- Updated the schedule form schema to include an optional 'description' field.
- Enhanced the form to allow users to input a description for each schedule.
- Modified the schedule display component to show the description if available.
- Added a database migration to include the 'description' column in the schedule table.
Templates using network_mode: host (e.g. cloudflared) can now declare
isolated = false in their [config] section to prevent Dokploy from
injecting networks into the compose, which would cause a Docker error.
Default behavior (isolated = true) is unchanged for all existing templates.
Fixes#4366
Add 10s AbortSignal timeout to all template fetch calls so they fail
cleanly instead of hanging indefinitely when templates.dokploy.com is
unreachable. Add try/catch to getTags endpoint which was missing error
handling, causing a 500 instead of returning an empty list.
Closes#4282
- Added `sendInvitationEmail` function to send invitation emails when a new organization is created in the cloud environment.
- Updated email template to enhance the invitation message and included a direct link for users to accept the invitation.
- Refactored email sending logic in the user router to utilize the new invitation email rendering function.
- Improved organization invitation email design for better user experience.
Prevents owner/admin users of one organization from accessing servers,
destinations, and Docker Swarm join tokens belonging to other organizations
by validating organizationId on all endpoints that accept serverId or
destinationId as direct input.
- cluster: validate serverId org on getNodes, addWorker, addManager, removeWorker
- deployment: validate serverId org on allByServer
- backup: validate destinationId + serverId org on listBackupFiles
- volume-backups: validate destinationId + serverId org on restoreVolumeBackupWithLogs
- wss: validate server org on docker-container-logs, docker-container-terminal,
listen-deployment, and terminal WebSocket handlers
- auth: fix TypeScript type for API key metadata parsing
The search filter on the Requests tab was incorrectly filtering by
RequestPath instead of RequestHost, causing "filter by name" to match
URL paths rather than hostnames. Updated the placeholder text to
reflect the correct field being searched.
Fixes#4249
Change the logger's disabled property to be dependent on the NODE_ENV variable, ensuring logging is disabled in production for improved performance and security.
- Add `sendOnSignIn: true` to emailVerification config so unverified users
receive a new verification email when they attempt to sign in
- Create styled verification email template matching the invoice email design
- Extract `sendVerificationEmail` helper to keep auth.ts clean
- Show friendly message on login when email is not verified
Add a Containers tab to the compose service page that lists all
containers with their state, status, and container ID. Each container
has a dropdown menu with lifecycle actions: View Logs, Restart, Start,
Stop, and Kill.
- Add containerStart, containerStop, containerKill functions to docker service
- Add corresponding tRPC procedures with server ownership checks and audit logging
- Update containerRestart to support remote servers via serverId
- Create ShowComposeContainers component with table view and action menu
- Add Containers tab between Deployments and Backups, gated by docker.read permission
- Introduced a new feature allowing users to enable or disable invoice email notifications in the billing settings.
- Implemented email notifications for successful invoice payments and payment failures, enhancing user communication regarding billing.
- Updated the database schema to include a new column for storing user preferences on invoice notifications.
- Added corresponding email templates for invoice notifications and payment failure alerts.
These changes improve user experience by keeping users informed about their billing status and actions required.
When both stripPath and internalPath are configured, addPrefix was pushed
before stripPrefix causing incorrect path rewriting (e.g. /app/v2/public/api
instead of /app/v2/api). Traefik executes middlewares in array order, so
stripPrefix must come first.
Closes#4061
When users set a custom docker compose command without the -p flag,
Docker Compose defaults to using the directory name (code) as the
project name. If the custom command is later removed, Dokploy uses
-p appName, creating a new stack while the old one remains running.
Injecting COMPOSE_PROJECT_NAME=appName into the .env ensures the
project name is always consistent regardless of the command used.
Closes#4019
Commands were chained with && so if the project directory was missing,
cd would fail and docker compose down would never execute — leaving
containers and volumes running. Use semicolons to run each command
independently, matching the existing stack deletion pattern.
Closes#4064
- Updated the `getContainerLogs` function to accept either an application name or container ID, improving flexibility in log retrieval.
- Simplified the command execution logic by consolidating the remote and local execution paths.
- Added a new parameter to directly use container IDs, streamlining the process for users.
These changes enhance the usability of the logging feature, allowing for more efficient access to container logs.
- Implemented a new `readLogs` procedure across various routers (application, compose, libsql, mariadb, mongo, mysql, postgres, redis) to enable users to retrieve logs from containers.
- Each procedure includes input validation for parameters such as `tail`, `since`, and `search`, ensuring robust access control and authorization checks.
- Enhanced the `getContainerLogs` service to support fetching logs from both Docker containers and services, improving the logging capabilities of the application.
This feature enhances observability and troubleshooting for users by providing direct access to container logs.
- Introduced the AnalyzeLogs component for analyzing logs using AI, allowing users to select AI providers and view analysis results.
- Integrated AnalyzeLogs into the ShowDeployment and DockerLogsId components, enabling log analysis for both build and runtime contexts.
- Updated the AI router to include a new endpoint for log analysis, which processes logs and returns structured insights.
- Enhanced the AI provider selection logic to support new providers, including Z.AI and MiniMax.
This feature enhances the user experience by providing actionable insights from logs, improving troubleshooting and operational efficiency.
- Change compose.loadServices permission from service:create to service:read
since loading services from a compose file is a read-only operation
- Add saveEnvironment endpoint to compose router with envVars:write permission
- Update show-environment.tsx to use saveEnvironment mutations instead of
generic update mutations for all service types (compose, databases)
Closes#4052
The actions array in Slack attachments requires Interactive Components
to be configured on the Slack app, which causes notifications to fail.
Replaces with a Details field using mrkdwn hyperlink syntax and adds
mrkdwn_in to ensure the link renders as clickable.
Closes#4053
writeDomainsToCompose reads the compose file in Node.js before the
shell script runs, so patches applied as shell commands were being
overwritten by the stale pre-patch content.
Split patch execution into a separate step that runs before
getBuildComposeCommand, so the file is already patched when Node.js
reads it for domain injection.
Also added missing patch support to rebuildCompose which was skipping
patches entirely on redeploys.
Closes#4113
- Normalize emails with toLowerCase().trim() before comparing
- Wrap getUserByToken in try/catch since it throws TRPCError on miss,
rethrow as APIError for consistent error responses
Also checks that the invitation is not expired and has not already been
used before allowing account creation.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
- Updated the authentication process to check if the email of the user matches the email associated with the invitation token.
- Improved error handling for cases where the user is not found or the email does not match the invitation.
- Added `isEnterpriseCloud` field to the user schema to enhance user differentiation for enterprise cloud services.
- This change supports the ongoing updates to billing and subscription management for enterprise users.
- Introduced `isEnterpriseCloud` boolean field in the user schema to differentiate enterprise users.
- Updated billing UI to display specific information for enterprise cloud users, including a dedicated section for managing subscriptions.
- Modified API webhook logic to handle subscription updates and server management based on the `isEnterpriseCloud` status.
- Introduced `accessedServers` field in user permissions schema and member table.
- Implemented server access validation across various API routers to ensure users can only access permitted servers.
- Added a new query to fetch accessible server IDs based on user roles and licenses.
- Updated UI components to support server selection in user permissions.
Resolve conflicts:
- Integrate credentials-based user provisioning with canary changes
- Use withPermission("member", "create") instead of adminProcedure
- Adopt standardSchemaResolver, inviteMember mutation, and custom roles from canary
- Restrict credentials flow to non-cloud environments
- Introduced a new optional `icon` field to the application schema, allowing for icon uploads.
- Implemented validation to ensure the icon size does not exceed 2MB, enhancing data integrity.
