Commit Graph

895 Commits

Author SHA1 Message Date
Mauricio Siu
7d70100230 Merge pull request #799 from enemyrr/multica-clean
Add Multica template
2026-07-08 10:22:30 -06:00
Mauricio Siu
bc12a2ede9 Merge pull request #900 from NightVibes33/add-wallabag-template
feat: add wallabag template
2026-07-08 10:22:18 -06:00
Mauricio Siu
1299984829 Merge pull request #782 from zrja/zrja/shopware-v1
feat: add Shopware blueprint
2026-07-08 10:22:01 -06:00
Mauricio Siu
ecfd938131 Merge pull request #765 from SamirChatwiti/canary
feat: add Matomo blueprint
2026-07-08 10:21:12 -06:00
Mauricio Siu
28b254fff1 Merge pull request #886 from BinkyTwin/codex/add-thingsboard-template
feat: add ThingsBoard template
2026-07-08 10:20:17 -06:00
Mauricio Siu
31839bfa29 Merge pull request #818 from Nico-Pergande/update-authentik-2026.2.2-pg18
feat(authentik): bump to 2026.2.2 and Postgres 18
2026-07-08 10:20:02 -06:00
Mauricio Siu
0a0cabcfb0 Merge pull request #955 from rohitmulani63-ops/codex/add-tandoor-recipes-template
feat: add Tandoor Recipes template
2026-07-08 10:19:09 -06:00
Mauricio Siu
00cb500a1f Merge pull request #887 from BinkyTwin/codex/add-nodelink-template
feat: add NodeLink template
2026-07-08 10:18:47 -06:00
Mauricio Siu
f2fdb525d8 Merge pull request #888 from BinkyTwin/codex/add-owncloud-infinite-scale-template
feat: add ownCloud Infinite Scale template
2026-07-08 10:18:34 -06:00
Mauricio Siu
e83d6d1192 Merge pull request #898 from MANFIT7/add-code-server-template
feat: add code-server template
2026-07-08 10:18:09 -06:00
Mauricio Siu
9d007e826c Merge pull request #932 from rohitmulani63-ops/codex/add-filerun-template
feat: add FileRun template
2026-07-08 10:08:26 -06:00
Mauricio Siu
8ffc5ef169 Merge pull request #863 from iRazvan2745/canary
add uptimekit
2026-07-08 10:07:09 -06:00
Mauricio Siu
0ada7ae5f2 fix: remove public backend domain that always returned 404
The Multica backend is an API-only chi server with no route registered
at "/", so the generated backend domain (path "/") permanently answered
HTTP 404 even though the container was healthy. The web frontend already
proxies /api/*, /ws, /auth/* and /uploads/* to http://backend:8080 via
Next.js rewrites, and when NEXT_PUBLIC_WS_URL is unset the browser
derives the WebSocket URL from the page origin, so the backend never
needs to be exposed publicly.

- drop the backend [[config.domains]] entry and api_domain variable
- drop NEXT_PUBLIC_WS_URL so the WS URL falls back to the page origin
  and goes through the frontend's /ws rewrite
- remove ephemeral host port publications (ports: "8080"/"3000");
  Traefik reaches the containers over the docker network

Verified on a Dokploy instance: deploy done, frontend / -> 200 and
backend reachable through the proxy (/api/config -> 200).

Co-Authored-By: Claude Fable 5 <noreply@anthropic.com>
2026-07-08 02:50:24 -06:00
Mauricio Siu
987fdf3c09 fix: composer security audit blocked pinned shopware/core, bump to 6.7.12.1
Bootstrap died with exit 2 because Composer >= 2.9 enables
audit.block-insecure by default: shopware/core v6.7.8.2 is now affected
by 9 security advisories (all fixed in 6.7.10.1+), so
'composer create-project shopware/production:6.7.8.2' failed to resolve
dependencies and the whole stack never started.

- Bump the pinned Shopware version to 6.7.12.1 (latest, advisory-free).
- Disable audit.block-insecure in the bootstrap's global composer config
  so advisories published after a version is pinned cannot brick fresh
  one-click deploys.
- Use APP_URL=http://${main_domain} per template conventions; an https
  APP_URL breaks storefront sales-channel matching when the Dokploy
  domain is served over plain http.

Verified on a Dokploy instance: full bootstrap + deployment-helper
install completed in ~4 min, storefront and /admin both return HTTP 200.

Co-Authored-By: Claude Fable 5 <noreply@anthropic.com>
2026-07-08 02:26:08 -06:00
Mauricio Siu
288dfdce45 fix: mount postgres volume at new PGDATA path for postgres:18
The official postgres:18 image moved PGDATA from /var/lib/postgresql/data
to /var/lib/postgresql. Mounting the volume at the old path made the
entrypoint abort and the postgresql container restart-loop, failing the
deploy with "dependency postgresql failed to start". Mounting the volume
at /var/lib/postgresql fixes the deploy; server responds 200 on
/if/flow/initial-setup/.

Co-Authored-By: Claude Fable 5 <noreply@anthropic.com>
2026-07-08 02:11:39 -06:00
Mauricio Siu
495f22c520 fix: postgres 18 data dir mountpoint breaking db startup
The postgres:18-alpine image moved PGDATA from /var/lib/postgresql/data
to /var/lib/postgresql, so mounting the volume at the old path made the
entrypoint abort and the db container restart forever, failing the
service_healthy dependency for dash and status-page.

- Mount db_data at /var/lib/postgresql (postgres 18 layout)
- Remove host port mappings (Dokploy routes via domains/Traefik)
- Generate POSTGRES_PASSWORD and CLICKHOUSE_PASSWORD with ${password:32}
  instead of hardcoded credentials
- Drop unused DASH_PORT/STATUS_PAGE_PORT env and dangling empty
  [[config.mounts]] section in template.toml

Co-Authored-By: Claude Fable 5 <noreply@anthropic.com>
2026-07-08 02:00:49 -06:00
Mauricio Siu
e60d713179 fix: run init container as root so the install marker can be written
The tb-node image runs as the non-root "thingsboard" user (uid 799), but
the freshly created /data named volume is owned by root, so
"touch /data/.thingsboard-installed" failed with permission denied after
every successful install. Combined with "set -e" and "restart: on-failure",
the init container kept re-running the installer forever and the main
thingsboard service (gated on service_completed_successfully) never
started, leaving the domain returning 404.

Running the init service as root lets the marker be written so the init
completes and stays idempotent across redeploys. Also widened the main
service healthcheck start window (start_period 300s, retries 10) so the
slow first boot on modest VPS hardware is not marked unhealthy while
docker compose up --wait is in progress.

Co-Authored-By: Claude Fable 5 <noreply@anthropic.com>
2026-07-08 01:55:38 -06:00
Mauricio Siu
448d4ba76d fix: oCIS crash-loop and https-only redirect behind Dokploy proxy
The container was restart-looping because the built-in IdP fatals with
"invalid iss value, URL must start with https://" when OCIS_URL uses
plain http, which caused the sustained 502.

- Set owncloud_url to https://${main_domain} so the IdP issuer is valid
  and ocis server stays up.
- oCIS 8.x unconditionally answers 308 -> https:// whenever it receives
  X-Forwarded-Proto: http (services/proxy https_redirect middleware), so
  the domain check then died on a redirect loop into a non-existent 443
  router. Add a small nginx gateway in front of oCIS that forwards
  requests with X-Forwarded-Proto: https (what a TLS-terminating proxy
  sends) and point the Dokploy domain at gateway:8080.
- Update the README notes accordingly.

Verified on a live Dokploy instance: deploy done, GET / returns
HTTP 200 with title "ownCloud".

Co-Authored-By: Claude Fable 5 <noreply@anthropic.com>
2026-07-08 01:54:04 -06:00
Mauricio Siu
ef8071e5ff fix: send Authorization header in NodeLink healthcheck
NodeLink requires the Authorization header on every API route,
including /version, so the healthcheck's unauthenticated fetch always
got a 401 and the container stayed permanently unhealthy. Traefik
skips unhealthy containers, so the assigned domain returned a
sustained 404 even though the deploy finished successfully.

Pass the container's NODELINK_SERVER_PASSWORD as the Authorization
header in the healthcheck fetch; the container now reaches a healthy
state and the domain routes to the server (401 on / without
credentials, 200 on /version with the password), as expected for a
Lavalink-compatible server.

Co-Authored-By: Claude Fable 5 <noreply@anthropic.com>
2026-07-08 01:49:54 -06:00
Mauricio Siu
3523fc6a90 fix: remove nested .config volume that crash-looped code-server
The named volume mounted at /home/coder/.config was created root-owned
(the path does not exist in the codercom/code-server image), so
code-server running as uid 1000 failed with
"EACCES: permission denied, mkdir '/home/coder/.config/code-server'"
and restarted in a loop, leaving Traefik returning 404. The .config
directory already lives inside /home/coder, which is persisted by the
code-server-home volume, so the extra volume is unnecessary.

Verified: deploy done, container healthy, domain on port 8080 returns
HTTP 200 with the code-server login page.

Co-Authored-By: Claude Fable 5 <noreply@anthropic.com>
2026-07-08 01:37:50 -06:00
Mauricio Siu
65a9a0a5a5 fix: let wallabag entrypoint provision the database so the install runs
The template deployed but returned a persistent HTTP 500: MARIADB_DATABASE
pre-created the wallabag database, so the image entrypoint detected an
existing database, skipped bin/console wallabag:install and left an empty
schema. Only MARIADB_ROOT_PASSWORD is set now, letting the entrypoint
create the database/user and run the installer on first boot (matching the
official wallabag docker-compose).

Also:
- build SYMFONY__ENV__DOMAIN_NAME from the generated domain with the http
  scheme so assets/redirects match how the domain is served
- point SYMFONY__ENV__REDIS_HOST at the wallabag-redis service (default is
  'redis', which does not resolve here)
- randomize SYMFONY__ENV__SECRET instead of relying on the image's
  hardcoded default

Co-Authored-By: Claude Fable 5 <noreply@anthropic.com>
2026-07-08 01:37:02 -06:00
Mauricio Siu
eb1c47e86b fix: resolve conflict markers accidentally committed during meta migration
Co-Authored-By: Claude Fable 5 <noreply@anthropic.com>
2026-07-08 01:13:50 -06:00
Mauricio Siu
88fae2f9cc fix: chown named volumes so the non-root filerun user can install on first run
The filerun/filerun image runs as user filerun (1001:1001), but /var/www/html
is created as root in the image, so the named volume inherits root:root
ownership. The entrypoint's first-run installer then fails to download
filerun.zip into /var/www/html (Permission denied) and the container
crash-loops with exit 1.

- Add a busybox init service that chowns the html and user-files volumes to
  1001:1001 before filerun starts (gated via service_completed_successfully).
- Drop the user: "99:100" override, which is meant for pre-chowned host bind
  mounts in the upstream example, not named volumes.
- Remove the UTF-8 BOM at the start of the file, the legacy links: entry and
  the obsolete version: key.

Verified on a live Dokploy deploy: HTTP 200 with page title
"FileRun :: Installation".

Co-Authored-By: Claude Fable 5 <noreply@anthropic.com>
2026-07-08 01:00:34 -06:00
Mauricio Siu
0b7511f79c fix: tandoor listens on unix socket by default — bind gunicorn to TCP 8080
The vabene1111/recipes 2.x image starts gunicorn on unix:/tmp/tandoor.sock
unless TANDOOR_PORT is set, so Traefik got 502. Set TANDOOR_PORT=8080 and
point the domain to 8080 (80 was never listening).

Deploy-tested on a Dokploy instance: HTTP 200, setup page renders.

Co-Authored-By: Claude Fable 5 <noreply@anthropic.com>
2026-07-08 00:31:53 -06:00
Mauricio Siu
b6710c39aa fix: matomo logo path in meta.json (filename, not full path)
Co-Authored-By: Claude Fable 5 <noreply@anthropic.com>
2026-07-08 00:11:50 -06:00
Mauricio Siu
77edae36d8 Merge remote-tracking branch 'origin/canary' into SamirChatwiti/canary
# Conflicts:
#	meta.json
2026-07-08 00:06:38 -06:00
Mauricio Siu
3a56077d39 Merge remote-tracking branch 'origin/canary' into zrja/shopware-v1
# Conflicts:
#	meta.json
2026-07-08 00:06:22 -06:00
Mauricio Siu
9af20d0698 Merge remote-tracking branch 'origin/canary' into multica-clean
# Conflicts:
#	blueprints/imgproxy/docker-compose.yml
#	blueprints/mediafetch/docker-compose.yml
#	blueprints/mediafetch/template.toml
#	blueprints/nextcloud-aio/docker-compose.yml
#	meta.json
2026-07-08 00:06:01 -06:00
Mauricio Siu
533b433f6c Merge remote-tracking branch 'origin/canary' into update-authentik-2026.2.2-pg18
# Conflicts:
#	meta.json
2026-07-08 00:05:42 -06:00
Mauricio Siu
26860d94c0 Merge remote-tracking branch 'origin/canary' into iRazvan2745/canary
# Conflicts:
#	meta.json
2026-07-08 00:05:29 -06:00
Mauricio Siu
47a04f55a5 Merge remote-tracking branch 'origin/canary' into codex/add-thingsboard-template
# Conflicts:
#	meta.json
2026-07-08 00:05:07 -06:00
Mauricio Siu
cbc0a9f242 Merge remote-tracking branch 'origin/canary' into codex/add-nodelink-template
# Conflicts:
#	meta.json
2026-07-08 00:05:03 -06:00
Mauricio Siu
b4f9e48699 Merge remote-tracking branch 'origin/canary' into codex/add-owncloud-infinite-scale-template
# Conflicts:
#	meta.json
2026-07-08 00:05:00 -06:00
Mauricio Siu
a8efe43f5d Merge remote-tracking branch 'origin/canary' into add-code-server-template
# Conflicts:
#	meta.json
2026-07-08 00:04:56 -06:00
Mauricio Siu
d7d426c968 Merge remote-tracking branch 'origin/canary' into add-wallabag-template
# Conflicts:
#	meta.json
2026-07-08 00:04:52 -06:00
Mauricio Siu
3e856b0316 Merge remote-tracking branch 'origin/canary' into codex/add-filerun-template
# Conflicts:
#	meta.json
2026-07-08 00:04:28 -06:00
Mauricio Siu
c048635ec3 Merge remote-tracking branch 'origin/canary' into codex/add-tandoor-recipes-template
# Conflicts:
#	meta.json
2026-07-08 00:04:14 -06:00
Mauricio Siu
a93794e289 Merge pull request #978 from Dokploy/feat/per-template-meta
feat: per-template metadata (blueprints/<id>/meta.json) — no more meta.json merge conflicts
2026-07-08 00:00:10 -06:00
Mauricio Siu
c3de62fb83 feat: per-template metadata — eliminate meta.json merge conflicts
- move each template's metadata to blueprints/<id>/meta.json (442 files, byte-identical roundtrip with the old root meta.json)
- generate the served meta.json at build time into app/public/meta.json (gitignored); pnpm dev/build run the generator first
- CI validates every blueprints/<id>/meta.json via generate-meta.js --check (required fields, id/folder match, logo exists, folder<->meta bidirectionality) and rejects any committed root meta.json
- remove root meta.json, dedupe-and-sort-meta.js and build-scripts/process-meta.js (obsolete)
- update CONTRIBUTING.md, AGENTS.md and README.md

Co-Authored-By: Claude Fable 5 <noreply@anthropic.com>
2026-07-07 23:58:10 -06:00
Mauricio Siu
6a6ab5ac17 Merge pull request #957 from rohitmulani63-ops/add-jitsi-meet-template
feat: add Jitsi Meet template
2026-07-07 23:38:53 -06:00
Mauricio Siu
632a2ac79e Merge remote-tracking branch 'origin/canary' into SamirChatwiti/canary
# Conflicts:
#	meta.json
2026-07-07 17:36:57 -06:00
Mauricio Siu
657523290b Merge remote-tracking branch 'origin/canary' into add-jitsi-meet-template
# Conflicts:
#	meta.json
2026-07-07 17:36:53 -06:00
Vladyslav Prosolupov
9795b2f042 fix: Imgproxy container exposure (#740) 2026-07-07 17:36:29 -06:00
Andrew Tinekov
b096c532ce feat: Update Glitchtip to version 6.1.0 (#751)
* feat(glitchtip): update to version 6.1.0

* fix(glitchtip): fix code violations
2026-07-07 17:36:25 -06:00
Omar Herri
0a62e507b8 Update docker-compose.yml (#753) 2026-07-07 17:36:22 -06:00
Rayane
16693e6f74 fix(plane): update to v1.2.3 and replace MinIO with RustFS (#760)
* fix(plane): update template to Plane v1.x (stable)
The existing template targeted v0.27.1 which is heavily outdated.
This updates it to match Plane's current official deployment config.
Changes:
- Images: v0.27.1 → stable (currently v1.2.3) from Docker Hub
- Remove explicit commands from frontend services (built into images)
- Postgres: 17-alpine → 15.7-alpine (matches Plane's supported version)
- Valkey: 7.2.5 → 7.2.11
- Proxy: add admin + live dependencies, proxy_config/proxy_data volumes
- Add LIVE_SERVER_SECRET_KEY, APP_DOMAIN, SITE_ADDRESS env vars
- Add RABBITMQ_USER/PASSWORD/VHOST (new v1.x env var names)
- Fix RABBITMQ_DEFAULT_USER bug (was hardcoded string, not variable)
- Fix DATABASE_URL to use template variables directly
- Fix AWS_ACCESS_KEY_ID to match MINIO_ROOT_USER literal
- Remove deprecated: version key, SENTRY_*, NGINX_PORT
- Remove unused env_file from plane-redis
- Add restart policies to all services

* fix(plane): replace MinIO with RustFS (Apache 2.0)
MinIO's open-source edition is effectively dead:
- Admin UI stripped (March 2025)
- Docker images discontinued (October 2025)
- GitHub repo in maintenance mode (December 2025)
- Marked as "NO LONGER MAINTAINED" (February 2026)
RustFS is an S3-compatible drop-in replacement:
- Apache 2.0 license (no AGPL restrictions)
- Same S3 API on port 9000
- Written in Rust, 2.3x faster than MinIO for small objects
- Active development with built-in web console

* fix(plane): address CI and convention issues

- Add back version: "3.8" (required by Dokploy conventions)
- Update meta.json: version v0.27.1 → v1.2.3
- Run process-meta to fix pre-existing strapi duplicate
- Migrator restart: "no" → on-failure

* fix(plane): address review feedback

- Pin RustFS to 1.0.0-alpha.90 (no latest tag)
- WEB_URL and CORS_ALLOWED_ORIGINS use http (Dokploy handles TLS)
2026-07-07 17:36:19 -06:00
Tobias Dalhof
e933413655 feat(nextcloud-aio): add nextcloud_cron service (#766) 2026-07-07 17:36:16 -06:00
Rohit Mulani
4deab71ad5 fix: use HTTPS for Outline OIDC URLs (#940)
* fix: use HTTPS for Outline OIDC URLs

* Add root-healthy Dex proxy for Outline

---------

Co-authored-by: Rohit Mulani <289630555+rohitmulani63-ops@users.noreply.github.com>
2026-07-07 17:36:13 -06:00
Sancho Godinho
56cd3dba39 Add MaxIO template (#744)
* Add Docker Compose configuration for Maxio service

* Add template configuration for maxio service

* Add Maxio logo

* Add Maxio metadata to meta.json

Added metadata for Maxio including links and tags.

* Run node dedupe-and-sort-meta.js

* Fix name from Maxio to MaxIO

* Make suggested updates

* Add missing restart policy

* Make improvements
2026-07-07 17:36:10 -06:00
Andrew Tinekov
66fea6e989 feat: add OpenObserve template (#750)
* feat: add openobserve template

* fix(openobserve): fix code violations
2026-07-07 17:36:07 -06:00