- Reword two docker-compose comments so the literal string
"dokploy-network" no longer appears. The compose never declared the
network manually (Dokploy attaches it automatically); the automated
template check was tripping on the comment text alone.
- meta.json: keep canary's richer description and tags
(kanban, project-management), bumping only the version to v1.3.1.
Deploy-verified on a test Dokploy instance: full stack booted in 465s
and proxy:80 answered HTTP 200 with the Plane landing page.
Co-Authored-By: Claude Fable 5 <noreply@anthropic.com>
- move each template's metadata to blueprints/<id>/meta.json (442 files, byte-identical roundtrip with the old root meta.json)
- generate the served meta.json at build time into app/public/meta.json (gitignored); pnpm dev/build run the generator first
- CI validates every blueprints/<id>/meta.json via generate-meta.js --check (required fields, id/folder match, logo exists, folder<->meta bidirectionality) and rejects any committed root meta.json
- remove root meta.json, dedupe-and-sort-meta.js and build-scripts/process-meta.js (obsolete)
- update CONTRIBUTING.md, AGENTS.md and README.md
Co-Authored-By: Claude Fable 5 <noreply@anthropic.com>
* fix(plane): update template to Plane v1.x (stable)
The existing template targeted v0.27.1 which is heavily outdated.
This updates it to match Plane's current official deployment config.
Changes:
- Images: v0.27.1 → stable (currently v1.2.3) from Docker Hub
- Remove explicit commands from frontend services (built into images)
- Postgres: 17-alpine → 15.7-alpine (matches Plane's supported version)
- Valkey: 7.2.5 → 7.2.11
- Proxy: add admin + live dependencies, proxy_config/proxy_data volumes
- Add LIVE_SERVER_SECRET_KEY, APP_DOMAIN, SITE_ADDRESS env vars
- Add RABBITMQ_USER/PASSWORD/VHOST (new v1.x env var names)
- Fix RABBITMQ_DEFAULT_USER bug (was hardcoded string, not variable)
- Fix DATABASE_URL to use template variables directly
- Fix AWS_ACCESS_KEY_ID to match MINIO_ROOT_USER literal
- Remove deprecated: version key, SENTRY_*, NGINX_PORT
- Remove unused env_file from plane-redis
- Add restart policies to all services
* fix(plane): replace MinIO with RustFS (Apache 2.0)
MinIO's open-source edition is effectively dead:
- Admin UI stripped (March 2025)
- Docker images discontinued (October 2025)
- GitHub repo in maintenance mode (December 2025)
- Marked as "NO LONGER MAINTAINED" (February 2026)
RustFS is an S3-compatible drop-in replacement:
- Apache 2.0 license (no AGPL restrictions)
- Same S3 API on port 9000
- Written in Rust, 2.3x faster than MinIO for small objects
- Active development with built-in web console
* fix(plane): address CI and convention issues
- Add back version: "3.8" (required by Dokploy conventions)
- Update meta.json: version v0.27.1 → v1.2.3
- Run process-meta to fix pre-existing strapi duplicate
- Migrator restart: "no" → on-failure
* fix(plane): address review feedback
- Pin RustFS to 1.0.0-alpha.90 (no latest tag)
- WEB_URL and CORS_ALLOWED_ORIGINS use http (Dokploy handles TLS)
Add a "# ..." comment string before every entry in config.env, grouped
into labelled sections (Application, PostgreSQL, Redis, RabbitMQ,
storage, proxy, runtime) with blank-line separators. Because Dokploy
renders config.env entries verbatim into the generated .env, these
comment strings carry the documentation into the deployed .env file
(TOML # comments would be stripped at parse time and never reach it).
Same pattern already used by discord-tickets, garage-with-ui, tooljet
and rustfs. No variable values changed; all 39 vars preserved.
Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
The v1.3.1 rewrite (669ad4a) reordered template.toml so that
[[config.domains]] preceded the bare `env = [...]` and `mounts = []`
keys. In TOML those keys then attach to the first config.domains table
element instead of [config], leaving config.env undefined. Dokploy reads
env from config.env, so the base64 export / deploy shipped with no
environment variables at all.
Move env/mounts back above [[config.domains]] (matching the original
template and other blueprints like documenso). config.env now resolves
to all 39 entries; the domain table keeps only serviceName/port/host.
Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
Defaulting TRUSTED_PROXIES to 0.0.0.0/0 makes Caddy trust X-Forwarded-For /
X-Real-IP from any peer, allowing client-IP spoofing (CWE-348 / CWE-290) that
poisons rate-limiting and audit logs. In Dokploy the only upstream is Traefik on
the private dokploy-network, so trust Caddy's built-in `private_ranges` token
instead. Legitimate forwarded client IPs (Traefik is a private peer) still
resolve correctly; XFF from public-IP peers is rejected if the proxy is ever
exposed directly. Overridable via env for custom topologies.
Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
The plane-proxy Caddyfile.ce ends with a `{$SITE_ADDRESS} { import plane_proxy }`
block. SITE_ADDRESS has no inline default upstream, so when it is unset the block
becomes keyless and Caddy aborts with:
adapting config using caddyfile: server block without any key is global
configuration, and if used, it must be first
Expose SITE_ADDRESS (:80, matching the proxy `expose: ["80"]` + domain port 80,
since Dokploy terminates TLS upstream) and TRUSTED_PROXIES (0.0.0.0/0, matching
the Caddyfile inline default) on the proxy env, and document both in template.toml
so they render into the generated env. Reported and verified by @RDeluxe in #912.
Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
The plane-proxy image has hardcoded `reverse_proxy web:3000`/`api:8000`
in its Caddyfile with generic service names. In multi-stack Dokploy
deployments, those names collide with other stacks' containers (Next.js
apps frequently have a `web` service) on the shared dokploy-network —
the Plane domain ends up serving content from unrelated stacks.
Two-step fix:
1. Rename internal services with `plane-*` prefix (unique cluster-wide):
web/space/admin/live/api/worker/beat-worker/migrator → plane-*
2. Add `links:` block to the `proxy` service mapping the new names back
to the generic ones the Caddyfile expects (`plane-web:web` etc.).
Docker injects these into /etc/hosts, which has absolute priority
over DNS — Caddy resolves `web`/`api`/etc. directly to our renamed
containers, ignoring any collision on dokploy-network.
Also updates `API_BASE_URL` in template.toml and the `x-live-env` anchor
from `http://api:8000` → `http://plane-api:8000`.
No `networks:` declarations added (repo validator rejects them; Dokploy
manages networking automatically).
- Bump makeplane/* images v0.27.1 -> v1.3.1
- Pin minio to RELEASE.2025-04-22T22-12-26Z (last release with full admin
console before community-edition feature removal)
- Add YAML anchors (x-*-env) for env reuse across backend services
- Add healthchecks for postgres, valkey, rabbitmq
- api/worker/beat-worker wait for migrator via service_completed_successfully
(fixes race where backend booted before schema was migrated)
- Add restart policies (unless-stopped for long-running, on-failure for migrator)
- Migrate env_file -> inline environment (matches repo convention)
- Expose APP_RELEASE in template.toml [variables] for UI override
Bug fixes in template.toml:
- RABBITMQ_DEFAULT_USER was the literal string "rabbitmq_user" instead of
a variable reference; AMQP_URL was inconsistent with the broker user
- WEB_URL was missing the https:// scheme (broke OAuth/email links)
- DATABASE_URL/AMQP_URL referenced inline vars that Dokploy does not
resolve inside [config.env]; now use [variables] directly
- Remove dead vars: NGINX_PORT (Plane v1.x uses Caddy), SENTRY_DSN,
SENTRY_ENVIRONMENT
- Add WEBHOOK_ALLOWED_IPS/WEBHOOK_ALLOWED_HOSTS (SSRF guard default
introduced in Plane v1.x)
* chore(blueprint): update plane services to v0.27.1
- Bumped all makeplane service images from v0.25.3 to v0.27.1
- Updated web, space, admin, live, api, worker, beat-worker, migrator and proxy services
- Version alignment for all plane components in docker-compose blueprint
* chore(blueprint): update plane version to v0.27.1