enforceSSO }: Props) {
 				) : (
 					<>
 						<form
+							method="post"
 							onSubmit={onTwoFactorSubmit}
 							className="space-y-4"
 							id="two-factor-form"
@@ -326,7 +328,11 @@ export default function Home({ IS_CLOUD, enforceSSO }: Props) {
 									</DialogDescription>
 								</DialogHeader>
 
-								<form onSubmit={onBackupCodeSubmit} className="space-y-4">
+								<form
+									method="post"
+									onSubmit={onBackupCodeSubmit}
+									className="space-y-4"
+								>
 									<div className="flex flex-col gap-2">
 										<Label>Backup Code</Label>
 										<Input
diff --git a/apps/dokploy/pages/register.tsx b/apps/dokploy/pages/register.tsx
index 865a7b75d..9e3a18c65 100644
--- a/apps/dokploy/pages/register.tsx
+++ b/apps/dokploy/pages/register.tsx
@@ -172,6 +172,7 @@ const Register = ({ isCloud }: Props) => {
 							)}
 							<Form {...form}>
 								<form
+									method="post"
 									onSubmit={form.handleSubmit(onSubmit)}
 									className="grid gap-4"
 								>
diff --git a/apps/dokploy/pages/reset-password.tsx b/apps/dokploy/pages/reset-password.tsx
index eff238979..46a655298 100644
--- a/apps/dokploy/pages/reset-password.tsx
+++ b/apps/dokploy/pages/reset-password.tsx
@@ -123,6 +123,7 @@ export default function Home({ tokenResetPassword }: Props) {
 						)}
 						<Form {...form}>
 							<form
+								method="post"
 								onSubmit={form.handleSubmit(onSubmit)}
 								className="grid gap-4"
 							>
diff --git a/apps/dokploy/pages/send-reset-password.tsx b/apps/dokploy/pages/send-reset-password.tsx
index 63154d050..7d3c47d51 100644
--- a/apps/dokploy/pages/send-reset-password.tsx
+++ b/apps/dokploy/pages/send-reset-password.tsx
@@ -110,6 +110,7 @@ export default function Home() {
 						{!temp.is2FAEnabled ? (
 							<Form {...form}>
 								<form
+									method="post"
 									onSubmit={form.handleSubmit(onSubmit)}
 									className="grid gap-4"
 								>