chore(license): update copyright year to 2025 and remove obsolete dokploy license file

Fix/issues

Dockerfile

@@ -1,3 +1,4 @@
+# syntax=docker/dockerfile:1
 FROM node:20.9-slim AS base
 ENV PNPM_HOME="/pnpm"
 ENV PATH="$PNPM_HOME:$PATH"

Dockerfile.cloud

@@ -1,3 +1,4 @@
+# syntax=docker/dockerfile:1
 FROM node:20.9-slim AS base
 ENV PNPM_HOME="/pnpm"
 ENV PATH="$PNPM_HOME:$PATH"

Dockerfile.monitoring

@@ -1,3 +1,4 @@
+# syntax=docker/dockerfile:1
 # Build stage
 FROM golang:1.21-alpine3.19 AS builder
 

Dockerfile.schedule

@@ -1,3 +1,4 @@
+# syntax=docker/dockerfile:1
 FROM node:20.9-slim AS base
 ENV PNPM_HOME="/pnpm"
 ENV PATH="$PNPM_HOME:$PATH"

Dockerfile.server

@@ -1,3 +1,4 @@
+# syntax=docker/dockerfile:1
 FROM node:20.9-slim AS base
 ENV PNPM_HOME="/pnpm"
 ENV PATH="$PNPM_HOME:$PATH"

GUIDES.md

@@ -16,28 +16,29 @@ Here's how to install docker on different operating systems:
 ### Ubuntu
 
 ```bash
+# Uninstall old versions
+for pkg in docker.io docker-doc docker-compose docker-compose-v2 podman-docker containerd runc; do sudo apt-get remove $pkg; done
+
 # Update package index
 sudo apt-get update
 
 # Install prerequisites
-sudo apt-get install \
-    apt-transport-https \
-    ca-certificates \
-    curl \
-    gnupg \
-    lsb-release
+sudo apt-get install ca-certificates curl
+sudo install -m 0755 -d /etc/apt/keyrings
 
 # Add Docker's official GPG key
-curl -fsSL https://download.docker.com/linux/ubuntu/gpg | sudo gpg --dearmor -o /usr/share/keyrings/docker-archive-keyring.gpg
+sudo curl -fsSL https://download.docker.com/linux/ubuntu/gpg -o /etc/apt/keyrings/docker.asc
+sudo chmod a+r /etc/apt/keyrings/docker.asc
 
-# Set up stable repository
+# Add the repository to Apt sources
 echo \
-  "deb [arch=amd64 signed-by=/usr/share/keyrings/docker-archive-keyring.gpg] https://download.docker.com/linux/ubuntu \
-  $(lsb_release -cs) stable" | sudo tee /etc/apt/sources.list.d/docker.list > /dev/null
+  "deb [arch=$(dpkg --print-architecture) signed-by=/etc/apt/keyrings/docker.asc] https://download.docker.com/linux/ubuntu \
+  $(. /etc/os-release && echo "${UBUNTU_CODENAME:-$VERSION_CODENAME}") stable" | \
+  sudo tee /etc/apt/sources.list.d/docker.list > /dev/null
 
 # Install Docker Engine
 sudo apt-get update
-sudo apt-get install docker-ce docker-ce-cli containerd.io
+sudo apt-get install docker-ce docker-ce-cli containerd.io docker-buildx-plugin docker-compose-plugin
 ```
 
 ## Windows

LICENSE.MD

@@ -2,7 +2,7 @@
 
 ## Core License (Apache License 2.0)
 
-Copyright 2024 Mauricio Siu.
+Copyright 2025 Mauricio Siu.
 
 Licensed under the Apache License, Version 2.0 (the "License");
 you may not use this file except in compliance with the License.

README.md

@@ -62,42 +62,26 @@ For detailed documentation, visit [docs.dokploy.com](https://docs.dokploy.com).
 ### Hero Sponsors 🎖
 
 <div style="display: flex; align-items: center; gap: 20px;">
-  <a href="https://www.hostinger.com/vps-hosting?ref=dokploy" target="_blank" style="display: inline-block; margin-right: 10px;">
-    <img src=".github/sponsors/hostinger.jpg" alt="Hostinger" height="50"/>
-  </a>
-  <a href="https://www.lxaer.com/?ref=dokploy" target="_blank" style="display: inline-block; margin-right: 10px;">
-    <img src=".github/sponsors/lxaer.png" alt="LX Aer" height="50"/>
-  </a>
-    <a href="https://mandarin3d.com/?ref=dokploy" target="_blank" style="display: inline-block;">
-    <img src=".github/sponsors/mandarin.png" alt="Mandarin" height="50"/>
-  </a>
-    <a href="https://lightnode.com/?ref=dokploy" target="_blank" style="display: inline-block;">
-    <img src=".github/sponsors/light-node.webp" alt="Lightnode" height="70"/>
-  </a>
+  <a href="https://www.hostinger.com/vps-hosting?ref=dokploy" target="_blank" style="display: inline-block; margin-right: 10px;"><img src=".github/sponsors/hostinger.jpg" alt="Hostinger" height="50"/></a>
+  <a href="https://www.lxaer.com/?ref=dokploy" target="_blank" style="display: inline-block; margin-right: 10px;"><img src=".github/sponsors/lxaer.png" alt="LX Aer" height="50"/></a>
+  <a href="https://mandarin3d.com/?ref=dokploy" target="_blank" style="display: inline-block;"><img src=".github/sponsors/mandarin.png" alt="Mandarin" height="50"/></a>
+  <a href="https://lightnode.com/?ref=dokploy" target="_blank" style="display: inline-block;"><img src=".github/sponsors/light-node.webp" alt="Lightnode" height="70"/></a>
 
-  
 </div>
 
 ### Premium Supporters 🥇
 
 <div style="display: flex; align-items: center; gap: 20px;">
-  <a href="https://supafort.com/?ref=dokploy" target="_blank" style="display: inline-block; margin-right: 20px;">
-    <img src="https://supafort.com/build/q-4Ht4rBZR.webp" alt="Supafort.com" height="50"/>
-  </a>
-
-  <a href="https://agentdock.ai/?ref=dokploy" target="_blank" style="display: inline-block; margin-right: 50px;">
-    <img src=".github/sponsors/agentdock.png" alt="agentdock.ai" height="70"/>
-  </a>
+  <a href="https://supafort.com/?ref=dokploy" target="_blank" style="display: inline-block; margin-right: 20px;"><img src="https://supafort.com/build/q-4Ht4rBZR.webp" alt="Supafort.com" height="50"/></a>
+  <a href="https://agentdock.ai/?ref=dokploy" target="_blank" style="display: inline-block; margin-right: 50px;"><img src=".github/sponsors/agentdock.png" alt="agentdock.ai" height="70"/></a>
 
 </div>
 
 ### Elite Contributors 🥈
 
 <div style="display: flex; align-items: center; gap: 20px;">
-
-  <a href="https://americancloud.com/?ref=dokploy" target="_blank" style="display: inline-block; padding: 10px; border-radius: 10px;">
-    <img src=".github/sponsors/american-cloud.png" alt="AmericanCloud" height="70"/>
-  </a>
+  <a href="https://americancloud.com/?ref=dokploy" target="_blank" style="display: inline-block; padding: 10px; border-radius: 10px;"><img src=".github/sponsors/american-cloud.png" alt="AmericanCloud" height="70"/></a>
+  <a href="https://tolgee.io/?utm_source=github_dokploy&utm_medium=banner&utm_campaign=dokploy" target="_blank" style="display: inline-block; margin-right: 10px;"><img src="https://dokploy.com/tolgee-logo.png" alt="Tolgee" height="80"/></a>
 
 </div>
 <!-- Elite Contributors 🥈 -->

SECURITY.md

@@ -0,0 +1,28 @@
+# Dokploy Security Policy
+
+At Dokploy, security is a top priority. We appreciate the help of security researchers and the community in identifying and reporting vulnerabilities.
+
+## How to Report a Vulnerability
+
+If you have discovered a security vulnerability in Dokploy, we ask that you report it responsibly by following these guidelines:
+
+1.  **Contact us:** Send an email to [contact@dokploy.com](mailto:contact@dokploy.com).
+2.  **Provide clear details:** Include as much information as possible to help us understand and reproduce the vulnerability. This should include:
+    *   A clear description of the vulnerability.
+    *   Steps to reproduce the vulnerability.
+    *   Any sample code, screenshots, or videos that might be helpful.
+    *   The potential impact of the vulnerability.
+3.  **Do not make the vulnerability public:** Please refrain from publicly disclosing the vulnerability until we have had the opportunity to investigate and address it. This is crucial for protecting our users.
+4.  **Allow us time:** We will endeavor to acknowledge receipt of your report as soon as possible and keep you informed of our progress. The time to resolve the vulnerability may vary depending on its complexity and severity.
+
+## What We Expect From You
+
+*   Do not access user data or systems beyond what is necessary to demonstrate the vulnerability.
+*   Do not perform denial-of-service (DoS) attacks, spamming, or social engineering.
+*   Do not modify or destroy data that does not belong to you.
+
+## Our Commitment
+
+We are committed to working with you quickly and responsibly to address any legitimate security vulnerability.
+
+Thank you for helping us keep Dokploy secure for everyone.

apps/api/package.json

@@ -9,25 +9,25 @@
 		"typecheck": "tsc --noEmit"
 	},
 	"dependencies": {
-		"pino": "9.4.0",
-		"pino-pretty": "11.2.2",
-		"@hono/zod-validator": "0.3.0",
-		"zod": "^3.23.4",
-		"react": "18.2.0",
-		"react-dom": "18.2.0",
 		"@dokploy/server": "workspace:*",
 		"@hono/node-server": "^1.12.1",
-		"hono": "^4.5.8",
+		"@hono/zod-validator": "0.3.0",
+		"@nerimity/mimiqueue": "1.2.3",
 		"dotenv": "^16.3.1",
+		"hono": "^4.5.8",
+		"pino": "9.4.0",
+		"pino-pretty": "11.2.2",
+		"react": "18.2.0",
+		"react-dom": "18.2.0",
 		"redis": "4.7.0",
-		"@nerimity/mimiqueue": "1.2.3"
+		"zod": "^3.23.4"
 	},
 	"devDependencies": {
-		"typescript": "^5.4.2",
+		"@types/node": "^20.11.17",
 		"@types/react": "^18.2.37",
 		"@types/react-dom": "^18.2.15",
-		"@types/node": "^20.11.17",
-		"tsx": "^4.7.1"
+		"tsx": "^4.7.1",
+		"typescript": "^5.4.2"
 	},
 	"packageManager": "pnpm@9.5.0"
 }

apps/dokploy/LICENSE.MD

@@ -1,26 +0,0 @@
-# License
-
-## Core License (Apache License 2.0)
-
-Copyright 2024 Mauricio Siu.
-
-Licensed under the Apache License, Version 2.0 (the "License");
-you may not use this file except in compliance with the License.
-You may obtain a copy of the License at
-
-    http://www.apache.org/licenses/LICENSE-2.0
-
-Unless required by applicable law or agreed to in writing, software
-distributed under the License is distributed on an "AS IS" BASIS,
-WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-See the License for the specific language governing permissions and limitations under the License.
-
-## Additional Terms for Specific Features
-
-The following additional terms apply to the multi-node support, Docker Compose file, Preview Deployments and Multi Server features of Dokploy. In the event of a conflict, these provisions shall take precedence over those in the Apache License:
-
-- **Self-Hosted Version Free**: All features of Dokploy, including multi-node support, Docker Compose file support, Preview Deployments and Multi Server, will always be free to use in the self-hosted version.
-- **Restriction on Resale**: The multi-node support, Docker Compose file support, Preview Deployments and Multi Server features cannot be sold or offered as a service by any party other than the copyright holder without prior written consent.
-- **Modification Distribution**: Any modifications to the multi-node support, Docker Compose file support, Preview Deployments and Multi Server features must be distributed freely and cannot be sold or offered as a service.
-
-For further inquiries or permissions, please contact us directly.

apps/dokploy/__test__/drop/drop.test.test.ts

@@ -121,6 +121,7 @@ const baseApp: ApplicationNested = {
 	updateConfigSwarm: null,
 	username: null,
 	dockerContextPath: null,
+	rollbackActive: false,
 };
 
 describe("unzipDrop using real zip files", () => {

apps/dokploy/__test__/traefik/traefik.test.ts

@@ -5,6 +5,7 @@ import { createRouterConfig } from "@dokploy/server";
 import { expect, test } from "vitest";
 
 const baseApp: ApplicationNested = {
+	rollbackActive: false,
 	applicationId: "",
 	herokuVersion: "",
 	giteaRepository: "",

apps/dokploy/components/dashboard/application/advanced/cluster/modify-swarm-settings.tsx

@@ -130,7 +130,7 @@ const createStringToJSONSchema = (schema: z.ZodTypeAny) => {
 			}
 			try {
 				return JSON.parse(str);
-			} catch (_e) {
+			} catch {
 				ctx.addIssue({ code: "custom", message: "Invalid JSON format" });
 				return z.NEVER;
 			}

apps/dokploy/components/dashboard/application/advanced/import/show-import.tsx

@@ -107,7 +107,7 @@ export const ShowImport = ({ composeId }: Props) => {
 				composeId,
 			});
 			setShowModal(false);
-		} catch (_error) {
+		} catch {
 			toast.error("Error importing template");
 		}
 	};
@@ -126,7 +126,7 @@ export const ShowImport = ({ composeId }: Props) => {
 			});
 			setTemplateInfo(result);
 			setShowModal(true);
-		} catch (_error) {
+		} catch {
 			toast.error("Error processing template");
 		}
 	};

apps/dokploy/components/dashboard/application/advanced/ports/handle-ports.tsx

@@ -35,6 +35,9 @@ import { z } from "zod";
 
 const AddPortSchema = z.object({
 	publishedPort: z.number().int().min(1).max(65535),
+	publishMode: z.enum(["ingress", "host"], {
+		required_error: "Publish mode is required",
+	}),
 	targetPort: z.number().int().min(1).max(65535),
 	protocol: z.enum(["tcp", "udp"], {
 		required_error: "Protocol is required",
@@ -80,6 +83,7 @@ export const HandlePorts = ({
 	useEffect(() => {
 		form.reset({
 			publishedPort: data?.publishedPort ?? 0,
+			publishMode: data?.publishMode ?? "ingress",
 			targetPort: data?.targetPort ?? 0,
 			protocol: data?.protocol ?? "tcp",
 		});
@@ -165,6 +169,32 @@ export const HandlePorts = ({
 									</FormItem>
 								)}
 							/>
+							<FormField
+								control={form.control}
+								name="publishMode"
+								render={({ field }) => {
+									return (
+										<FormItem className="md:col-span-2">
+											<FormLabel>Published Port Mode</FormLabel>
+											<Select
+												onValueChange={field.onChange}
+												value={field.value}
+											>
+												<FormControl>
+													<SelectTrigger>
+														<SelectValue placeholder="Select a publish mode for the port" />
+													</SelectTrigger>
+												</FormControl>
+												<SelectContent>
+													<SelectItem value={"ingress"}>Ingress</SelectItem>
+													<SelectItem value={"host"}>Host</SelectItem>
+												</SelectContent>
+											</Select>
+											<FormMessage />
+										</FormItem>
+									);
+								}}
+							/>
 							<FormField
 								control={form.control}
 								name="targetPort"

apps/dokploy/components/dashboard/application/advanced/ports/show-port.tsx

@@ -60,7 +60,7 @@ export const ShowPorts = ({ applicationId }: Props) => {
 							{data?.ports.map((port) => (
 								<div key={port.portId}>
 									<div className="flex w-full flex-col sm:flex-row sm:items-center justify-between gap-4 sm:gap-10 border rounded-lg p-4">
-										<div className="grid grid-cols-1 sm:grid-cols-2 md:grid-cols-3 flex-col gap-4 sm:gap-8">
+										<div className="grid grid-cols-1 sm:grid-cols-2 md:grid-cols-3 lg:grid-cols-4 flex-col gap-4 sm:gap-8">
 											<div className="flex flex-col gap-1">
 												<span className="font-medium">Published Port</span>
 												<span className="text-sm text-muted-foreground">
@@ -68,7 +68,13 @@ export const ShowPorts = ({ applicationId }: Props) => {
 												</span>
 											</div>
 											<div className="flex flex-col gap-1">
-												<span className="font-medium"> Target Port</span>
+												<span className="font-medium">Published Port Mode</span>
+												<span className="text-sm text-muted-foreground">
+													{port?.publishMode?.toUpperCase()}
+												</span>
+											</div>
+											<div className="flex flex-col gap-1">
+												<span className="font-medium">Target Port</span>
 												<span className="text-sm text-muted-foreground">
 													{port.targetPort}
 												</span>

apps/dokploy/components/dashboard/application/advanced/volumes/update-volume.tsx

@@ -247,7 +247,7 @@ export const UpdateVolume = ({
 										control={form.control}
 										name="content"
 										render={({ field }) => (
-											<FormItem>
+											<FormItem className="max-w-full max-w-[45rem]">
 												<FormLabel>Content</FormLabel>
 												<FormControl>
 													<FormControl>
@@ -256,7 +256,7 @@ export const UpdateVolume = ({
 															placeholder={`NODE_ENV=production
 PORT=3000
 `}
-															className="h-96 font-mono"
+															className="h-96 font-mono w-full"
 															{...field}
 														/>
 													</FormControl>

apps/dokploy/components/dashboard/application/deployments/show-deployments.tsx

@@ -10,11 +10,14 @@ import {
 	CardTitle,
 } from "@/components/ui/card";
 import { type RouterOutputs, api } from "@/utils/api";
-import { Clock, Loader2, RocketIcon } from "lucide-react";
+import { Clock, Loader2, RocketIcon, Settings, RefreshCcw } from "lucide-react";
 import React, { useEffect, useState } from "react";
 import { CancelQueues } from "./cancel-queues";
 import { RefreshToken } from "./refresh-token";
 import { ShowDeployment } from "./show-deployment";
+import { ShowRollbackSettings } from "../rollbacks/show-rollback-settings";
+import { DialogAction } from "@/components/shared/dialog-action";
+import { toast } from "sonner";
 
 interface Props {
 	id: string;
@@ -57,6 +60,11 @@ export const ShowDeployments = ({
 			},
 		);
 
+	const { mutateAsync: rollback, isLoading: isRollingBack } =
+		api.rollback.rollback.useMutation();
+	const { mutateAsync: killProcess, isLoading: isKillingProcess } =
+		api.deployment.killProcess.useMutation();
+
 	const [url, setUrl] = React.useState("");
 	useEffect(() => {
 		setUrl(document.location.origin);
@@ -71,9 +79,18 @@ export const ShowDeployments = ({
 						See all the 10 last deployments for this {type}
 					</CardDescription>
 				</div>
-				{(type === "application" || type === "compose") && (
-					<CancelQueues id={id} type={type} />
-				)}
+				<div className="flex flex-row items-center gap-2">
+					{(type === "application" || type === "compose") && (
+						<CancelQueues id={id} type={type} />
+					)}
+					{type === "application" && (
+						<ShowRollbackSettings applicationId={id}>
+							<Button variant="outline">
+								Configure Rollbacks <Settings className="size-4" />
+							</Button>
+						</ShowRollbackSettings>
+					)}
+				</div>
 			</CardHeader>
 			<CardContent className="flex flex-col gap-4">
 				{refreshToken && (
@@ -154,13 +171,73 @@ export const ShowDeployments = ({
 										)}
 									</div>
 
-									<Button
-										onClick={() => {
-											setActiveLog(deployment);
-										}}
-									>
-										View
-									</Button>
+									<div className="flex flex-row items-center gap-2">
+										{deployment.pid && deployment.status === "running" && (
+											<DialogAction
+												title="Kill Process"
+												description="Are you sure you want to kill the process?"
+												type="default"
+												onClick={async () => {
+													await killProcess({
+														deploymentId: deployment.deploymentId,
+													})
+														.then(() => {
+															toast.success("Process killed successfully");
+														})
+														.catch(() => {
+															toast.error("Error killing process");
+														});
+												}}
+											>
+												<Button
+													variant="destructive"
+													size="sm"
+													isLoading={isKillingProcess}
+												>
+													Kill Process
+												</Button>
+											</DialogAction>
+										)}
+										<Button
+											onClick={() => {
+												setActiveLog(deployment);
+											}}
+										>
+											View
+										</Button>
+
+										{deployment?.rollback &&
+											deployment.status === "done" &&
+											type === "application" && (
+												<DialogAction
+													title="Rollback to this deployment"
+													description="Are you sure you want to rollback to this deployment?"
+													type="default"
+													onClick={async () => {
+														await rollback({
+															rollbackId: deployment.rollback.rollbackId,
+														})
+															.then(() => {
+																toast.success(
+																	"Rollback initiated successfully",
+																);
+															})
+															.catch(() => {
+																toast.error("Error initiating rollback");
+															});
+													}}
+												>
+													<Button
+														variant="secondary"
+														size="sm"
+														isLoading={isRollingBack}
+													>
+														<RefreshCcw className="size-4 text-primary group-hover:text-red-500" />
+														Rollback
+													</Button>
+												</DialogAction>
+											)}
+									</div>
 								</div>
 							</div>
 						))}

apps/dokploy/components/dashboard/application/domains/show-domains.tsx

@@ -39,6 +39,7 @@ export type ValidationState = {
 	error?: string;
 	resolvedIp?: string;
 	message?: string;
+	cdnProvider?: string;
 };
 
 export type ValidationStates = Record<string, ValidationState>;
@@ -119,6 +120,7 @@ export const ShowDomains = ({ id, type }: Props) => {
 					isValid: result.isValid,
 					error: result.error,
 					resolvedIp: result.resolvedIp,
+					cdnProvider: result.cdnProvider,
 					message: result.error && result.isValid ? result.error : undefined,
 				},
 			}));
@@ -354,8 +356,9 @@ export const ShowDomains = ({ id, type }: Props) => {
 																	) : validationState?.isValid ? (
 																		<>
 																			<CheckCircle2 className="size-3 mr-1" />
-																			{validationState.message
-																				? "Behind Cloudflare"
+																			{validationState.message &&
+																			validationState.cdnProvider
+																				? `Behind ${validationState.cdnProvider}`
 																				: "DNS Valid"}
 																		</>
 																	) : validationState?.error ? (

apps/dokploy/components/dashboard/application/general/generic/show.tsx

@@ -16,9 +16,11 @@ import { api } from "@/utils/api";
 import { GitBranch, Loader2, UploadCloud } from "lucide-react";
 import Link from "next/link";
 import { useState } from "react";
+import { toast } from "sonner";
 import { SaveBitbucketProvider } from "./save-bitbucket-provider";
 import { SaveDragNDrop } from "./save-drag-n-drop";
 import { SaveGitlabProvider } from "./save-gitlab-provider";
+import { UnauthorizedGitProvider } from "./unauthorized-git-provider";
 
 type TabState =
 	| "github"
@@ -43,12 +45,31 @@ export const ShowProviderForm = ({ applicationId }: Props) => {
 	const { data: giteaProviders, isLoading: isLoadingGitea } =
 		api.gitea.giteaProviders.useQuery();
 
-	const { data: application } = api.application.one.useQuery({ applicationId });
+	const { data: application, refetch } = api.application.one.useQuery({
+		applicationId,
+	});
+	const { mutateAsync: disconnectGitProvider } =
+		api.application.disconnectGitProvider.useMutation();
+
 	const [tab, setSab] = useState<TabState>(application?.sourceType || "github");
 
 	const isLoading =
 		isLoadingGithub || isLoadingGitlab || isLoadingBitbucket || isLoadingGitea;
 
+	const handleDisconnect = async () => {
+		try {
+			await disconnectGitProvider({ applicationId });
+			toast.success("Repository disconnected successfully");
+			await refetch();
+		} catch (error) {
+			toast.error(
+				`Failed to disconnect repository: ${
+					error instanceof Error ? error.message : "Unknown error"
+				}`,
+			);
+		}
+	};
+
 	if (isLoading) {
 		return (
 			<Card className="group relative w-full bg-transparent">
@@ -77,6 +98,38 @@ export const ShowProviderForm = ({ applicationId }: Props) => {
 		);
 	}
 
+	// Check if user doesn't have access to the current git provider
+	if (
+		application &&
+		!application.hasGitProviderAccess &&
+		application.sourceType !== "docker" &&
+		application.sourceType !== "drop"
+	) {
+		return (
+			<Card className="group relative w-full bg-transparent">
+				<CardHeader>
+					<CardTitle className="flex items-start justify-between">
+						<div className="flex flex-col gap-2">
+							<span className="flex flex-col space-y-0.5">Provider</span>
+							<p className="flex items-center text-sm font-normal text-muted-foreground">
+								Repository connection through unauthorized provider
+							</p>
+						</div>
+						<div className="hidden space-y-1 text-sm font-normal md:block">
+							<GitBranch className="size-6 text-muted-foreground" />
+						</div>
+					</CardTitle>
+				</CardHeader>
+				<CardContent>
+					<UnauthorizedGitProvider
+						service={application}
+						onDisconnect={handleDisconnect}
+					/>
+				</CardContent>
+			</Card>
+		);
+	}
+
 	return (
 		<Card className="group relative w-full bg-transparent">
 			<CardHeader>

apps/dokploy/components/dashboard/application/general/generic/unauthorized-git-provider.tsx

@@ -0,0 +1,149 @@
+import {
+	BitbucketIcon,
+	GitIcon,
+	GiteaIcon,
+	GithubIcon,
+	GitlabIcon,
+} from "@/components/icons/data-tools-icons";
+import { DialogAction } from "@/components/shared/dialog-action";
+import { Alert, AlertDescription } from "@/components/ui/alert";
+import { Button } from "@/components/ui/button";
+import { Card, CardContent, CardHeader, CardTitle } from "@/components/ui/card";
+import type { RouterOutputs } from "@/utils/api";
+import { AlertCircle, GitBranch, Unlink } from "lucide-react";
+
+interface Props {
+	service:
+		| RouterOutputs["application"]["one"]
+		| RouterOutputs["compose"]["one"];
+	onDisconnect: () => void;
+}
+
+export const UnauthorizedGitProvider = ({ service, onDisconnect }: Props) => {
+	const getProviderIcon = (sourceType: string) => {
+		switch (sourceType) {
+			case "github":
+				return <GithubIcon className="size-5 text-muted-foreground" />;
+			case "gitlab":
+				return <GitlabIcon className="size-5 text-muted-foreground" />;
+			case "bitbucket":
+				return <BitbucketIcon className="size-5 text-muted-foreground" />;
+			case "gitea":
+				return <GiteaIcon className="size-5 text-muted-foreground" />;
+			case "git":
+				return <GitIcon className="size-5 text-muted-foreground" />;
+			default:
+				return <GitBranch className="size-5 text-muted-foreground" />;
+		}
+	};
+
+	const getRepositoryInfo = () => {
+		switch (service.sourceType) {
+			case "github":
+				return {
+					repo: service.repository,
+					branch: service.branch,
+					owner: service.owner,
+				};
+			case "gitlab":
+				return {
+					repo: service.gitlabRepository,
+					branch: service.gitlabBranch,
+					owner: service.gitlabOwner,
+				};
+			case "bitbucket":
+				return {
+					repo: service.bitbucketRepository,
+					branch: service.bitbucketBranch,
+					owner: service.bitbucketOwner,
+				};
+			case "gitea":
+				return {
+					repo: service.giteaRepository,
+					branch: service.giteaBranch,
+					owner: service.giteaOwner,
+				};
+			case "git":
+				return {
+					repo: service.customGitUrl,
+					branch: service.customGitBranch,
+					owner: null,
+				};
+			default:
+				return { repo: null, branch: null, owner: null };
+		}
+	};
+
+	const { repo, branch, owner } = getRepositoryInfo();
+
+	return (
+		<div className="space-y-4">
+			<Alert>
+				<AlertCircle className="h-4 w-4" />
+				<AlertDescription>
+					This application is connected to a {service.sourceType} repository
+					through a git provider that you don't have access to. You can see
+					basic repository information below, but cannot modify the
+					configuration.
+				</AlertDescription>
+			</Alert>
+
+			<Card className="border-dashed border-2 border-muted-foreground/20 bg-transparent">
+				<CardHeader>
+					<CardTitle className="flex items-center gap-2">
+						{getProviderIcon(service.sourceType)}
+						<span className="capitalize text-sm font-medium">
+							{service.sourceType} Repository
+						</span>
+					</CardTitle>
+				</CardHeader>
+				<CardContent className="space-y-3">
+					{owner && (
+						<div>
+							<span className="text-sm font-medium text-muted-foreground">
+								Owner:
+							</span>
+							<p className="text-sm">{owner}</p>
+						</div>
+					)}
+					{repo && (
+						<div>
+							<span className="text-sm font-medium text-muted-foreground">
+								Repository:
+							</span>
+							<p className="text-sm">{repo}</p>
+						</div>
+					)}
+					{branch && (
+						<div>
+							<span className="text-sm font-medium text-muted-foreground">
+								Branch:
+							</span>
+							<p className="text-sm">{branch}</p>
+						</div>
+					)}
+
+					<div className="pt-4 border-t">
+						<DialogAction
+							title="Disconnect Repository"
+							description="Are you sure you want to disconnect this repository?"
+							type="default"
+							onClick={async () => {
+								onDisconnect();
+							}}
+						>
+							<Button variant="secondary" className="w-full">
+								<Unlink className="size-4 mr-2" />
+								Disconnect Repository
+							</Button>
+						</DialogAction>
+						<p className="text-xs text-muted-foreground mt-2">
+							Disconnecting will allow you to configure a new repository with
+							your own git providers.
+						</p>
+					</div>
+				</CardContent>
+			</Card>
+		</div>
+	);
+};

apps/dokploy/components/dashboard/application/rollbacks/show-rollback-settings.tsx

@@ -0,0 +1,123 @@
+import { AlertBlock } from "@/components/shared/alert-block";
+import { Button } from "@/components/ui/button";
+import {
+	Dialog,
+	DialogContent,
+	DialogDescription,
+	DialogHeader,
+	DialogTitle,
+	DialogTrigger,
+} from "@/components/ui/dialog";
+import {
+	Form,
+	FormControl,
+	FormDescription,
+	FormField,
+	FormItem,
+	FormLabel,
+} from "@/components/ui/form";
+import { Switch } from "@/components/ui/switch";
+import { api } from "@/utils/api";
+import { zodResolver } from "@hookform/resolvers/zod";
+import { useState } from "react";
+import { useForm } from "react-hook-form";
+import { toast } from "sonner";
+import { z } from "zod";
+
+const formSchema = z.object({
+	rollbackActive: z.boolean(),
+});
+
+type FormValues = z.infer<typeof formSchema>;
+
+interface Props {
+	applicationId: string;
+	children?: React.ReactNode;
+}
+
+export const ShowRollbackSettings = ({ applicationId, children }: Props) => {
+	const [isOpen, setIsOpen] = useState(false);
+	const { data: application, refetch } = api.application.one.useQuery(
+		{
+			applicationId,
+		},
+		{
+			enabled: !!applicationId,
+		},
+	);
+
+	const { mutateAsync: updateApplication, isLoading } =
+		api.application.update.useMutation();
+
+	const form = useForm<FormValues>({
+		resolver: zodResolver(formSchema),
+		defaultValues: {
+			rollbackActive: application?.rollbackActive ?? false,
+		},
+	});
+
+	const onSubmit = async (data: FormValues) => {
+		await updateApplication({
+			applicationId,
+			rollbackActive: data.rollbackActive,
+		})
+			.then(() => {
+				toast.success("Rollback settings updated");
+				setIsOpen(false);
+				refetch();
+			})
+			.catch(() => {
+				toast.error("Failed to update rollback settings");
+			});
+	};
+
+	return (
+		<Dialog open={isOpen} onOpenChange={setIsOpen}>
+			<DialogTrigger asChild>{children}</DialogTrigger>
+			<DialogContent>
+				<DialogHeader>
+					<DialogTitle>Rollback Settings</DialogTitle>
+					<DialogDescription>
+						Configure how rollbacks work for this application
+					</DialogDescription>
+					<AlertBlock>
+						Having rollbacks enabled increases storage usage. Be careful with
+						this option. Note that manually cleaning the cache may delete
+						rollback images, making them unavailable for future rollbacks.
+					</AlertBlock>
+				</DialogHeader>
+
+				<Form {...form}>
+					<form onSubmit={form.handleSubmit(onSubmit)} className="space-y-6">
+						<FormField
+							control={form.control}
+							name="rollbackActive"
+							render={({ field }) => (
+								<FormItem className="flex flex-row items-center justify-between rounded-lg border p-4">
+									<div className="space-y-0.5">
+										<FormLabel className="text-base">
+											Enable Rollbacks
+										</FormLabel>
+										<FormDescription>
+											Allow rolling back to previous deployments
+										</FormDescription>
+									</div>
+									<FormControl>
+										<Switch
+											checked={field.value}
+											onCheckedChange={field.onChange}
+										/>
+									</FormControl>
+								</FormItem>
+							)}
+						/>
+
+						<Button type="submit" className="w-full" isLoading={isLoading}>
+							Save Settings
+						</Button>
+					</form>
+				</Form>
+			</DialogContent>
+		</Dialog>
+	);
+};

apps/dokploy/components/dashboard/application/schedules/show-schedules.tsx

@@ -166,12 +166,16 @@ export const ShowSchedules = ({ id, scheduleType = "application" }: Props) => {
 
 															await runManually({
 																scheduleId: schedule.scheduleId,
-															}).then(async () => {
-																await new Promise((resolve) =>
-																	setTimeout(resolve, 1500),
-																);
-																refetchSchedules();
-															});
+															})
+																.then(async () => {
+																	await new Promise((resolve) =>
+																		setTimeout(resolve, 1500),
+																	);
+																	refetchSchedules();
+																})
+																.catch(() => {
+																	toast.error("Error running schedule");
+																});
 														}}
 													>
 														<Play className="size-4  transition-colors" />

apps/dokploy/components/dashboard/compose/general/compose-file-editor.tsx

@@ -44,8 +44,10 @@ export const ComposeFileEditor = ({ composeId }: Props) => {
 		resolver: zodResolver(AddComposeFile),
 	});
 
+	const composeFile = form.watch("composeFile");
+
 	useEffect(() => {
-		if (data) {
+		if (data && !composeFile) {
 			form.reset({
 				composeFile: data.composeFile || "",
 			});
@@ -75,7 +77,7 @@ export const ComposeFileEditor = ({ composeId }: Props) => {
 					composeId,
 				});
 			})
-			.catch((_e) => {
+			.catch(() => {
 				toast.error("Error updating the Compose config");
 			});
 	};

apps/dokploy/components/dashboard/compose/general/generic/show.tsx

@@ -18,6 +18,8 @@ import { SaveGitProviderCompose } from "./save-git-provider-compose";
 import { SaveGiteaProviderCompose } from "./save-gitea-provider-compose";
 import { SaveGithubProviderCompose } from "./save-github-provider-compose";
 import { SaveGitlabProviderCompose } from "./save-gitlab-provider-compose";
+import { UnauthorizedGitProvider } from "@/components/dashboard/application/general/generic/unauthorized-git-provider";
+import { toast } from "sonner";
 
 type TabState = "github" | "git" | "raw" | "gitlab" | "bitbucket" | "gitea";
 interface Props {
@@ -34,12 +36,29 @@ export const ShowProviderFormCompose = ({ composeId }: Props) => {
 	const { data: giteaProviders, isLoading: isLoadingGitea } =
 		api.gitea.giteaProviders.useQuery();
 
-	const { data: compose } = api.compose.one.useQuery({ composeId });
+	const { mutateAsync: disconnectGitProvider } =
+		api.compose.disconnectGitProvider.useMutation();
+
+	const { data: compose, refetch } = api.compose.one.useQuery({ composeId });
 	const [tab, setSab] = useState<TabState>(compose?.sourceType || "github");
 
 	const isLoading =
 		isLoadingGithub || isLoadingGitlab || isLoadingBitbucket || isLoadingGitea;
 
+	const handleDisconnect = async () => {
+		try {
+			await disconnectGitProvider({ composeId });
+			toast.success("Repository disconnected successfully");
+			await refetch();
+		} catch (error) {
+			toast.error(
+				`Failed to disconnect repository: ${
+					error instanceof Error ? error.message : "Unknown error"
+				}`,
+			);
+		}
+	};
+
 	if (isLoading) {
 		return (
 			<Card className="group relative w-full bg-transparent">
@@ -68,6 +87,37 @@ export const ShowProviderFormCompose = ({ composeId }: Props) => {
 		);
 	}
 
+	// Check if user doesn't have access to the current git provider
+	if (
+		compose &&
+		!compose.hasGitProviderAccess &&
+		compose.sourceType !== "raw"
+	) {
+		return (
+			<Card className="group relative w-full bg-transparent">
+				<CardHeader>
+					<CardTitle className="flex items-start justify-between">
+						<div className="flex flex-col gap-2">
+							<span className="flex flex-col space-y-0.5">Provider</span>
+							<p className="flex items-center text-sm font-normal text-muted-foreground">
+								Repository connection through unauthorized provider
+							</p>
+						</div>
+						<div className="hidden space-y-1 text-sm font-normal md:block">
+							<GitBranch className="size-6 text-muted-foreground" />
+						</div>
+					</CardTitle>
+				</CardHeader>
+				<CardContent>
+					<UnauthorizedGitProvider
+						service={compose}
+						onDisconnect={handleDisconnect}
+					/>
+				</CardContent>
+			</Card>
+		);
+	}
+
 	return (
 		<Card className="group relative w-full bg-transparent">
 			<CardHeader>

apps/dokploy/components/dashboard/compose/general/show-converted-compose.tsx

@@ -40,7 +40,7 @@ export const ShowConvertedCompose = ({ composeId }: Props) => {
 				.then(() => {
 					refetch();
 				})
-				.catch((_err) => {});
+				.catch(() => {});
 		}
 	}, [isOpen]);
 

apps/dokploy/components/dashboard/project/add-application.tsx

@@ -103,7 +103,7 @@ export const AddApplication = ({ projectId, projectName }: Props) => {
 					projectId,
 				});
 			})
-			.catch((_e) => {
+			.catch(() => {
 				toast.error("Error creating the service");
 			});
 	};

apps/dokploy/components/dashboard/projects/handle-project.tsx

@@ -38,7 +38,7 @@ const AddProjectSchema = z.object({
 			(name) => {
 				const trimmedName = name.trim();
 				const validNameRegex =
-					/^[\p{L}\p{N}_-][\p{L}\p{N}\s_-]*[\p{L}\p{N}_-]$/u;
+					/^[\p{L}\p{N}_-][\p{L}\p{N}\s_.-]*[\p{L}\p{N}_-]$/u;
 				return validNameRegex.test(trimmedName);
 			},
 			{

apps/dokploy/components/dashboard/settings/certificates/utils.ts

@@ -1,80 +1,93 @@
+// @ts-nocheck
+
 export const extractExpirationDate = (certData: string): Date | null => {
 	try {
-		const match = certData.match(
-			/-----BEGIN CERTIFICATE-----\s*([^-]+)\s*-----END CERTIFICATE-----/,
-		);
-		if (!match?.[1]) return null;
-
-		const base64Cert = match[1].replace(/\s/g, "");
-		const binaryStr = window.atob(base64Cert);
-		const bytes = new Uint8Array(binaryStr.length);
-
-		for (let i = 0; i < binaryStr.length; i++) {
-			bytes[i] = binaryStr.charCodeAt(i);
+		// Decode PEM base64 to DER binary
+		const b64 = certData.replace(/-----[^-]+-----/g, "").replace(/\s+/g, "");
+		const binStr = atob(b64);
+		const der = new Uint8Array(binStr.length);
+		for (let i = 0; i < binStr.length; i++) {
+			der[i] = binStr.charCodeAt(i);
 		}
 
-		// ASN.1 tag for UTCTime is 0x17, GeneralizedTime is 0x18
-		// We need to find the second occurrence of either tag as it's the "not after" (expiration) date
-		let dateFound = false;
-		for (let i = 0; i < bytes.length - 2; i++) {
-			// Look for sequence containing validity period (0x30)
-			if (bytes[i] === 0x30) {
-				// Check next bytes for UTCTime or GeneralizedTime
-				let j = i + 1;
-				while (j < bytes.length - 2) {
-					if (bytes[j] === 0x17 || bytes[j] === 0x18) {
-						const dateType = bytes[j];
-						const dateLength = bytes[j + 1];
-						if (typeof dateLength === "undefined") break;
+		let offset = 0;
 
-						if (!dateFound) {
-							// Skip "not before" date
-							dateFound = true;
-							j += dateLength + 2;
-							continue;
-						}
-
-						// Found "not after" date
-						let dateStr = "";
-						for (let k = 0; k < dateLength; k++) {
-							const charCode = bytes[j + 2 + k];
-							if (typeof charCode === "undefined") continue;
-							dateStr += String.fromCharCode(charCode);
-						}
-
-						if (dateType === 0x17) {
-							// UTCTime (YYMMDDhhmmssZ)
-							const year = Number.parseInt(dateStr.slice(0, 2));
-							const fullYear = year >= 50 ? 1900 + year : 2000 + year;
-							return new Date(
-								Date.UTC(
-									fullYear,
-									Number.parseInt(dateStr.slice(2, 4)) - 1,
-									Number.parseInt(dateStr.slice(4, 6)),
-									Number.parseInt(dateStr.slice(6, 8)),
-									Number.parseInt(dateStr.slice(8, 10)),
-									Number.parseInt(dateStr.slice(10, 12)),
-								),
-							);
-						}
-
-						// GeneralizedTime (YYYYMMDDhhmmssZ)
-						return new Date(
-							Date.UTC(
-								Number.parseInt(dateStr.slice(0, 4)),
-								Number.parseInt(dateStr.slice(4, 6)) - 1,
-								Number.parseInt(dateStr.slice(6, 8)),
-								Number.parseInt(dateStr.slice(8, 10)),
-								Number.parseInt(dateStr.slice(10, 12)),
-								Number.parseInt(dateStr.slice(12, 14)),
-							),
-						);
-					}
-					j++;
+		// Helper: read ASN.1 length field
+		function readLength(pos: number): { length: number; offset: number } {
+			// biome-ignore lint/style/noParameterAssign: <explanation>
+			let len = der[pos++];
+			if (len & 0x80) {
+				const bytes = len & 0x7f;
+				len = 0;
+				for (let i = 0; i < bytes; i++) {
+					// biome-ignore lint/style/noParameterAssign: <explanation>
+					len = (len << 8) + der[pos++];
 				}
 			}
+			return { length: len, offset: pos };
 		}
-		return null;
+
+		// Skip the outer certificate sequence
+		if (der[offset++] !== 0x30) throw new Error("Expected sequence");
+		({ offset } = readLength(offset));
+
+		// Skip tbsCertificate sequence
+		if (der[offset++] !== 0x30) throw new Error("Expected tbsCertificate");
+		({ offset } = readLength(offset));
+
+		// Check for optional version field (context-specific tag [0])
+		if (der[offset] === 0xa0) {
+			offset++;
+			const versionLen = readLength(offset);
+			offset = versionLen.offset + versionLen.length;
+		}
+
+		// Skip serialNumber, signature, issuer
+		for (let i = 0; i < 3; i++) {
+			if (der[offset] !== 0x30 && der[offset] !== 0x02)
+				throw new Error("Unexpected structure");
+			offset++;
+			const fieldLen = readLength(offset);
+			offset = fieldLen.offset + fieldLen.length;
+		}
+
+		// Validity sequence (notBefore and notAfter)
+		if (der[offset++] !== 0x30) throw new Error("Expected validity sequence");
+		const validityLen = readLength(offset);
+		offset = validityLen.offset;
+
+		// notBefore
+		offset++;
+		const notBeforeLen = readLength(offset);
+		offset = notBeforeLen.offset + notBeforeLen.length;
+
+		// notAfter
+		offset++;
+		const notAfterLen = readLength(offset);
+		const notAfterStr = new TextDecoder().decode(
+			der.slice(notAfterLen.offset, notAfterLen.offset + notAfterLen.length),
+		);
+
+		// Parse GeneralizedTime (15 chars) or UTCTime (13 chars)
+		function parseTime(str: string): Date {
+			if (str.length === 13) {
+				// UTCTime YYMMDDhhmmssZ
+				const year = Number.parseInt(str.slice(0, 2), 10);
+				const fullYear = year < 50 ? 2000 + year : 1900 + year;
+				return new Date(
+					`${fullYear}-${str.slice(2, 4)}-${str.slice(4, 6)}T${str.slice(6, 8)}:${str.slice(8, 10)}:${str.slice(10, 12)}Z`,
+				);
+			}
+			if (str.length === 15) {
+				// GeneralizedTime YYYYMMDDhhmmssZ
+				return new Date(
+					`${str.slice(0, 4)}-${str.slice(4, 6)}-${str.slice(6, 8)}T${str.slice(8, 10)}:${str.slice(10, 12)}:${str.slice(12, 14)}Z`,
+				);
+			}
+			throw new Error("Invalid ASN.1 time format");
+		}
+
+		return parseTime(notAfterStr);
 	} catch (error) {
 		console.error("Error parsing certificate:", error);
 		return null;

apps/dokploy/components/dashboard/settings/cluster/nodes/show-nodes-modal.tsx

@@ -20,7 +20,7 @@ export const ShowNodesModal = ({ serverId }: Props) => {
 					Show Swarm Nodes
 				</DropdownMenuItem>
 			</DialogTrigger>
-			<DialogContent className="sm:max-w-5xl  overflow-y-auto max-h-screen ">
+			<DialogContent className="min-w-[70vw] overflow-y-auto max-h-screen">
 				<div className="grid w-full gap-1">
 					<ShowNodes serverId={serverId} />
 				</div>

apps/dokploy/components/dashboard/settings/cluster/nodes/show-nodes.tsx

@@ -87,7 +87,7 @@ export const ShowNodes = ({ serverId }: Props) => {
 									</TableCaption>
 									<TableHeader>
 										<TableRow>
-											<TableHead className="w-[100px]">Hostname</TableHead>
+											<TableHead className="text-left">Hostname</TableHead>
 											<TableHead className="text-right">Status</TableHead>
 											<TableHead className="text-right">Role</TableHead>
 											<TableHead className="text-right">Availability</TableHead>
@@ -104,7 +104,7 @@ export const ShowNodes = ({ serverId }: Props) => {
 											const isManager = node.Spec.Role === "manager";
 											return (
 												<TableRow key={node.ID}>
-													<TableCell className="w-[100px]">
+													<TableCell className="text-left">
 														{node.Description.Hostname}
 													</TableCell>
 													<TableCell className="text-right">

apps/dokploy/components/dashboard/settings/git/github/add-github-provider.tsx

@@ -18,6 +18,7 @@ import { useEffect, useState } from "react";
 export const AddGithubProvider = () => {
 	const [isOpen, setIsOpen] = useState(false);
 	const { data: activeOrganization } = authClient.useActiveOrganization();
+	const { data: session } = authClient.useSession();
 	const { data } = api.user.get.useQuery();
 	const [manifest, setManifest] = useState("");
 	const [isOrganization, setIsOrganization] = useState(false);
@@ -27,7 +28,7 @@ export const AddGithubProvider = () => {
 		const url = document.location.origin;
 		const manifest = JSON.stringify(
 			{
-				redirect_url: `${origin}/api/providers/github/setup?organizationId=${activeOrganization?.id}`,
+				redirect_url: `${origin}/api/providers/github/setup?organizationId=${activeOrganization?.id}&userId=${session?.user?.id}`,
 				name: `Dokploy-${format(new Date(), "yyyy-MM-dd")}`,
 				url: origin,
 				hook_attributes: {

apps/dokploy/components/dashboard/settings/notifications/handle-notifications.tsx

@@ -1063,7 +1063,7 @@ export const HandleNotifications = ({ notificationId }: Props) => {
 										});
 									}
 									toast.success("Connection Success");
-								} catch (_err) {
+								} catch {
 									toast.error("Error testing the provider");
 								}
 							}}

apps/dokploy/components/dashboard/settings/profile/disable-2fa.tsx

@@ -63,7 +63,7 @@ export const Disable2FA = () => {
 			toast.success("2FA disabled successfully");
 			utils.user.get.invalidate();
 			setIsOpen(false);
-		} catch (_error) {
+		} catch {
 			form.setError("password", {
 				message: "Connection error. Please try again.",
 			});

apps/dokploy/components/dashboard/settings/servers/actions/toggle-docker-cleanup.tsx

@@ -36,7 +36,7 @@ export const ToggleDockerCleanup = ({ serverId }: Props) => {
 				await refetch();
 			}
 			toast.success("Docker Cleanup updated");
-		} catch (_error) {
+		} catch {
 			toast.error("Docker Cleanup Error");
 		}
 	};

apps/dokploy/components/dashboard/settings/servers/gpu-support.tsx

@@ -56,7 +56,7 @@ export function GPUSupport({ serverId }: GPUSupportProps) {
 		try {
 			await utils.settings.checkGPUStatus.invalidate({ serverId });
 			await refetch();
-		} catch (_error) {
+		} catch {
 			toast.error("Failed to refresh GPU status");
 		} finally {
 			setIsRefreshing(false);
@@ -74,7 +74,7 @@ export function GPUSupport({ serverId }: GPUSupportProps) {
 
 		try {
 			await setupGPU.mutateAsync({ serverId });
-		} catch (_error) {
+		} catch {
 			// Error handling is done in mutation's onError
 		}
 	};

apps/dokploy/components/dashboard/settings/servers/show-servers.tsx

@@ -141,7 +141,7 @@ export const ShowServers = () => {
 													</TableCaption>
 													<TableHeader>
 														<TableRow>
-															<TableHead className="w-[100px]">Name</TableHead>
+															<TableHead className="text-left">Name</TableHead>
 															{isCloud && (
 																<TableHead className="text-center">
 																	Status
@@ -173,7 +173,7 @@ export const ShowServers = () => {
 															const isActive = server.serverStatus === "active";
 															return (
 																<TableRow key={server.serverId}>
-																	<TableCell className="w-[100px]">
+																	<TableCell className="text-left">
 																		{server.name}
 																	</TableCell>
 																	{isCloud && (

apps/dokploy/components/dashboard/settings/users/add-invitation.tsx

@@ -41,6 +41,7 @@ const addInvitation = z.object({
 		.min(1, "Email is required")
 		.email({ message: "Invalid email" }),
 	role: z.enum(["member", "admin"]),
+	notificationId: z.string().optional(),
 });
 
 type AddInvitation = z.infer<typeof addInvitation>;
@@ -49,6 +50,10 @@ export const AddInvitation = () => {
 	const [open, setOpen] = useState(false);
 	const utils = api.useUtils();
 	const [isLoading, setIsLoading] = useState(false);
+	const { data: isCloud } = api.settings.isCloud.useQuery();
+	const { data: emailProviders } =
+		api.notification.getEmailProviders.useQuery();
+	const { mutateAsync: sendInvitation } = api.user.sendInvitation.useMutation();
 	const [error, setError] = useState<string | null>(null);
 	const { data: activeOrganization } = authClient.useActiveOrganization();
 
@@ -56,6 +61,7 @@ export const AddInvitation = () => {
 		defaultValues: {
 			email: "",
 			role: "member",
+			notificationId: "",
 		},
 		resolver: zodResolver(addInvitation),
 	});
@@ -74,7 +80,20 @@ export const AddInvitation = () => {
 		if (result.error) {
 			setError(result.error.message || "");
 		} else {
-			toast.success("Invitation created");
+			if (!isCloud && data.notificationId) {
+				await sendInvitation({
+					invitationId: result.data.id,
+					notificationId: data.notificationId || "",
+				})
+					.then(() => {
+						toast.success("Invitation created and email sent");
+					})
+					.catch((error: any) => {
+						toast.error(error.message);
+					});
+			} else {
+				toast.success("Invitation created");
+			}
 			setError(null);
 			setOpen(false);
 		}
@@ -149,6 +168,47 @@ export const AddInvitation = () => {
 								);
 							}}
 						/>
+
+						{!isCloud && (
+							<FormField
+								control={form.control}
+								name="notificationId"
+								render={({ field }) => {
+									return (
+										<FormItem>
+											<FormLabel>Email Provider</FormLabel>
+											<Select
+												onValueChange={field.onChange}
+												defaultValue={field.value}
+											>
+												<FormControl>
+													<SelectTrigger>
+														<SelectValue placeholder="Select an email provider" />
+													</SelectTrigger>
+												</FormControl>
+												<SelectContent>
+													{emailProviders?.map((provider) => (
+														<SelectItem
+															key={provider.notificationId}
+															value={provider.notificationId}
+														>
+															{provider.name}
+														</SelectItem>
+													))}
+													<SelectItem value="none" disabled>
+														None
+													</SelectItem>
+												</SelectContent>
+											</Select>
+											<FormDescription>
+												Select the email provider to send the invitation
+											</FormDescription>
+											<FormMessage />
+										</FormItem>
+									);
+								}}
+							/>
+						)}
 						<DialogFooter className="flex w-full flex-row">
 							<Button
 								isLoading={isLoading}

apps/dokploy/components/dashboard/settings/users/show-invitations.tsx

@@ -146,7 +146,7 @@ export const ShowInvitations = () => {
 																				{invitation.status === "pending" && (
 																					<DropdownMenuItem
 																						className="w-full cursor-pointer"
-																						onSelect={(_e) => {
+																						onSelect={() => {
 																							copy(
 																								`${origin}/invitation?token=${invitation.id}`,
 																							);
@@ -162,7 +162,7 @@ export const ShowInvitations = () => {
 																				{invitation.status === "pending" && (
 																					<DropdownMenuItem
 																						className="w-full cursor-pointer"
-																						onSelect={async (_e) => {
+																						onSelect={async () => {
 																							const result =
 																								await authClient.organization.cancelInvitation(
 																									{
@@ -189,7 +189,7 @@ export const ShowInvitations = () => {
 																		)}
 																		<DropdownMenuItem
 																			className="w-full cursor-pointer"
-																			onSelect={async (_e) => {
+																			onSelect={async () => {
 																				await removeInvitation({
 																					invitationId: invitation.id,
 																				}).then(() => {

apps/dokploy/components/dashboard/settings/web-server/manage-traefik-ports.tsx

@@ -91,7 +91,7 @@ export const ManageTraefikPorts = ({ children, serverId }: Props) => {
 			});
 			toast.success(t("settings.server.webServer.traefik.portsUpdated"));
 			setOpen(false);
-		} catch (_error) {}
+		} catch {}
 	};
 
 	return (

apps/dokploy/components/layouts/dashboard-layout.tsx

@@ -1,7 +1,7 @@
 import { api } from "@/utils/api";
 import { ImpersonationBar } from "../dashboard/impersonation/impersonation-bar";
-import Page from "./side";
 import { ChatwootWidget } from "../shared/ChatwootWidget";
+import Page from "./side";
 
 interface Props {
 	children: React.ReactNode;

apps/dokploy/components/ui/badge.tsx

@@ -4,7 +4,7 @@ import type * as React from "react";
 import { cn } from "@/lib/utils";
 
 const badgeVariants = cva(
-	"inline-flex items-center rounded-full border px-2.5 py-0.5 text-xs font-semibold transition-colors focus:outline-none focus:ring-2 focus:ring-ring focus:ring-offset-2",
+	"inline-flex items-center rounded-full border px-2.5 py-0.5 text-xs font-semibold whitespace-nowrap transition-colors focus:outline-none focus:ring-2 focus:ring-ring focus:ring-offset-2",
 	{
 		variants: {
 			variant: {

apps/dokploy/components/ui/popover.tsx

@@ -17,7 +17,7 @@ const PopoverContent = React.forwardRef<
 			align={align}
 			sideOffset={sideOffset}
 			className={cn(
-				"z-50 w-72 rounded-md border bg-popover p-4 text-popover-foreground shadow-md outline-none data-[state=open]:animate-in data-[state=closed]:animate-out data-[state=closed]:fade-out-0 data-[state=open]:fade-in-0 data-[state=closed]:zoom-out-95 data-[state=open]:zoom-in-95 data-[side=bottom]:slide-in-from-top-2 data-[side=left]:slide-in-from-right-2 data-[side=right]:slide-in-from-left-2 data-[side=top]:slide-in-from-bottom-2",
+				"z-50 w-full rounded-md border bg-popover p-4 text-popover-foreground shadow-md outline-none data-[state=open]:animate-in data-[state=closed]:animate-out data-[state=closed]:fade-out-0 data-[state=open]:fade-in-0 data-[state=closed]:zoom-out-95 data-[state=open]:zoom-in-95 data-[side=bottom]:slide-in-from-top-2 data-[side=left]:slide-in-from-right-2 data-[side=right]:slide-in-from-left-2 data-[side=top]:slide-in-from-bottom-2",
 				className,
 			)}
 			{...props}

apps/dokploy/drizzle/0093_nice_gorilla_man.sql

@@ -0,0 +1,3 @@
+ALTER TABLE "user_temp" ALTER COLUMN "logCleanupCron" SET DEFAULT '0 0 * * *';
+
+UPDATE "user_temp" SET "logCleanupCron" = '0 0 * * *' WHERE "logCleanupCron" IS NULL;

apps/dokploy/drizzle/0094_numerous_carmella_unuscione.sql

@@ -0,0 +1,14 @@
+ALTER TABLE "git_provider" ADD COLUMN "userId" text;--> statement-breakpoint
+
+-- Update existing git providers to be owned by the organization owner
+-- We can get the owner_id directly from the organization table
+UPDATE "git_provider" 
+SET "userId" = (
+    SELECT o."owner_id" 
+    FROM "organization" o 
+    WHERE o.id = "git_provider"."organizationId"
+);--> statement-breakpoint
+
+-- Now make the column NOT NULL since all rows should have values
+ALTER TABLE "git_provider" ALTER COLUMN "userId" SET NOT NULL;--> statement-breakpoint
+ALTER TABLE "git_provider" ADD CONSTRAINT "git_provider_userId_user_temp_id_fk" FOREIGN KEY ("userId") REFERENCES "public"."user_temp"("id") ON DELETE cascade ON UPDATE no action;

apps/dokploy/drizzle/0095_curly_justice.sql

@@ -0,0 +1,13 @@
+CREATE TABLE "rollback" (
+	"rollbackId" text PRIMARY KEY NOT NULL,
+	"deploymentId" text NOT NULL,
+	"version" serial NOT NULL,
+	"image" text,
+	"createdAt" text NOT NULL,
+	"fullContext" jsonb
+);
+--> statement-breakpoint
+ALTER TABLE "application" ADD COLUMN "rollbackActive" boolean DEFAULT false;--> statement-breakpoint
+ALTER TABLE "deployment" ADD COLUMN "rollbackId" text;--> statement-breakpoint
+ALTER TABLE "rollback" ADD CONSTRAINT "rollback_deploymentId_deployment_deploymentId_fk" FOREIGN KEY ("deploymentId") REFERENCES "public"."deployment"("deploymentId") ON DELETE cascade ON UPDATE no action;--> statement-breakpoint
+ALTER TABLE "deployment" ADD CONSTRAINT "deployment_rollbackId_rollback_rollbackId_fk" FOREIGN KEY ("rollbackId") REFERENCES "public"."rollback"("rollbackId") ON DELETE cascade ON UPDATE no action;

apps/dokploy/drizzle/0096_small_shaman.sql

@@ -0,0 +1,3 @@
+ALTER TABLE "rollback" DROP CONSTRAINT "rollback_deploymentId_deployment_deploymentId_fk";
+--> statement-breakpoint
+ALTER TABLE "rollback" ADD CONSTRAINT "rollback_deploymentId_deployment_deploymentId_fk" FOREIGN KEY ("deploymentId") REFERENCES "public"."deployment"("deploymentId") ON DELETE set null ON UPDATE no action;

apps/dokploy/drizzle/0097_hard_lizard.sql

@@ -0,0 +1,3 @@
+ALTER TABLE "rollback" DROP CONSTRAINT "rollback_deploymentId_deployment_deploymentId_fk";
+--> statement-breakpoint
+ALTER TABLE "rollback" ADD CONSTRAINT "rollback_deploymentId_deployment_deploymentId_fk" FOREIGN KEY ("deploymentId") REFERENCES "public"."deployment"("deploymentId") ON DELETE cascade ON UPDATE no action;

apps/dokploy/drizzle/0098_conscious_chat.sql

@@ -0,0 +1 @@
+ALTER TABLE "deployment" ADD COLUMN "pid" text;

apps/dokploy/drizzle/0099_wise_golden_guardian.sql

@@ -0,0 +1,2 @@
+CREATE TYPE "public"."publishModeType" AS ENUM('ingress', 'host');--> statement-breakpoint
+ALTER TABLE "port" ADD COLUMN "publishMode" "publishModeType" DEFAULT 'host' NOT NULL;

apps/dokploy/drizzle/meta/_journal.json

@@ -652,6 +652,55 @@
       "when": 1747713229160,
       "tag": "0092_stiff_the_watchers",
       "breakpoints": true
+    },
+    {
+      "idx": 93,
+      "version": "7",
+      "when": 1750397258622,
+      "tag": "0093_nice_gorilla_man",
+      "breakpoints": true
+    },
+    {
+      "idx": 94,
+      "version": "7",
+      "when": 1750559214977,
+      "tag": "0094_numerous_carmella_unuscione",
+      "breakpoints": true
+    },
+    {
+      "idx": 95,
+      "version": "7",
+      "when": 1750562292392,
+      "tag": "0095_curly_justice",
+      "breakpoints": true
+    },
+    {
+      "idx": 96,
+      "version": "7",
+      "when": 1750566830268,
+      "tag": "0096_small_shaman",
+      "breakpoints": true
+    },
+    {
+      "idx": 97,
+      "version": "7",
+      "when": 1750567641441,
+      "tag": "0097_hard_lizard",
+      "breakpoints": true
+    },
+    {
+      "idx": 98,
+      "version": "7",
+      "when": 1751233265357,
+      "tag": "0098_conscious_chat",
+      "breakpoints": true
+    },
+    {
+      "idx": 99,
+      "version": "7",
+      "when": 1751693569786,
+      "tag": "0099_wise_golden_guardian",
+      "breakpoints": true
     }
   ]
 }

apps/dokploy/esbuild.config.ts

@@ -21,6 +21,7 @@ try {
 			entryPoints: {
 				server: "server/server.ts",
 				"reset-password": "reset-password.ts",
+				"reset-2fa": "reset-2fa.ts",
 			},
 			bundle: true,
 			platform: "node",

apps/dokploy/package.json

@@ -1,6 +1,6 @@
 {
 	"name": "dokploy",
-	"version": "v0.22.7",
+	"version": "v0.23.7",
 	"private": true,
 	"license": "Apache-2.0",
 	"type": "module",
@@ -11,6 +11,7 @@
 		"build-next": "next build",
 		"setup": "tsx -r dotenv/config setup.ts && sleep 5 && pnpm run migration:run",
 		"reset-password": "node -r dotenv/config dist/reset-password.mjs",
+		"reset-2fa": "node -r dotenv/config dist/reset-2fa.mjs",
 		"dev": "tsx -r dotenv/config ./server/server.ts  --project tsconfig.server.json ",
 		"dev-turbopack": "TURBOPACK=1 tsx -r dotenv/config ./server/server.ts  --project tsconfig.server.json",
 		"studio": "drizzle-kit studio --config ./server/db/drizzle.config.ts",
@@ -36,8 +37,6 @@
 		"test": "vitest --config __test__/vitest.config.ts"
 	},
 	"dependencies": {
-		"pino": "9.4.0",
-		"pino-pretty": "11.2.2",
 		"@ai-sdk/anthropic": "^1.0.6",
 		"@ai-sdk/azure": "^1.0.15",
 		"@ai-sdk/cohere": "^1.0.6",
@@ -127,6 +126,8 @@
 		"octokit": "3.1.2",
 		"ollama-ai-provider": "^1.1.0",
 		"otpauth": "^9.2.3",
+		"pino": "9.4.0",
+		"pino-pretty": "11.2.2",
 		"postgres": "3.4.4",
 		"public-ip": "6.0.2",
 		"qrcode": "^1.5.3",
@@ -147,13 +148,13 @@
 		"swagger-ui-react": "^5.17.14",
 		"tailwind-merge": "^2.2.0",
 		"tailwindcss-animate": "^1.0.7",
+		"toml": "3.0.0",
 		"undici": "^6.19.2",
 		"use-resize-observer": "9.1.0",
 		"ws": "8.16.0",
 		"xterm-addon-fit": "^0.8.0",
 		"zod": "^3.23.4",
-		"zod-form-data": "^2.0.2",
-		"toml": "3.0.0"
+		"zod-form-data": "^2.0.2"
 	},
 	"devDependencies": {
 		"@types/adm-zip": "^0.5.5",

apps/dokploy/pages/api/providers/github/setup.ts

@@ -10,13 +10,14 @@ type Query = {
 	state: string;
 	installation_id: string;
 	setup_action: string;
+	userId: string;
 };
 
 export default async function handler(
 	req: NextApiRequest,
 	res: NextApiResponse,
 ) {
-	const { code, state, installation_id }: Query = req.query as Query;
+	const { code, state, installation_id, userId }: Query = req.query as Query;
 
 	if (!code) {
 		return res.status(400).json({ error: "Missing code parameter" });
@@ -44,6 +45,7 @@ export default async function handler(
 				githubPrivateKey: data.pem,
 			},
 			value as string,
+			userId,
 		);
 	} else if (action === "gh_setup") {
 		await db

apps/dokploy/pages/dashboard/docker.tsx

@@ -72,7 +72,7 @@ export async function getServerSideProps(
 				trpcState: helpers.dehydrate(),
 			},
 		};
-	} catch (_error) {
+	} catch {
 		return {
 			props: {},
 		};

apps/dokploy/pages/dashboard/project/[projectId].tsx

@@ -390,7 +390,7 @@ const Project = (
 						break;
 				}
 				success++;
-			} catch (_error) {
+			} catch {
 				toast.error(`Error starting service ${serviceId}`);
 			}
 		}
@@ -437,7 +437,7 @@ const Project = (
 						break;
 				}
 				success++;
-			} catch (_error) {
+			} catch {
 				toast.error(`Error stopping service ${serviceId}`);
 			}
 		}
@@ -1107,7 +1107,7 @@ export async function getServerSideProps(
 					projectId: params?.projectId,
 				},
 			};
-		} catch (_error) {
+		} catch {
 			return {
 				redirect: {
 					permanent: false,

apps/dokploy/pages/dashboard/project/[projectId]/services/application/[applicationId].tsx

@@ -413,7 +413,7 @@ export async function getServerSideProps(
 					activeTab: (activeTab || "general") as TabState,
 				},
 			};
-		} catch (_error) {
+		} catch {
 			return {
 				redirect: {
 					permanent: false,

apps/dokploy/pages/dashboard/project/[projectId]/services/compose/[composeId].tsx

@@ -74,12 +74,7 @@ const Service = (
 		}
 	}, [router.query.tab]);
 
-	const { data } = api.compose.one.useQuery(
-		{ composeId },
-		{
-			refetchInterval: 5000,
-		},
-	);
+	const { data } = api.compose.one.useQuery({ composeId });
 
 	const { data: auth } = api.user.get.useQuery();
 	const { data: isCloud } = api.settings.isCloud.useQuery();
@@ -414,7 +409,7 @@ export async function getServerSideProps(
 					activeTab: (activeTab || "general") as TabState,
 				},
 			};
-		} catch (_error) {
+		} catch {
 			return {
 				redirect: {
 					permanent: false,

apps/dokploy/pages/dashboard/project/[projectId]/services/mariadb/[mariadbId].tsx

@@ -338,7 +338,7 @@ export async function getServerSideProps(
 					activeTab: (activeTab || "general") as TabState,
 				},
 			};
-		} catch (_error) {
+		} catch {
 			return {
 				redirect: {
 					permanent: false,

apps/dokploy/pages/dashboard/project/[projectId]/services/mongo/[mongoId].tsx

@@ -340,7 +340,7 @@ export async function getServerSideProps(
 					activeTab: (activeTab || "general") as TabState,
 				},
 			};
-		} catch (_error) {
+		} catch {
 			return {
 				redirect: {
 					permanent: false,

apps/dokploy/pages/dashboard/project/[projectId]/services/mysql/[mysqlId].tsx

@@ -324,7 +324,7 @@ export async function getServerSideProps(
 					activeTab: (activeTab || "general") as TabState,
 				},
 			};
-		} catch (_error) {
+		} catch {
 			return {
 				redirect: {
 					permanent: false,

apps/dokploy/pages/dashboard/project/[projectId]/services/postgres/[postgresId].tsx

@@ -321,7 +321,7 @@ export async function getServerSideProps(
 					activeTab: (activeTab || "general") as TabState,
 				},
 			};
-		} catch (_error) {
+		} catch {
 			return {
 				redirect: {
 					permanent: false,

apps/dokploy/pages/dashboard/project/[projectId]/services/redis/[redisId].tsx

@@ -328,7 +328,7 @@ export async function getServerSideProps(
 					activeTab: (activeTab || "general") as TabState,
 				},
 			};
-		} catch (_error) {
+		} catch {
 			return {
 				redirect: {
 					permanent: false,

apps/dokploy/pages/dashboard/settings/git-providers.tsx

@@ -68,7 +68,7 @@ export async function getServerSideProps(
 				trpcState: helpers.dehydrate(),
 			},
 		};
-	} catch (_error) {
+	} catch {
 		return {
 			props: {},
 		};

apps/dokploy/pages/dashboard/settings/ssh-keys.tsx

@@ -69,7 +69,7 @@ export async function getServerSideProps(
 				trpcState: helpers.dehydrate(),
 			},
 		};
-	} catch (_error) {
+	} catch {
 		return {
 			props: {},
 		};

apps/dokploy/pages/dashboard/swarm.tsx

@@ -72,7 +72,7 @@ export async function getServerSideProps(
 				trpcState: helpers.dehydrate(),
 			},
 		};
-	} catch (_error) {
+	} catch {
 		return {
 			props: {},
 		};

apps/dokploy/pages/dashboard/traefik.tsx

@@ -72,7 +72,7 @@ export async function getServerSideProps(
 				trpcState: helpers.dehydrate(),
 			},
 		};
-	} catch (_error) {
+	} catch {
 		return {
 			props: {},
 		};

apps/dokploy/pages/index.tsx

@@ -96,7 +96,7 @@ export default function Home({ IS_CLOUD }: Props) {
 
 			toast.success("Logged in successfully");
 			router.push("/dashboard/projects");
-		} catch (_error) {
+		} catch {
 			toast.error("An error occurred while logging in");
 		} finally {
 			setIsLoginLoading(false);
@@ -124,7 +124,7 @@ export default function Home({ IS_CLOUD }: Props) {
 
 			toast.success("Logged in successfully");
 			router.push("/dashboard/projects");
-		} catch (_error) {
+		} catch {
 			toast.error("An error occurred while verifying 2FA code");
 		} finally {
 			setIsTwoFactorLoading(false);
@@ -154,7 +154,7 @@ export default function Home({ IS_CLOUD }: Props) {
 
 			toast.success("Logged in successfully");
 			router.push("/dashboard/projects");
-		} catch (_error) {
+		} catch {
 			toast.error("An error occurred while verifying backup code");
 		} finally {
 			setIsBackupCodeLoading(false);
@@ -478,7 +478,7 @@ export async function getServerSideProps(context: GetServerSidePropsContext) {
 					},
 				};
 			}
-		} catch (_error) {}
+		} catch {}
 
 		return {
 			props: {

apps/dokploy/pages/invitation.tsx

@@ -133,7 +133,7 @@ const Invitation = ({
 
 			toast.success("Account created successfully");
 			router.push("/dashboard/projects");
-		} catch (_error) {
+		} catch {
 			toast.error("An error occurred while creating your account");
 		}
 	};

apps/dokploy/reset-2fa.ts

@@ -0,0 +1,27 @@
+import { findAdmin } from "@dokploy/server";
+import { db } from "@dokploy/server/db";
+import { users_temp } from "@dokploy/server/db/schema";
+import { eq } from "drizzle-orm";
+
+(async () => {
+	try {
+		const result = await findAdmin();
+
+		const update = await db
+			.update(users_temp)
+			.set({
+				twoFactorEnabled: false,
+			})
+			.where(eq(users_temp.id, result.userId));
+
+		if (update) {
+			console.log("2FA reset successful");
+		} else {
+			console.log("Password reset failed");
+		}
+
+		process.exit(0);
+	} catch (error) {
+		console.log("Error resetting 2FA", error);
+	}
+})();

apps/dokploy/server/api/root.ts

@@ -28,7 +28,6 @@ import { projectRouter } from "./routers/project";
 import { redirectsRouter } from "./routers/redirects";
 import { redisRouter } from "./routers/redis";
 import { registryRouter } from "./routers/registry";
-import { scheduleRouter } from "./routers/schedule";
 import { securityRouter } from "./routers/security";
 import { serverRouter } from "./routers/server";
 import { settingsRouter } from "./routers/settings";
@@ -36,6 +35,8 @@ import { sshRouter } from "./routers/ssh-key";
 import { stripeRouter } from "./routers/stripe";
 import { swarmRouter } from "./routers/swarm";
 import { userRouter } from "./routers/user";
+import { scheduleRouter } from "./routers/schedule";
+import { rollbackRouter } from "./routers/rollbacks";
 /**
  * This is the primary router for your server.
  *
@@ -80,6 +81,7 @@ export const appRouter = createTRPCRouter({
 	ai: aiRouter,
 	organization: organizationRouter,
 	schedule: scheduleRouter,
+	rollback: rollbackRouter,
 });
 
 // export type definition of API

apps/dokploy/server/api/routers/application.ts

@@ -31,6 +31,7 @@ import {
 	createApplication,
 	deleteAllMiddlewares,
 	findApplicationById,
+	findGitProviderById,
 	findProjectById,
 	getApplicationStats,
 	mechanizeDockerContainer,
@@ -126,7 +127,45 @@ export const applicationRouter = createTRPCRouter({
 					message: "You are not authorized to access this application",
 				});
 			}
-			return application;
+
+			let hasGitProviderAccess = true;
+			let unauthorizedProvider: string | null = null;
+
+			const getGitProviderId = () => {
+				switch (application.sourceType) {
+					case "github":
+						return application.github?.gitProviderId;
+					case "gitlab":
+						return application.gitlab?.gitProviderId;
+					case "bitbucket":
+						return application.bitbucket?.gitProviderId;
+					case "gitea":
+						return application.gitea?.gitProviderId;
+					default:
+						return null;
+				}
+			};
+
+			const gitProviderId = getGitProviderId();
+
+			if (gitProviderId) {
+				try {
+					const gitProvider = await findGitProviderById(gitProviderId);
+					if (gitProvider.userId !== ctx.session.userId) {
+						hasGitProviderAccess = false;
+						unauthorizedProvider = application.sourceType;
+					}
+				} catch {
+					hasGitProviderAccess = false;
+					unauthorizedProvider = application.sourceType;
+				}
+			}
+
+			return {
+				...application,
+				hasGitProviderAccess,
+				unauthorizedProvider,
+			};
 		}),
 
 	reload: protectedProcedure
@@ -488,6 +527,67 @@ export const applicationRouter = createTRPCRouter({
 				enableSubmodules: input.enableSubmodules,
 			});
 
+			return true;
+		}),
+	disconnectGitProvider: protectedProcedure
+		.input(apiFindOneApplication)
+		.mutation(async ({ input, ctx }) => {
+			const application = await findApplicationById(input.applicationId);
+			if (
+				application.project.organizationId !== ctx.session.activeOrganizationId
+			) {
+				throw new TRPCError({
+					code: "UNAUTHORIZED",
+					message: "You are not authorized to disconnect this git provider",
+				});
+			}
+
+			// Reset all git provider related fields
+			await updateApplication(input.applicationId, {
+				// GitHub fields
+				repository: null,
+				branch: null,
+				owner: null,
+				buildPath: "/",
+				githubId: null,
+				triggerType: "push",
+
+				// GitLab fields
+				gitlabRepository: null,
+				gitlabOwner: null,
+				gitlabBranch: null,
+				gitlabBuildPath: null,
+				gitlabId: null,
+				gitlabProjectId: null,
+				gitlabPathNamespace: null,
+
+				// Bitbucket fields
+				bitbucketRepository: null,
+				bitbucketOwner: null,
+				bitbucketBranch: null,
+				bitbucketBuildPath: null,
+				bitbucketId: null,
+
+				// Gitea fields
+				giteaRepository: null,
+				giteaOwner: null,
+				giteaBranch: null,
+				giteaBuildPath: null,
+				giteaId: null,
+
+				// Custom Git fields
+				customGitBranch: null,
+				customGitBuildPath: null,
+				customGitUrl: null,
+				customGitSSHKeyId: null,
+
+				// Common fields
+				sourceType: "github", // Reset to default
+				applicationStatus: "idle",
+				watchPaths: null,
+				enableSubmodules: false,
+			});
+
 			return true;
 		}),
 	markRunning: protectedProcedure

apps/dokploy/server/api/routers/backup.ts

@@ -22,6 +22,7 @@ import {
 	findPostgresByBackupId,
 	findPostgresById,
 	findServerById,
+	keepLatestNBackups,
 	removeBackupById,
 	removeScheduleBackup,
 	runMariadbBackup,
@@ -197,6 +198,8 @@ export const backupRouter = createTRPCRouter({
 				const backup = await findBackupById(input.backupId);
 				const postgres = await findPostgresByBackupId(backup.backupId);
 				await runPostgresBackup(postgres, backup);
+
+				await keepLatestNBackups(backup, postgres?.serverId);
 				return true;
 			} catch (error) {
 				const message =
@@ -217,6 +220,7 @@ export const backupRouter = createTRPCRouter({
 				const backup = await findBackupById(input.backupId);
 				const mysql = await findMySqlByBackupId(backup.backupId);
 				await runMySqlBackup(mysql, backup);
+				await keepLatestNBackups(backup, mysql?.serverId);
 				return true;
 			} catch (error) {
 				throw new TRPCError({
@@ -233,6 +237,7 @@ export const backupRouter = createTRPCRouter({
 				const backup = await findBackupById(input.backupId);
 				const mariadb = await findMariadbByBackupId(backup.backupId);
 				await runMariadbBackup(mariadb, backup);
+				await keepLatestNBackups(backup, mariadb?.serverId);
 				return true;
 			} catch (error) {
 				throw new TRPCError({
@@ -249,6 +254,7 @@ export const backupRouter = createTRPCRouter({
 				const backup = await findBackupById(input.backupId);
 				const compose = await findComposeByBackupId(backup.backupId);
 				await runComposeBackup(compose, backup);
+				await keepLatestNBackups(backup, compose?.serverId);
 				return true;
 			} catch (error) {
 				throw new TRPCError({
@@ -265,6 +271,7 @@ export const backupRouter = createTRPCRouter({
 				const backup = await findBackupById(input.backupId);
 				const mongo = await findMongoByBackupId(backup.backupId);
 				await runMongoBackup(mongo, backup);
+				await keepLatestNBackups(backup, mongo?.serverId);
 				return true;
 			} catch (error) {
 				throw new TRPCError({

apps/dokploy/server/api/routers/bitbucket.ts

@@ -22,7 +22,11 @@ export const bitbucketRouter = createTRPCRouter({
 		.input(apiCreateBitbucket)
 		.mutation(async ({ input, ctx }) => {
 			try {
-				return await createBitbucket(input, ctx.session.activeOrganizationId);
+				return await createBitbucket(
+					input,
+					ctx.session.activeOrganizationId,
+					ctx.session.userId,
+				);
 			} catch (error) {
 				throw new TRPCError({
 					code: "BAD_REQUEST",
@@ -37,7 +41,8 @@ export const bitbucketRouter = createTRPCRouter({
 			const bitbucketProvider = await findBitbucketById(input.bitbucketId);
 			if (
 				bitbucketProvider.gitProvider.organizationId !==
-				ctx.session.activeOrganizationId
+					ctx.session.activeOrganizationId &&
+				bitbucketProvider.gitProvider.userId !== ctx.session.userId
 			) {
 				throw new TRPCError({
 					code: "UNAUTHORIZED",
@@ -56,11 +61,13 @@ export const bitbucketRouter = createTRPCRouter({
 			},
 		});
 
-		result = result.filter(
-			(provider) =>
+		result = result.filter((provider) => {
+			return (
 				provider.gitProvider.organizationId ===
-				ctx.session.activeOrganizationId,
-		);
+					ctx.session.activeOrganizationId &&
+				provider.gitProvider.userId === ctx.session.userId
+			);
+		});
 		return result;
 	}),
 
@@ -70,7 +77,8 @@ export const bitbucketRouter = createTRPCRouter({
 			const bitbucketProvider = await findBitbucketById(input.bitbucketId);
 			if (
 				bitbucketProvider.gitProvider.organizationId !==
-				ctx.session.activeOrganizationId
+					ctx.session.activeOrganizationId &&
+				bitbucketProvider.gitProvider.userId !== ctx.session.userId
 			) {
 				throw new TRPCError({
 					code: "UNAUTHORIZED",
@@ -87,7 +95,8 @@ export const bitbucketRouter = createTRPCRouter({
 			);
 			if (
 				bitbucketProvider.gitProvider.organizationId !==
-				ctx.session.activeOrganizationId
+					ctx.session.activeOrganizationId &&
+				bitbucketProvider.gitProvider.userId !== ctx.session.userId
 			) {
 				throw new TRPCError({
 					code: "UNAUTHORIZED",
@@ -103,7 +112,8 @@ export const bitbucketRouter = createTRPCRouter({
 				const bitbucketProvider = await findBitbucketById(input.bitbucketId);
 				if (
 					bitbucketProvider.gitProvider.organizationId !==
-					ctx.session.activeOrganizationId
+						ctx.session.activeOrganizationId &&
+					bitbucketProvider.gitProvider.userId !== ctx.session.userId
 				) {
 					throw new TRPCError({
 						code: "UNAUTHORIZED",
@@ -126,7 +136,8 @@ export const bitbucketRouter = createTRPCRouter({
 			const bitbucketProvider = await findBitbucketById(input.bitbucketId);
 			if (
 				bitbucketProvider.gitProvider.organizationId !==
-				ctx.session.activeOrganizationId
+					ctx.session.activeOrganizationId &&
+				bitbucketProvider.gitProvider.userId !== ctx.session.userId
 			) {
 				throw new TRPCError({
 					code: "UNAUTHORIZED",

apps/dokploy/server/api/routers/compose.ts

@@ -28,6 +28,7 @@ import {
 	deleteMount,
 	findComposeById,
 	findDomainsByComposeId,
+	findGitProviderById,
 	findProjectById,
 	findServerById,
 	findUserById,
@@ -119,7 +120,45 @@ export const composeRouter = createTRPCRouter({
 					message: "You are not authorized to access this compose",
 				});
 			}
-			return compose;
+
+			let hasGitProviderAccess = true;
+			let unauthorizedProvider: string | null = null;
+
+			const getGitProviderId = () => {
+				switch (compose.sourceType) {
+					case "github":
+						return compose.github?.gitProviderId;
+					case "gitlab":
+						return compose.gitlab?.gitProviderId;
+					case "bitbucket":
+						return compose.bitbucket?.gitProviderId;
+					case "gitea":
+						return compose.gitea?.gitProviderId;
+					default:
+						return null;
+				}
+			};
+
+			const gitProviderId = getGitProviderId();
+
+			if (gitProviderId) {
+				try {
+					const gitProvider = await findGitProviderById(gitProviderId);
+					if (gitProvider.userId !== ctx.session.userId) {
+						hasGitProviderAccess = false;
+						unauthorizedProvider = compose.sourceType;
+					}
+				} catch {
+					hasGitProviderAccess = false;
+					unauthorizedProvider = compose.sourceType;
+				}
+			}
+
+			return {
+				...compose,
+				hasGitProviderAccess,
+				unauthorizedProvider,
+			};
 		}),
 
 	update: protectedProcedure
@@ -496,7 +535,7 @@ export const composeRouter = createTRPCRouter({
 				}
 			}
 
-			return null;
+			return compose;
 		}),
 
 	templates: publicProcedure
@@ -526,6 +565,61 @@ export const composeRouter = createTRPCRouter({
 			const uniqueTags = _.uniq(allTags);
 			return uniqueTags;
 		}),
+	disconnectGitProvider: protectedProcedure
+		.input(apiFindCompose)
+		.mutation(async ({ input, ctx }) => {
+			const compose = await findComposeById(input.composeId);
+			if (compose.project.organizationId !== ctx.session.activeOrganizationId) {
+				throw new TRPCError({
+					code: "UNAUTHORIZED",
+					message: "You are not authorized to disconnect this git provider",
+				});
+			}
+
+			// Reset all git provider related fields
+			await updateCompose(input.composeId, {
+				// GitHub fields
+				repository: null,
+				branch: null,
+				owner: null,
+				composePath: undefined,
+				githubId: null,
+				triggerType: "push",
+
+				// GitLab fields
+				gitlabRepository: null,
+				gitlabOwner: null,
+				gitlabBranch: null,
+				gitlabId: null,
+				gitlabProjectId: null,
+				gitlabPathNamespace: null,
+
+				// Bitbucket fields
+				bitbucketRepository: null,
+				bitbucketOwner: null,
+				bitbucketBranch: null,
+				bitbucketId: null,
+
+				// Gitea fields
+				giteaRepository: null,
+				giteaOwner: null,
+				giteaBranch: null,
+				giteaId: null,
+
+				// Custom Git fields
+				customGitBranch: null,
+				customGitUrl: null,
+				customGitSSHKeyId: null,
+
+				// Common fields
+				sourceType: "github", // Reset to default
+				composeStatus: "idle",
+				watchPaths: null,
+				enableSubmodules: false,
+			});
+
+			return true;
+		}),
 
 	move: protectedProcedure
 		.input(

apps/dokploy/server/api/routers/deployment.ts

@@ -7,16 +7,21 @@ import {
 	deployments,
 } from "@/server/db/schema";
 import {
+	execAsync,
+	execAsyncRemote,
 	findAllDeploymentsByApplicationId,
 	findAllDeploymentsByComposeId,
 	findAllDeploymentsByServerId,
 	findApplicationById,
 	findComposeById,
+	findDeploymentById,
 	findServerById,
+	updateDeploymentStatus,
 } from "@dokploy/server";
 import { TRPCError } from "@trpc/server";
 import { desc, eq } from "drizzle-orm";
 import { createTRPCRouter, protectedProcedure } from "../trpc";
+import { z } from "zod";
 
 export const deploymentRouter = createTRPCRouter({
 	all: protectedProcedure
@@ -65,7 +70,37 @@ export const deploymentRouter = createTRPCRouter({
 			const deploymentsList = await db.query.deployments.findMany({
 				where: eq(deployments[`${input.type}Id`], input.id),
 				orderBy: desc(deployments.createdAt),
+				with: {
+					rollback: true,
+				},
 			});
+
 			return deploymentsList;
 		}),
+
+	killProcess: protectedProcedure
+		.input(
+			z.object({
+				deploymentId: z.string().min(1),
+			}),
+		)
+		.mutation(async ({ input }) => {
+			const deployment = await findDeploymentById(input.deploymentId);
+
+			if (!deployment.pid) {
+				throw new TRPCError({
+					code: "BAD_REQUEST",
+					message: "Deployment is not running",
+				});
+			}
+
+			const command = `kill -9 ${deployment.pid}`;
+			if (deployment.schedule?.serverId) {
+				await execAsyncRemote(deployment.schedule.serverId, command);
+			} else {
+				await execAsync(command);
+			}
+
+			await updateDeploymentStatus(deployment.deploymentId, "error");
+		}),
 });

apps/dokploy/server/api/routers/docker.ts

@@ -1,5 +1,6 @@
 import {
 	containerRestart,
+	findServerById,
 	getConfig,
 	getContainers,
 	getContainersByAppLabel,
@@ -9,6 +10,9 @@ import {
 } from "@dokploy/server";
 import { z } from "zod";
 import { createTRPCRouter, protectedProcedure } from "../trpc";
+import { TRPCError } from "@trpc/server";
+
+export const containerIdRegex = /^[a-zA-Z0-9.\-_]+$/;
 
 export const dockerRouter = createTRPCRouter({
 	getContainers: protectedProcedure
@@ -17,14 +21,23 @@ export const dockerRouter = createTRPCRouter({
 				serverId: z.string().optional(),
 			}),
 		)
-		.query(async ({ input }) => {
+		.query(async ({ input, ctx }) => {
+			if (input.serverId) {
+				const server = await findServerById(input.serverId);
+				if (server.organizationId !== ctx.session?.activeOrganizationId) {
+					throw new TRPCError({ code: "UNAUTHORIZED" });
+				}
+			}
 			return await getContainers(input.serverId);
 		}),
 
 	restartContainer: protectedProcedure
 		.input(
 			z.object({
-				containerId: z.string().min(1),
+				containerId: z
+					.string()
+					.min(1)
+					.regex(containerIdRegex, "Invalid container id."),
 			}),
 		)
 		.mutation(async ({ input }) => {
@@ -34,11 +47,20 @@ export const dockerRouter = createTRPCRouter({
 	getConfig: protectedProcedure
 		.input(
 			z.object({
-				containerId: z.string().min(1),
+				containerId: z
+					.string()
+					.min(1)
+					.regex(containerIdRegex, "Invalid container id."),
 				serverId: z.string().optional(),
 			}),
 		)
-		.query(async ({ input }) => {
+		.query(async ({ input, ctx }) => {
+			if (input.serverId) {
+				const server = await findServerById(input.serverId);
+				if (server.organizationId !== ctx.session?.activeOrganizationId) {
+					throw new TRPCError({ code: "UNAUTHORIZED" });
+				}
+			}
 			return await getConfig(input.containerId, input.serverId);
 		}),
 
@@ -48,11 +70,17 @@ export const dockerRouter = createTRPCRouter({
 				appType: z
 					.union([z.literal("stack"), z.literal("docker-compose")])
 					.optional(),
-				appName: z.string().min(1),
+				appName: z.string().min(1).regex(containerIdRegex, "Invalid app name."),
 				serverId: z.string().optional(),
 			}),
 		)
-		.query(async ({ input }) => {
+		.query(async ({ input, ctx }) => {
+			if (input.serverId) {
+				const server = await findServerById(input.serverId);
+				if (server.organizationId !== ctx.session?.activeOrganizationId) {
+					throw new TRPCError({ code: "UNAUTHORIZED" });
+				}
+			}
 			return await getContainersByAppNameMatch(
 				input.appName,
 				input.appType,
@@ -63,12 +91,18 @@ export const dockerRouter = createTRPCRouter({
 	getContainersByAppLabel: protectedProcedure
 		.input(
 			z.object({
-				appName: z.string().min(1),
+				appName: z.string().min(1).regex(containerIdRegex, "Invalid app name."),
 				serverId: z.string().optional(),
 				type: z.enum(["standalone", "swarm"]),
 			}),
 		)
-		.query(async ({ input }) => {
+		.query(async ({ input, ctx }) => {
+			if (input.serverId) {
+				const server = await findServerById(input.serverId);
+				if (server.organizationId !== ctx.session?.activeOrganizationId) {
+					throw new TRPCError({ code: "UNAUTHORIZED" });
+				}
+			}
 			return await getContainersByAppLabel(
 				input.appName,
 				input.type,
@@ -79,22 +113,34 @@ export const dockerRouter = createTRPCRouter({
 	getStackContainersByAppName: protectedProcedure
 		.input(
 			z.object({
-				appName: z.string().min(1),
+				appName: z.string().min(1).regex(containerIdRegex, "Invalid app name."),
 				serverId: z.string().optional(),
 			}),
 		)
-		.query(async ({ input }) => {
+		.query(async ({ input, ctx }) => {
+			if (input.serverId) {
+				const server = await findServerById(input.serverId);
+				if (server.organizationId !== ctx.session?.activeOrganizationId) {
+					throw new TRPCError({ code: "UNAUTHORIZED" });
+				}
+			}
 			return await getStackContainersByAppName(input.appName, input.serverId);
 		}),
 
 	getServiceContainersByAppName: protectedProcedure
 		.input(
 			z.object({
-				appName: z.string().min(1),
+				appName: z.string().min(1).regex(containerIdRegex, "Invalid app name."),
 				serverId: z.string().optional(),
 			}),
 		)
-		.query(async ({ input }) => {
+		.query(async ({ input, ctx }) => {
+			if (input.serverId) {
+				const server = await findServerById(input.serverId);
+				if (server.organizationId !== ctx.session?.activeOrganizationId) {
+					throw new TRPCError({ code: "UNAUTHORIZED" });
+				}
+			}
 			return await getServiceContainersByAppName(input.appName, input.serverId);
 		}),
 });

apps/dokploy/server/api/routers/git-provider.ts

@@ -3,7 +3,7 @@ import { db } from "@/server/db";
 import { apiRemoveGitProvider, gitProvider } from "@/server/db/schema";
 import { findGitProviderById, removeGitProvider } from "@dokploy/server";
 import { TRPCError } from "@trpc/server";
-import { desc, eq } from "drizzle-orm";
+import { and, desc, eq } from "drizzle-orm";
 
 export const gitProviderRouter = createTRPCRouter({
 	getAll: protectedProcedure.query(async ({ ctx }) => {
@@ -15,7 +15,10 @@ export const gitProviderRouter = createTRPCRouter({
 				gitea: true,
 			},
 			orderBy: desc(gitProvider.createdAt),
-			where: eq(gitProvider.organizationId, ctx.session.activeOrganizationId),
+			where: and(
+				eq(gitProvider.userId, ctx.session.userId),
+				eq(gitProvider.organizationId, ctx.session.activeOrganizationId),
+			),
 		});
 	}),
 	remove: protectedProcedure

apps/dokploy/server/api/routers/gitea.ts

@@ -26,7 +26,11 @@ export const giteaRouter = createTRPCRouter({
 		.input(apiCreateGitea)
 		.mutation(async ({ input, ctx }) => {
 			try {
-				return await createGitea(input, ctx.session.activeOrganizationId);
+				return await createGitea(
+					input,
+					ctx.session.activeOrganizationId,
+					ctx.session.userId,
+				);
 			} catch (error) {
 				throw new TRPCError({
 					code: "BAD_REQUEST",
@@ -42,7 +46,8 @@ export const giteaRouter = createTRPCRouter({
 			const giteaProvider = await findGiteaById(input.giteaId);
 			if (
 				giteaProvider.gitProvider.organizationId !==
-				ctx.session.activeOrganizationId
+					ctx.session.activeOrganizationId &&
+				giteaProvider.gitProvider.userId !== ctx.session.userId
 			) {
 				throw new TRPCError({
 					code: "UNAUTHORIZED",
@@ -62,7 +67,8 @@ export const giteaRouter = createTRPCRouter({
 		result = result.filter(
 			(provider) =>
 				provider.gitProvider.organizationId ===
-				ctx.session.activeOrganizationId,
+					ctx.session.activeOrganizationId &&
+				provider.gitProvider.userId === ctx.session.userId,
 		);
 
 		const filtered = result
@@ -94,7 +100,8 @@ export const giteaRouter = createTRPCRouter({
 			const giteaProvider = await findGiteaById(giteaId);
 			if (
 				giteaProvider.gitProvider.organizationId !==
-				ctx.session.activeOrganizationId
+					ctx.session.activeOrganizationId &&
+				giteaProvider.gitProvider.userId !== ctx.session.userId
 			) {
 				throw new TRPCError({
 					code: "UNAUTHORIZED",
@@ -130,7 +137,8 @@ export const giteaRouter = createTRPCRouter({
 			const giteaProvider = await findGiteaById(giteaId);
 			if (
 				giteaProvider.gitProvider.organizationId !==
-				ctx.session.activeOrganizationId
+					ctx.session.activeOrganizationId &&
+				giteaProvider.gitProvider.userId !== ctx.session.userId
 			) {
 				throw new TRPCError({
 					code: "UNAUTHORIZED",
@@ -162,7 +170,8 @@ export const giteaRouter = createTRPCRouter({
 				const giteaProvider = await findGiteaById(giteaId);
 				if (
 					giteaProvider.gitProvider.organizationId !==
-					ctx.session.activeOrganizationId
+						ctx.session.activeOrganizationId &&
+					giteaProvider.gitProvider.userId !== ctx.session.userId
 				) {
 					throw new TRPCError({
 						code: "UNAUTHORIZED",
@@ -190,7 +199,8 @@ export const giteaRouter = createTRPCRouter({
 			const giteaProvider = await findGiteaById(input.giteaId);
 			if (
 				giteaProvider.gitProvider.organizationId !==
-				ctx.session.activeOrganizationId
+					ctx.session.activeOrganizationId &&
+				giteaProvider.gitProvider.userId !== ctx.session.userId
 			) {
 				throw new TRPCError({
 					code: "UNAUTHORIZED",
@@ -231,7 +241,8 @@ export const giteaRouter = createTRPCRouter({
 			const giteaProvider = await findGiteaById(giteaId);
 			if (
 				giteaProvider.gitProvider.organizationId !==
-				ctx.session.activeOrganizationId
+					ctx.session.activeOrganizationId &&
+				giteaProvider.gitProvider.userId !== ctx.session.userId
 			) {
 				throw new TRPCError({
 					code: "UNAUTHORIZED",

apps/dokploy/server/api/routers/github.ts

@@ -21,7 +21,8 @@ export const githubRouter = createTRPCRouter({
 			const githubProvider = await findGithubById(input.githubId);
 			if (
 				githubProvider.gitProvider.organizationId !==
-				ctx.session.activeOrganizationId
+					ctx.session.activeOrganizationId &&
+				githubProvider.gitProvider.userId === ctx.session.userId
 			) {
 				throw new TRPCError({
 					code: "UNAUTHORIZED",
@@ -36,7 +37,8 @@ export const githubRouter = createTRPCRouter({
 			const githubProvider = await findGithubById(input.githubId);
 			if (
 				githubProvider.gitProvider.organizationId !==
-				ctx.session.activeOrganizationId
+					ctx.session.activeOrganizationId &&
+				githubProvider.gitProvider.userId === ctx.session.userId
 			) {
 				throw new TRPCError({
 					code: "UNAUTHORIZED",
@@ -51,7 +53,8 @@ export const githubRouter = createTRPCRouter({
 			const githubProvider = await findGithubById(input.githubId || "");
 			if (
 				githubProvider.gitProvider.organizationId !==
-				ctx.session.activeOrganizationId
+					ctx.session.activeOrganizationId &&
+				githubProvider.gitProvider.userId === ctx.session.userId
 			) {
 				//TODO: Remove this line when the cloud version is ready
 				throw new TRPCError({
@@ -71,7 +74,8 @@ export const githubRouter = createTRPCRouter({
 		result = result.filter(
 			(provider) =>
 				provider.gitProvider.organizationId ===
-				ctx.session.activeOrganizationId,
+					ctx.session.activeOrganizationId &&
+				provider.gitProvider.userId === ctx.session.userId,
 		);
 
 		const filtered = result
@@ -95,7 +99,8 @@ export const githubRouter = createTRPCRouter({
 				const githubProvider = await findGithubById(input.githubId);
 				if (
 					githubProvider.gitProvider.organizationId !==
-					ctx.session.activeOrganizationId
+						ctx.session.activeOrganizationId &&
+					githubProvider.gitProvider.userId === ctx.session.userId
 				) {
 					throw new TRPCError({
 						code: "UNAUTHORIZED",
@@ -117,7 +122,8 @@ export const githubRouter = createTRPCRouter({
 			const githubProvider = await findGithubById(input.githubId);
 			if (
 				githubProvider.gitProvider.organizationId !==
-				ctx.session.activeOrganizationId
+					ctx.session.activeOrganizationId &&
+				githubProvider.gitProvider.userId === ctx.session.userId
 			) {
 				throw new TRPCError({
 					code: "UNAUTHORIZED",

apps/dokploy/server/api/routers/gitlab.ts

@@ -25,7 +25,11 @@ export const gitlabRouter = createTRPCRouter({
 		.input(apiCreateGitlab)
 		.mutation(async ({ input, ctx }) => {
 			try {
-				return await createGitlab(input, ctx.session.activeOrganizationId);
+				return await createGitlab(
+					input,
+					ctx.session.activeOrganizationId,
+					ctx.session.userId,
+				);
 			} catch (error) {
 				throw new TRPCError({
 					code: "BAD_REQUEST",
@@ -40,7 +44,8 @@ export const gitlabRouter = createTRPCRouter({
 			const gitlabProvider = await findGitlabById(input.gitlabId);
 			if (
 				gitlabProvider.gitProvider.organizationId !==
-				ctx.session.activeOrganizationId
+					ctx.session.activeOrganizationId &&
+				gitlabProvider.gitProvider.userId !== ctx.session.userId
 			) {
 				throw new TRPCError({
 					code: "UNAUTHORIZED",
@@ -56,11 +61,13 @@ export const gitlabRouter = createTRPCRouter({
 			},
 		});
 
-		result = result.filter(
-			(provider) =>
+		result = result.filter((provider) => {
+			return (
 				provider.gitProvider.organizationId ===
-				ctx.session.activeOrganizationId,
-		);
+					ctx.session.activeOrganizationId &&
+				provider.gitProvider.userId === ctx.session.userId
+			);
+		});
 		const filtered = result
 			.filter((provider) => haveGitlabRequirements(provider))
 			.map((provider) => {
@@ -80,7 +87,8 @@ export const gitlabRouter = createTRPCRouter({
 			const gitlabProvider = await findGitlabById(input.gitlabId);
 			if (
 				gitlabProvider.gitProvider.organizationId !==
-				ctx.session.activeOrganizationId
+					ctx.session.activeOrganizationId &&
+				gitlabProvider.gitProvider.userId !== ctx.session.userId
 			) {
 				throw new TRPCError({
 					code: "UNAUTHORIZED",
@@ -96,7 +104,8 @@ export const gitlabRouter = createTRPCRouter({
 			const gitlabProvider = await findGitlabById(input.gitlabId || "");
 			if (
 				gitlabProvider.gitProvider.organizationId !==
-				ctx.session.activeOrganizationId
+					ctx.session.activeOrganizationId &&
+				gitlabProvider.gitProvider.userId !== ctx.session.userId
 			) {
 				throw new TRPCError({
 					code: "UNAUTHORIZED",
@@ -112,7 +121,8 @@ export const gitlabRouter = createTRPCRouter({
 				const gitlabProvider = await findGitlabById(input.gitlabId || "");
 				if (
 					gitlabProvider.gitProvider.organizationId !==
-					ctx.session.activeOrganizationId
+						ctx.session.activeOrganizationId &&
+					gitlabProvider.gitProvider.userId !== ctx.session.userId
 				) {
 					throw new TRPCError({
 						code: "UNAUTHORIZED",
@@ -135,7 +145,8 @@ export const gitlabRouter = createTRPCRouter({
 			const gitlabProvider = await findGitlabById(input.gitlabId);
 			if (
 				gitlabProvider.gitProvider.organizationId !==
-				ctx.session.activeOrganizationId
+					ctx.session.activeOrganizationId &&
+				gitlabProvider.gitProvider.userId !== ctx.session.userId
 			) {
 				throw new TRPCError({
 					code: "UNAUTHORIZED",

apps/dokploy/server/api/routers/notification.ts

@@ -446,4 +446,12 @@ export const notificationRouter = createTRPCRouter({
 				});
 			}
 		}),
+	getEmailProviders: adminProcedure.query(async ({ ctx }) => {
+		return await db.query.notifications.findMany({
+			where: eq(notifications.organizationId, ctx.session.activeOrganizationId),
+			with: {
+				email: true,
+			},
+		});
+	}),
 });

apps/dokploy/server/api/routers/rollbacks.ts

@@ -0,0 +1,37 @@
+import { createTRPCRouter, protectedProcedure } from "@/server/api/trpc";
+import { apiFindOneRollback } from "@/server/db/schema";
+import { removeRollbackById, rollback } from "@dokploy/server";
+import { TRPCError } from "@trpc/server";
+
+export const rollbackRouter = createTRPCRouter({
+	delete: protectedProcedure
+		.input(apiFindOneRollback)
+		.mutation(async ({ input }) => {
+			try {
+				return removeRollbackById(input.rollbackId);
+			} catch (error) {
+				const message =
+					error instanceof Error
+						? error.message
+						: "Error input: Deleting rollback";
+				throw new TRPCError({
+					code: "BAD_REQUEST",
+					message,
+				});
+			}
+		}),
+	rollback: protectedProcedure
+		.input(apiFindOneRollback)
+		.mutation(async ({ input }) => {
+			try {
+				return await rollback(input.rollbackId);
+			} catch (error) {
+				console.error(error);
+				throw new TRPCError({
+					code: "BAD_REQUEST",
+					message: "Error input: Rolling back",
+					cause: error,
+				});
+			}
+		}),
+});

apps/dokploy/server/api/routers/settings.ts

@@ -459,6 +459,15 @@ export const settingsRouter = createTRPCRouter({
 					throw new TRPCError({ code: "UNAUTHORIZED" });
 				}
 			}
+
+			if (input.serverId) {
+				const server = await findServerById(input.serverId);
+
+				if (server.organizationId !== ctx.session?.activeOrganizationId) {
+					throw new TRPCError({ code: "UNAUTHORIZED" });
+				}
+			}
+
 			return readConfigInPath(input.path, input.serverId);
 		}),
 	getIp: protectedProcedure.query(async ({ ctx }) => {
@@ -825,6 +834,9 @@ export const settingsRouter = createTRPCRouter({
 			}),
 		)
 		.mutation(async ({ input }) => {
+			if (IS_CLOUD) {
+				return true;
+			}
 			if (input.cronExpression) {
 				return startLogCleanup(input.cronExpression);
 			}
@@ -834,6 +846,14 @@ export const settingsRouter = createTRPCRouter({
 	getLogCleanupStatus: adminProcedure.query(async () => {
 		return getLogCleanupStatus();
 	}),
+
+	getDokployCloudIps: adminProcedure.query(async () => {
+		if (!IS_CLOUD) {
+			return [];
+		}
+		const ips = process.env.DOKPLOY_CLOUD_IPS?.split(",");
+		return ips;
+	}),
 });
 
 export const getTraefikPorts = async (serverId?: string) => {

apps/dokploy/server/api/routers/swarm.ts

@@ -6,6 +6,9 @@ import {
 } from "@dokploy/server";
 import { z } from "zod";
 import { createTRPCRouter, protectedProcedure } from "../trpc";
+import { TRPCError } from "@trpc/server";
+import { findServerById } from "@dokploy/server";
+import { containerIdRegex } from "./docker";
 
 export const swarmRouter = createTRPCRouter({
 	getNodes: protectedProcedure
@@ -14,12 +17,24 @@ export const swarmRouter = createTRPCRouter({
 				serverId: z.string().optional(),
 			}),
 		)
-		.query(async ({ input }) => {
+		.query(async ({ input, ctx }) => {
+			if (input.serverId) {
+				const server = await findServerById(input.serverId);
+				if (server.organizationId !== ctx.session?.activeOrganizationId) {
+					throw new TRPCError({ code: "UNAUTHORIZED" });
+				}
+			}
 			return await getSwarmNodes(input.serverId);
 		}),
 	getNodeInfo: protectedProcedure
 		.input(z.object({ nodeId: z.string(), serverId: z.string().optional() }))
-		.query(async ({ input }) => {
+		.query(async ({ input, ctx }) => {
+			if (input.serverId) {
+				const server = await findServerById(input.serverId);
+				if (server.organizationId !== ctx.session?.activeOrganizationId) {
+					throw new TRPCError({ code: "UNAUTHORIZED" });
+				}
+			}
 			return await getNodeInfo(input.nodeId, input.serverId);
 		}),
 	getNodeApps: protectedProcedure
@@ -28,17 +43,29 @@ export const swarmRouter = createTRPCRouter({
 				serverId: z.string().optional(),
 			}),
 		)
-		.query(async ({ input }) => {
+		.query(async ({ input, ctx }) => {
+			if (input.serverId) {
+				const server = await findServerById(input.serverId);
+				if (server.organizationId !== ctx.session?.activeOrganizationId) {
+					throw new TRPCError({ code: "UNAUTHORIZED" });
+				}
+			}
 			return getNodeApplications(input.serverId);
 		}),
 	getAppInfos: protectedProcedure
 		.input(
 			z.object({
-				appName: z.string(),
+				appName: z.string().min(1).regex(containerIdRegex, "Invalid app name."),
 				serverId: z.string().optional(),
 			}),
 		)
-		.query(async ({ input }) => {
+		.query(async ({ input, ctx }) => {
+			if (input.serverId) {
+				const server = await findServerById(input.serverId);
+				if (server.organizationId !== ctx.session?.activeOrganizationId) {
+					throw new TRPCError({ code: "UNAUTHORIZED" });
+				}
+			}
 			return await getApplicationInfo(input.appName, input.serverId);
 		}),
 });

apps/dokploy/server/api/routers/user.ts

@@ -1,10 +1,13 @@
 import {
 	IS_CLOUD,
 	createApiKey,
+	findAdmin,
+	findNotificationById,
 	findOrganizationById,
 	findUserById,
 	getUserByToken,
 	removeUserById,
+	sendEmailNotification,
 	updateUser,
 } from "@dokploy/server";
 import { db } from "@dokploy/server/db";
@@ -72,6 +75,24 @@ export const userRouter = createTRPCRouter({
 				},
 			});
 
+			// If user not found in the organization, deny access
+			if (!memberResult) {
+				throw new TRPCError({
+					code: "NOT_FOUND",
+					message: "User not found in this organization",
+				});
+			}
+
+			// Allow access if:
+			// 1. User is requesting their own information
+			// 2. User has owner role (admin permissions) AND user is in the same organization
+			if (memberResult.userId !== ctx.user.id && ctx.user.role !== "owner") {
+				throw new TRPCError({
+					code: "UNAUTHORIZED",
+					message: "You are not authorized to access this user",
+				});
+			}
+
 			return memberResult;
 		}),
 	get: protectedProcedure.query(async ({ ctx }) => {
@@ -362,4 +383,59 @@ export const userRouter = createTRPCRouter({
 
 			return organizations.length;
 		}),
+	sendInvitation: adminProcedure
+		.input(
+			z.object({
+				invitationId: z.string().min(1),
+				notificationId: z.string().min(1),
+			}),
+		)
+		.mutation(async ({ input, ctx }) => {
+			if (IS_CLOUD) {
+				return;
+			}
+
+			const notification = await findNotificationById(input.notificationId);
+
+			const email = notification.email;
+
+			const currentInvitation = await db.query.invitation.findFirst({
+				where: eq(invitation.id, input.invitationId),
+			});
+
+			if (!email) {
+				throw new TRPCError({
+					code: "NOT_FOUND",
+					message: "Email notification not found",
+				});
+			}
+
+			const admin = await findAdmin();
+			const host =
+				process.env.NODE_ENV === "development"
+					? "http://localhost:3000"
+					: admin.user.host;
+			const inviteLink = `${host}/invitation?token=${input.invitationId}`;
+
+			const organization = await findOrganizationById(
+				ctx.session.activeOrganizationId,
+			);
+
+			try {
+				await sendEmailNotification(
+					{
+						...email,
+						toAddresses: [currentInvitation?.email || ""],
+					},
+					"Invitation to join organization",
+					`
+				<p>You are invited to join ${organization?.name || "organization"} on Dokploy. Click the link to accept the invitation: <a href="${inviteLink}">Accept Invitation</a></p>
+					`,
+				);
+			} catch (error) {
+				console.log(error);
+				throw error;
+			}
+			return inviteLink;
+		}),
 });

apps/dokploy/server/utils/docker.ts

@@ -6,7 +6,7 @@ export const isWSL = async () => {
 		const { stdout } = await execAsync("uname -r");
 		const isWSL = stdout.includes("microsoft");
 		return isWSL;
-	} catch (_error) {
+	} catch {
 		return false;
 	}
 };

apps/dokploy/server/wss/listen-deployment.ts

@@ -101,7 +101,7 @@ export const setupDeploymentLogsWebSocketServer = (
 					ws.close();
 				});
 			}
-		} catch (_error) {
+		} catch {
 			// @ts-ignore
 			// const errorMessage = error?.message as unknown as string;
 			// ws.send(errorMessage);

apps/dokploy/setup.ts

@@ -12,6 +12,7 @@ import {
 	initializeNetwork,
 	initializeSwarm,
 } from "@dokploy/server/setup/setup";
+import { execAsync } from "@dokploy/server";
 (async () => {
 	try {
 		setupDirectories();
@@ -20,6 +21,7 @@ import {
 		await initializeNetwork();
 		createDefaultTraefikConfig();
 		createDefaultServerTraefikConfig();
+		await execAsync("docker pull traefik:v3.1.2");
 		await initializeTraefik();
 		await initializeRedis();
 		await initializePostgres();

apps/dokploy/styles/globals.css

@@ -242,3 +242,8 @@
 	background-color: var(--terminal-paste) !important;
 	color: currentColor !important;
 }
+
+.cm-content,
+.cm-lineWrapping {
+	@apply font-mono;
+}

apps/dokploy/tailwind.config.ts

@@ -15,7 +15,7 @@ const config = {
 			center: true,
 			padding: "2rem",
 			screens: {
-				"2xl": "1400px",
+				"2xl": "87.5rem",
 			},
 		},
 		extend: {

apps/monitoring/LICENSE.md

@@ -0,0 +1,21 @@
+MIT License
+
+Copyright 2025 Mauricio Siu.
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all
+copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+SOFTWARE.