Defaulting TRUSTED_PROXIES to 0.0.0.0/0 makes Caddy trust X-Forwarded-For /
X-Real-IP from any peer, allowing client-IP spoofing (CWE-348 / CWE-290) that
poisons rate-limiting and audit logs. In Dokploy the only upstream is Traefik on
the private dokploy-network, so trust Caddy's built-in `private_ranges` token
instead. Legitimate forwarded client IPs (Traefik is a private peer) still
resolve correctly; XFF from public-IP peers is rejected if the proxy is ever
exposed directly. Overridable via env for custom topologies.
Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
The plane-proxy Caddyfile.ce ends with a `{$SITE_ADDRESS} { import plane_proxy }`
block. SITE_ADDRESS has no inline default upstream, so when it is unset the block
becomes keyless and Caddy aborts with:
adapting config using caddyfile: server block without any key is global
configuration, and if used, it must be first
Expose SITE_ADDRESS (:80, matching the proxy `expose: ["80"]` + domain port 80,
since Dokploy terminates TLS upstream) and TRUSTED_PROXIES (0.0.0.0/0, matching
the Caddyfile inline default) on the proxy env, and document both in template.toml
so they render into the generated env. Reported and verified by @RDeluxe in #912.
Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
The plane-proxy image has hardcoded `reverse_proxy web:3000`/`api:8000`
in its Caddyfile with generic service names. In multi-stack Dokploy
deployments, those names collide with other stacks' containers (Next.js
apps frequently have a `web` service) on the shared dokploy-network —
the Plane domain ends up serving content from unrelated stacks.
Two-step fix:
1. Rename internal services with `plane-*` prefix (unique cluster-wide):
web/space/admin/live/api/worker/beat-worker/migrator → plane-*
2. Add `links:` block to the `proxy` service mapping the new names back
to the generic ones the Caddyfile expects (`plane-web:web` etc.).
Docker injects these into /etc/hosts, which has absolute priority
over DNS — Caddy resolves `web`/`api`/etc. directly to our renamed
containers, ignoring any collision on dokploy-network.
Also updates `API_BASE_URL` in template.toml and the `x-live-env` anchor
from `http://api:8000` → `http://plane-api:8000`.
No `networks:` declarations added (repo validator rejects them; Dokploy
manages networking automatically).
- Bump makeplane/* images v0.27.1 -> v1.3.1
- Pin minio to RELEASE.2025-04-22T22-12-26Z (last release with full admin
console before community-edition feature removal)
- Add YAML anchors (x-*-env) for env reuse across backend services
- Add healthchecks for postgres, valkey, rabbitmq
- api/worker/beat-worker wait for migrator via service_completed_successfully
(fixes race where backend booted before schema was migrated)
- Add restart policies (unless-stopped for long-running, on-failure for migrator)
- Migrate env_file -> inline environment (matches repo convention)
- Expose APP_RELEASE in template.toml [variables] for UI override
Bug fixes in template.toml:
- RABBITMQ_DEFAULT_USER was the literal string "rabbitmq_user" instead of
a variable reference; AMQP_URL was inconsistent with the broker user
- WEB_URL was missing the https:// scheme (broke OAuth/email links)
- DATABASE_URL/AMQP_URL referenced inline vars that Dokploy does not
resolve inside [config.env]; now use [variables] directly
- Remove dead vars: NGINX_PORT (Plane v1.x uses Caddy), SENTRY_DSN,
SENTRY_ENVIRONMENT
- Add WEBHOOK_ALLOWED_IPS/WEBHOOK_ALLOWED_HOSTS (SSRF guard default
introduced in Plane v1.x)
* chore(blueprint): update plane services to v0.27.1
- Bumped all makeplane service images from v0.25.3 to v0.27.1
- Updated web, space, admin, live, api, worker, beat-worker, migrator and proxy services
- Version alignment for all plane components in docker-compose blueprint
* chore(blueprint): update plane version to v0.27.1