Adds instructions.md files for the Supabase and Trigger.dev templates and
renders them in the template browser as a new Instructions tab in the
template dialog (fetched from blueprints/<id>/instructions.md, rendered
with a small dependency-free markdown component).
Also removes the placeholder blueprints/ackee/instructions.md so it does
not surface as an empty Instructions tab.
Co-Authored-By: Claude Fable 5 <noreply@anthropic.com>
The template ships plain nextcloud + mariadb + redis + cron, not the
nextcloud/all-in-one mastercontainer. Display name and description no
longer claim AIO; folder id is kept as nextcloud-aio to avoid breaking
existing installs. Image pinned to the current stable tag (33.0.6).
Co-Authored-By: Claude Fable 5 <noreply@anthropic.com>
MinIO Inc. stopped publishing Docker images and pre-built binaries in
October 2025 and archived the minio/minio repository in February 2026.
The official minio/minio image is frozen at RELEASE.2025-09-07T16-13-09Z
and no longer receives security fixes (the fix for CVE-2025-62506 was
never published as an image).
- Switch image to pgsty/minio:RELEASE.2026-06-18T00-00-00Z, the actively
maintained community fork (drop-in replacement, AGPLv3, same env vars,
same /data on-disk format, restores the full web console)
- Route the S3 API (port 9000) through its own generated domain instead
of publishing host port 9000, per repo conventions
- Update meta.json links/description to point at the maintained fork
Closes#469
Co-Authored-By: Claude Fable 5 <noreply@anthropic.com>
WordPress resolves its own public domain to the server's public IP from
inside the container, so REST API / WP-Cron / Site Health loopback
requests depend on hairpin NAT, which times out (cURL error 28) on many
hosts. Pin the site domain to the dokploy-traefik container IP in
/etc/hosts at startup (with retries, since Traefik joins the compose
network shortly after the container starts) so loopback traffic stays
inside the Docker network for both HTTP and HTTPS. No-op fallback when
dokploy-traefik is not resolvable.
Co-Authored-By: Claude Fable 5 <noreply@anthropic.com>
- Pin lindesvard/openpanel-api|dashboard|worker to 2.2.1 (verified working
end-to-end on a Dokploy instance) instead of the mutable :2 tag, so a
future broken 2.x release cannot silently break the template again —
which is how #615 originated when 2.0.0 shipped.
- Fix interserver_http_host to match the actual service name (op-ch),
aligning with upstream self-hosting config.
- Set meta.json version to the pinned 2.2.1.
Co-Authored-By: Claude Fable 5 <noreply@anthropic.com>
Without UPLOAD_LIMIT the phpMyAdmin image keeps PHP's default 2M
post_max_size/upload_max_filesize, so importing any SQL file larger
than 2MB fails with 'POST Content-Length exceeds the limit of
2097152 bytes' followed by a session_start error page.
- Add UPLOAD_LIMIT (512M) and MAX_EXECUTION_TIME (600) env vars,
configurable from the template env
- Wire the previously unused MYSQL_DATABASE env var into the compose
file, replacing the hardcoded 'tu_base_de_datos' placeholder, and
default it to 'phpmyadmin' instead of the system 'mysql' schema
Closes#236
Co-Authored-By: Claude Fable 5 <noreply@anthropic.com>
The template shipped rybbit v1.5.1, which is no longer supported and is
vulnerable to known React2Shell exploits (see #659). Update to the
latest stable release v2.7.0 and align the stack with the upstream
docker-compose:
- Pin ghcr.io/rybbit-io/rybbit-backend and rybbit-client to v2.7.0
- Add the redis service now required by the backend (session tracking
and BullMQ queues), with password auth, AOF persistence and
noeviction policy per upstream
- Drop the DOMAIN_NAME env var (only used by the upstream Caddy
webserver, which Dokploy replaces with Traefik)
- Add DISABLE_TELEMETRY env and generate BETTER_AUTH_SECRET as base64
Co-Authored-By: Claude Fable 5 <noreply@anthropic.com>
Adds the integration enable env flags introduced in Evolution API v2.3.x
(N8N_ENABLED, OPENAI_ENABLED, EVOAI_ENABLED, DIFY_ENABLED, TYPEBOT_ENABLED,
CHATWOOT_ENABLED) so integrations no longer fail with 'N8n is disabled',
and pins the image to v2.3.7 instead of latest.
Co-Authored-By: Claude Fable 5 <noreply@anthropic.com>
- Bump image from v0.135.0-postgres to v0.162.6 (upstream dropped the
-postgres tag suffix after v0.146.0; plain tags are the postgres build)
- Remove the db-migration service: the standalone image runs database
migrations automatically on boot (auto-start-migrations), matching the
official docker-compose.prod.yml which no longer ships that service
- Generate ENCRYPTION_KEY (${hash:32}) and AUTH_SECRET (${base64:32})
per deployment instead of shipping hardcoded example secrets
- Fix SITE_URL to http://${main_domain} (no :8080; the domain is proxied)
- Refresh SMTP env names (SMTP_FROM_ADDRESS/SMTP_FROM_NAME; SMTP_SECURE
was removed upstream) and drop unused CLIENT_* env placeholders that
were never passed to the container
Closes#215
Co-Authored-By: Claude Fable 5 <noreply@anthropic.com>
- Override the ClickHouse image's config.d/docker_related_config.xml,
which listens on the IPv6 wildcard address ([::]) first and fails to
bind on hosts without IPv6 support; listen on 0.0.0.0 (IPv4) only and
disable the internal DNS cache so transient startup DNS failures for
zookeeper-1/clickhouse are not cached (issue #534).
- Set hostname: clickhouse (instead of container_name) so the server
identifies itself as the cluster host declared in cluster.xml.
- Remove the explicit signoz-net network: Dokploy attaches its own
networks automatically and the repo validator rejects explicit
networks; a fixed-name shared network also breaks service DNS across
deployments.
- Fix mount mismatch: template.toml created files/signoz/prometheus.xml
while the compose mounts ../files/signoz/prometheus.yml, so Docker
silently mounted a directory as the signoz prometheus config.
- Give the otel-collector domain its own generated host: both domains
previously shared the same host and path "/", creating two conflicting
Traefik routers where one service randomly won.
Closes#534
Co-Authored-By: Claude Fable 5 <noreply@anthropic.com>
- Replace unofficial dockeriddonuts/automatisch:2.0 mirror (stale since Nov 2024)
with the official automatischio/automatisch:0.15.0 image
- Define DOMAIN in template.toml [config.env]: the compose referenced ${DOMAIN}
but it was never provided, so HOST resolved empty and the app generated
localhost URLs for the web app and webhooks
- Set API_URL/WEB_APP_URL so generated URLs don't carry the internal :3000 port
behind Traefik
- Add postgres healthcheck and gate the app on service_healthy to avoid the
boot-time migration race; worker now starts after main (official compose order)
- Drop unnecessary published port and no-op REDIS_* env on the redis service
- Bump meta.json version to 0.15.0
Closes#97
Co-Authored-By: Claude Fable 5 <noreply@anthropic.com>
Zitadel resolves its instance from the external domain/port/scheme, so the
template's ZITADEL_EXTERNALPORT=8080 made every generated URL (OIDC issuer,
login redirects) point at http://<domain>:8080 instead of the domain served
by Traefik, ending in {"code":5,"message":"Not Found"} (#516).
- Expose ZITADEL_EXTERNALDOMAIN / ZITADEL_EXTERNALPORT / ZITADEL_EXTERNALSECURE
as template env vars, defaulting to the generated domain over HTTP
(port 80, secure=false) so the routed domain and Zitadel's external config
always match; HTTPS users flip them to 443/true in the Env tab.
- Pin image to v4.16.0 (was latest) and keep the built-in login v1 via
ZITADEL_DEFAULTINSTANCE_FEATURES_LOGINV2_REQUIRED=false so no separate
login-v2 container is needed.
- Add the official readiness healthcheck, drop the unused /app/data volume,
bogus SMTP env keys, published port and obsolete compose version key.
Closes#516
Co-Authored-By: Claude Fable 5 <noreply@anthropic.com>
The template set unicorn['worker_processes'] / unicorn['worker_timeout'] in
GITLAB_OMNIBUS_CONFIG. Unicorn was removed in GitLab 14.0, so on current
gitlab-ce images `gitlab-ctl reconfigure` aborts with "Removed configurations
found in gitlab.rb" and GitLab never starts serving — the generated domain
returned 502 Bad Gateway (issue #380).
Rewrite the template as the official all-in-one Omnibus setup:
- pin gitlab/gitlab-ce:19.1.2-ce.0 instead of :latest
- external_url http://<domain> with nginx listen_port 80 / listen_https false
(TLS terminates at Traefik)
- set gitlab_rails['initial_root_password'] from a generated template password
- puma single mode + prometheus monitoring off to keep memory reasonable
- drop the external postgres/redis containers (Omnibus bundles and manages
its own) and the broken ports entries ("2224" published a random host port
while sshd listens on 22)
Verified on a live Dokploy instance: domain serves the GitLab sign-in page
and root login with the generated password works.
Co-Authored-By: Claude Fable 5 <noreply@anthropic.com>
The postgres healthcheck ran pg_isready without -U while POSTGRES_USER
was set to logto, so every probe attempted to connect as role
"postgres" and spammed FATAL: role "postgres" does not exist.
Pass -U logto -d logto explicitly and set POSTGRES_DB.
Also fix LOGTO_ENDPOINT pointing at the admin domain instead of the
main domain, update Logto 1.27.0 -> 1.41.0, use ${password:32} for the
generated password, drop the ephemeral host port publishing and add
restart policies.
Closes#130
Co-Authored-By: Claude Fable 5 <noreply@anthropic.com>
- Replace the relative bind mount `../homarr/appdata:/appdata` with a
named volume `homarr_appdata:/appdata` so the data survives cleanups
and can be backed up through Dokploy volume backups.
- Generate SECRET_ENCRYPTION_KEY with `${hash:64}` instead of
`${password:64}`: homarr requires a 64-character hex string
(`openssl rand -hex 32`) and the password helper emits non-hex
characters (g-z).
Closes#738
Co-Authored-By: Claude Fable 5 <noreply@anthropic.com>
Kener v4 requires Redis for its BullMQ queues, caching and scheduler,
so the app crashed on startup with "REDIS_URL is not defined in
environment variables" right after printing that it was running
(issue #976). The template also spun up both a postgres and a mariadb
container while DATABASE_URL pointed at SQLite, so neither database
was ever used (issue #282).
Changes, aligned with the upstream docker-compose.yml
(rajnandan1/kener):
- Add a redis:7-alpine service with a healthcheck and persistent
volume, wire REDIS_URL=redis://redis:6379 and make kener depend on
redis being healthy
- Remove the unused postgres and mysql services plus their env vars
and generated passwords; keep SQLite (upstream default) persisted
in the kener_db volume
- Set ORIGIN to https://<domain> instead of http://localhost:3000 so
CSRF protection works behind the generated domain
- Drop the stale /app/uploads bind mount (kener v4 only persists
/app/database) and the obsolete compose version key
Deploy-tested on a Dokploy instance: migrations and seed complete,
schedulers start, "Kener version 4.1.2 is running!", HTTP 200 on the
generated domain, both containers stable.
Closes#976Closes#282
Co-Authored-By: Claude Fable 5 <noreply@anthropic.com>