* refactor: unify server admin tools into dashboard pages with server selector
Replace the per-server Advanced dropdown (Traefik file system, Docker
containers, swarm overview, swarm nodes, schedules) with a server
selector on the existing dashboard routes, defaulting to the Dokploy
server. Pages are now available in cloud too, since the dropdown was
the only entry point there; the cloud-only monitoring modal moves to
an icon button on the server card.
* feat: add frontend-design skill and enhance dashboard UI components
- Introduced a new skill for creating high-quality frontend designs, emphasizing intentional aesthetics and detailed guidelines for implementation.
- Updated the Traefik system component to improve the user experience when no files or directories are found, incorporating new icons and a more informative layout.
- Enhanced the server filter component with improved loading states, user prompts, and a more visually appealing design, including badges and better server information display.
* [autofix.ci] apply automated fixes
* style: adjust Card component layout in schedules page for improved responsiveness
- Modified the Card component in the schedules page to ensure it utilizes full width while maintaining the minimum height, enhancing the overall layout and user experience.
---------
Co-authored-by: autofix-ci[bot] <114827586+autofix-ci[bot]@users.noreply.github.com>
* fix: use canEditDeployGitSource for git provider access on existing deploys
Replaces the simple userId ownership check with a new canEditDeployGitSource
function that correctly handles all role/sharing scenarios. Owner always has
access; admin and member only if they own the provider or it is shared with
the org — being assigned via accessedGitProviders (enterprise) only grants
permission to connect new deploys, not to edit the git source of existing ones.
Adds 26 unit tests covering owner, admin, member (with/without enterprise
license), shared providers, and the key regression case from issue #4469.
* [autofix.ci] apply automated fixes
---------
Co-authored-by: autofix-ci[bot] <114827586+autofix-ci[bot]@users.noreply.github.com>
* refactor: improve restore logging for database backups
- Updated restore functions across various database types (Postgres, MySQL, MongoDB, MariaDB, LibSQL, and Compose) to provide clearer logging messages.
- Replaced generic command execution logs with specific messages indicating the database being restored and the source backup file.
- This change enhances the clarity of restore operations and aids in troubleshooting by providing more context in the logs.
* [autofix.ci] apply automated fixes
---------
Co-authored-by: autofix-ci[bot] <114827586+autofix-ci[bot]@users.noreply.github.com>
* fix: strip credentials from service-level API responses
Registry passwords and S3 destination credentials were being returned
in service `.one` tRPC endpoints to any user with service-level read
access. Reported by Nihon Kohden Corporation security team.
- Strip registry `password` from `findApplicationById` via Drizzle `columns: { password: false }`
- Strip destination `accessKey`/`secretAccessKey` from all DB service finders (postgres, mysql, mariadb, mongo, libsql, compose, backup, volume-backups)
- Add `findRegistryByIdWithCredentials` for internal use only
- Builders and upload utils now load registry credentials by ID at execution time
- `createRollback` enriches `fullContext` with registry credentials before persisting to DB so rollback execution has what it needs
- Remove `findApplicationByIdWithCredentials` and `ApplicationNestedWithCredentials` — no longer needed
- Backup execution utils load full destination via `findDestinationById` at runtime instead of reading from the joined relation
* [autofix.ci] apply automated fixes
---------
Co-authored-by: autofix-ci[bot] <114827586+autofix-ci[bot]@users.noreply.github.com>
Docker Swarm's default start-first update order causes new database
containers to fail with 'DBPathInUse' because two containers compete
for the same data volume simultaneously. Docker then rolls back the
update, silently reverting any env var or config changes.
Using stop-first ensures the old container is stopped before the new
one starts, preventing volume lock conflicts across all database types.
Fixes#4550
Fixes#4553
- Replace z.coerce.number() with a custom transform that converts empty strings to undefined instead of 0
- Add value={field.value ?? ""} to numeric inputs so they visually clear when reset to undefined
- Enhanced the `apiReadTraefikConfig` schema by reintroducing path validation logic to prevent directory traversal attacks and unauthorized access.
- The validation now includes checks for null bytes and ensures paths start with a defined main Traefik path, improving security and robustness.
These changes strengthen the integrity of the configuration handling by ensuring only valid paths are accepted.
- Introduced a new SQL migration file `0171_lucky_echo.sql` to modify the foreign key constraint on the `sso_provider` table, changing the `ON DELETE` behavior from `cascade` to `set null`.
- Updated the journal to include the new migration version and its associated tag.
- Added a snapshot file for version 7 of the database schema, reflecting the current state of the `sso_provider` and other related tables.
These changes enhance the integrity of the database by ensuring that user references are set to null instead of being deleted when the referenced user is removed.
- Updated the alert block in the HandleForwardAuth component to provide clearer requirements for deploying the authentication proxy.
- Added a DnsHelperModal to assist with DNS configuration in the ForwardAuthServers component.
- Refined API input schemas for forward authentication operations to improve type safety and clarity.
- Removed the obsolete forward-auth SSO design document to streamline documentation.
These changes improve the user experience and maintainability of the forward authentication feature across the application.
Deleted the `.github/workflows/pr-quality.yml` file, which contained the configuration for the PR Quality workflow. This removal streamlines the repository by eliminating unused workflow files.
- Replaced `forwardAuthProviderId` with `forwardAuthEnabled` in the domain schema to simplify the configuration of forward authentication.
- Updated related tests to reflect this change, ensuring consistency across the application.
- Introduced a new SQL migration to create the `forward_auth_settings` table for managing authentication domains and their configurations.
This refactor enhances the clarity and maintainability of the forward authentication logic within the application.
- Deleted several SQL migration files related to the `webServerSettings` and `schedule` tables, which included adding and dropping columns and constraints.
- Removed snapshots corresponding to the deleted migrations to maintain consistency in the database schema history.
This cleanup enhances the maintainability of the migration history by removing outdated and unused files.
- Added the `VALID_BRANCH_REGEX` import to all Git provider components to ensure consistent branch validation.
- Removed duplicate imports of `VALID_BRANCH_REGEX` to streamline the code and improve readability.
This change enhances maintainability by centralizing branch validation logic across the application.
- Removed the selection of SSO providers from the UI, streamlining the process to enable/disable SSO for domains.
- Updated the API to eliminate the need for a provider ID when enabling forward authentication, relying on the configured settings instead.
- Enhanced user feedback by updating toast messages to reflect the current state of SSO authentication.
- Improved the UI layout for better clarity on SSO status and actions.
This refactor enhances the user experience by simplifying the SSO configuration process and ensuring clearer communication of actions taken.
Changed the schedule scoping in the schedule utility to use organizationId instead of userId, ensuring that schedules are shared across all owners and admins within the same organization. This aligns with the recent changes to enhance organizational resource management.
Consolidated import statements across multiple provider components by removing duplicate imports of VALID_BRANCH_REGEX. Improved the readability of the permission test for denied access by simplifying the expect statement. Additionally, added copy-to-clipboard functionality in relevant components to enhance user experience.
Bumped the version of dokploy to v0.29.7. Updated test descriptions for clarity, specifically renaming the test suite to reflect the roles of "owner" and "admin." Added new tests to ensure that members are denied access to various org-level enterprise resources, improving coverage and validation of permission checks.
Updated the permission check logic to specifically identify "owner" and "admin" roles as privileged static roles, enhancing clarity and accuracy in permission validation. This change ensures that only users with these roles are granted access to enterprise-only resources.
* fix: scope dokploy-server schedules to organization instead of user
Replaces userId with organizationId on the schedule table so that
global (dokploy-server) schedules are shared across all owners and
admins of the same organization, while remaining isolated between
different organizations.
Includes a data migration that backfills organizationId from the
owner membership record for any existing dokploy-server schedules.
Closes#4300
* [autofix.ci] apply automated fixes
---------
Co-authored-by: autofix-ci[bot] <114827586+autofix-ci[bot]@users.noreply.github.com>
- Added a new `forward_auth_settings` table to manage authentication domains and their configurations.
- Introduced UI components for handling forward authentication, including enabling/disabling SSO for domains and selecting SSO providers.
- Updated existing tests to include validation for the new `forwardAuthProviderId` field in domain configurations.
- Enhanced the dashboard to integrate forward authentication management, allowing users to configure SSO settings directly from the application interface.
This update improves the flexibility and security of application authentication by allowing integration with various identity providers.
* fix: scope dokploy-server schedules to organization instead of user
Replaces userId with organizationId on the schedule table so that
global (dokploy-server) schedules are shared across all owners and
admins of the same organization, while remaining isolated between
different organizations.
Includes a data migration that backfills organizationId from the
owner membership record for any existing dokploy-server schedules.
Closes#4300
* [autofix.ci] apply automated fixes
---------
Co-authored-by: autofix-ci[bot] <114827586+autofix-ci[bot]@users.noreply.github.com>
* fix(migrate-auth-secret): exit cleanly when there are no 2FA records
The empty-records branch of `main()` returned without calling
`process.exit(0)`, leaving the Drizzle Postgres connection pool
holding the event loop open. The `migrate-auth-secret` process
then hangs indefinitely after printing "No 2FA records found,
nothing to migrate." causing the upstream `0.29.3.sh` security
migration script (which calls this via `docker exec`) to never
reach its final `docker service update` step that mounts the new
Docker Secret. Operators end up with the new secret created but
the dokploy service still configured with the hardcoded
`BETTER_AUTH_SECRET`, while believing the migration completed.
Match the success branch a few lines below which already does
`process.exit(0)`, and the pattern used in sibling scripts
`reset-password.ts` and `reset-2fa.ts`.
Closes#4392
* feat(compose): add import from base64 in create service dropdown
Adds an "Import" option to the Create Service dropdown that lets users
paste a base64-encoded compose export, preview the template (compose YAML,
domains, envs, mounts) before confirming, and create the service only on
confirm. Adds a `previewTemplate` tRPC procedure that processes the base64
without touching the DB, with server access validation via session.
* [autofix.ci] apply automated fixes
* Enhance version synchronization workflow to include SDK repository
- Updated the GitHub Actions workflow to sync versioning across MCP, CLI, and SDK repositories.
- Added steps to bump the version in the SDK repository and regenerate tools from the latest OpenAPI spec.
- Improved commit message formatting to include source and release information for all repositories.
- Ensured successful synchronization messages for each repository after the version update.
* feat(deployment): add readLogs procedure to fetch deployment logs
- Introduced a new `readLogs` procedure that allows users to retrieve logs for a specific deployment by providing the deployment ID and an optional tail parameter.
- Implemented permission checks to ensure users have access to the requested logs.
- Enhanced log retrieval for both cloud and non-cloud environments, utilizing appropriate commands based on the server context.
Resolve https://github.com/Dokploy/mcp/issues/14
* feat(deployment): add server access validation for deployment actions
- Implemented server access validation in deployment procedures to ensure users can only access deployments associated with their active organization.
- Added checks to throw an UNAUTHORIZED error if a user attempts to access a deployment linked to a server outside their organization.
This enhancement improves security and access control within the deployment management system.
* feat(organization): prevent inviting users with owner role
- Added validation to prevent users from being invited with the owner role in the organization and user routers.
- Implemented TRPCError responses to ensure proper error handling when attempting to assign the owner role.
This change enhances role management and security within the organization structure.
https://github.com/Dokploy/dokploy/security/advisories/GHSA-fm9p-wmpw-gxjh
* feat(user): implement session cleanup on user update
- Added functionality to delete old sessions when a user updates their password, ensuring that only the current session remains active.
- This change enhances security by preventing unauthorized access from previous sessions after a password change.
Close here https://github.com/Dokploy/dokploy/security/advisories/GHSA-rr9m-w87g-46f3
* feat(settings): add copy button to server IP in web server settings (#4397)
* fix: copy Dokploy server IP when clicking server badge (#4390)
* fix: copy Dokploy server IP when clicking server badge
When a service runs on the local Dokploy server (no remote server),
clicking the server badge did nothing because `data.server` is null.
Now falls back to the server IP from settings so the badge always
copies an IP address.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
* feat(copy-ip): implement IP address copying functionality across database service components
- Added the ability to copy the server IP address to the clipboard when clicking the server badge in various database service components (Libsql, MariaDB, MongoDB, MySQL, PostgreSQL, Redis).
- Integrated the `copy-to-clipboard` library and `sonner` for user feedback upon successful copy action.
- Ensured fallback to the server IP from settings when the service data is not available, enhancing user experience and functionality.
---------
Co-authored-by: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Co-authored-by: Mauricio Siu <siumauricio@icloud.com>
* fix: responsive layout (#4391)
Signed-off-by: Nahidujjaman Hridoy <hridoyboss12@gmail.com>
* fix: automatically converting username to lowercase both in creation of register, and build for extra. (#4382)
* fix: allow square brackets in zip path validation for Next.js dynamic routes (#4468)
* fix: allow square brackets in zip drop path validation for Next.js dynamic routes
ZIP uploads containing Next.js dynamic route files (e.g. app/api/[id]/route.ts,
pages/[slug].tsx) were rejected by readValidDirectory because the path regex
did not include square bracket characters.
* [autofix.ci] apply automated fixes
---------
Co-authored-by: autofix-ci[bot] <114827586+autofix-ci[bot]@users.noreply.github.com>
* fix: prevent webhook deploy crash when commit data lacks modified files (#4470)
shouldDeploy passed undefined/null entries from commit.modified straight
into micromatch, which throws "Expected input to be a string" and fails
every webhook deployment when watch paths are configured. Filter out
non-string values before matching.
* fix: add type="button" to TooltipTrigger in form components to prevent accidental submission (#4422)
Co-authored-by: Maks Pikov <mixelburg@users.noreply.github.com>
* fix: enable comment toggle shortcut in env variable editor (#4402) (#4473)
* fix: add tls=true label for domains when certificateType is none (#4018) (#4474)
* fix: add tls=true label for compose domains when certificateType is none (#4018)
* test: cover tls=true label for certificateType none, require https
* fix: scope tls fix to compose labels, leave traefik file config unchanged (#4018)
* chore: update version to v0.29.5 in package.json
* chore(deps): upgrade next to 16.2.6 (#4477)
Upgraded next dependency in apps/dokploy to 16.2.6 exactly. Verified typescript typecheck passes successfully.
* feat: add self-hosted enterprise restrictions (remote-servers-only, enforce-sso) (#4511)
* feat: add self-hosted enterprise restrictions (remote-servers-only, enforce-sso)
- Add `remoteServersOnly` field to webServerSettings: prevents creating services
on the local Dokploy VM, forcing all deployments to remote servers. Validated
in all 8 service routers (application, compose, postgres, mysql, mongo, redis,
mariadb, libsql).
- Add `enforceSSO` field to webServerSettings: hides the email/password login
form and shows only the SSO button on the login page.
- Both settings are enterprise-only (enterpriseProcedure) and self-hosted-only
(blocked at the API level when IS_CLOUD=true).
- UI toggles added to the SSO settings page under a new "Self-hosted
Restrictions" card (hidden in cloud). Login page reads enforceSSO from
getServerSideProps to avoid client-side flash.
- Migrations: 0167_fresh_goliath.sql, 0168_long_justice.sql
* fix: add missing final newlines to migration files
* refactor: improve code formatting for better readability in multiple components
- Adjusted formatting in `add-application.tsx`, `add-compose.tsx`, and `add-database.tsx` to enhance readability by adding line breaks and consistent indentation.
- Updated `toggle-enforce-sso.tsx` to simplify the Switch component's props.
- Reformatted imports in `index.tsx` and `sso.tsx` for consistency.
- Cleaned up conditional statements in various router files for improved clarity.
* fix: add enforceSSO to test mock
* fix: grant create and delete SSH key permissions when canAccessToSSHKeys is enabled for members (#4512)
* fix: use create permission for basic auth delete instead of delete (#4513)
* fix: wrap long server names and keep actions menu visible (#4434)
On settings/servers, a long server name in the card title (h3) did not
wrap and overflowed its container, overlapping nearby content and
squeezing the three-dots actions menu until it disappeared.
Allow the title block to shrink and wrap (min-w-0 + break-words), keep
the server icon and the actions trigger from being crushed (shrink-0),
and add gap between the title and the actions button.
* chore: update version to v0.29.6 in package.json
* fix: preserve HOME in compose deploy so --with-registry-auth can read docker config (#4485)
The compose/stack deploy command runs under `env -i PATH="$PATH"`, which
clears the environment except for PATH. That strips HOME, so when the
generated command is `docker stack deploy --prune --with-registry-auth`
the docker CLI cannot resolve `~/.docker/config.json` (e.g.
`/root/.docker/config.json`) and ships no registry credentials to the
swarm. Private-registry images then fail to pull on the nodes:
image registry.example.com/... could not be accessed on a registry to
record its digest. Each node will access ... independently
while the deploy still logs "Docker Compose Deployed: ✅".
Keep PATH isolation but preserve HOME so docker can read its config for
both `stack deploy --with-registry-auth` and `compose up -d --build`.
Add a regression test asserting the generated command preserves
`HOME="$HOME"` for both stack and docker-compose deploys.
Fixes#4401
Co-authored-by: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
---------
Signed-off-by: Nahidujjaman Hridoy <hridoyboss12@gmail.com>
Co-authored-by: ngenohkevin <ngenohkevin19@gmail.com>
Co-authored-by: Mauricio Siu <47042324+Siumauricio@users.noreply.github.com>
Co-authored-by: Mauricio Siu <siumauricio@icloud.com>
Co-authored-by: autofix-ci[bot] <114827586+autofix-ci[bot]@users.noreply.github.com>
Co-authored-by: Volodymyr Kravchuk <volodymyr.kravch@gmail.com>
Co-authored-by: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Co-authored-by: Nahidujjaman Hridoy <75487507+nhridoy@users.noreply.github.com>
Co-authored-by: Francis <9560564+Baker@users.noreply.github.com>
Co-authored-by: mixelburg <52622705+mixelburg@users.noreply.github.com>
Co-authored-by: Maks Pikov <mixelburg@users.noreply.github.com>
Co-authored-by: Jasael <67719321+jasael@users.noreply.github.com>
Co-authored-by: Philippe Parage <69145356+pparage@users.noreply.github.com>
Co-authored-by: youcef zr <93142224+youcefzemmar@users.noreply.github.com>
The compose/stack deploy command runs under `env -i PATH="$PATH"`, which
clears the environment except for PATH. That strips HOME, so when the
generated command is `docker stack deploy --prune --with-registry-auth`
the docker CLI cannot resolve `~/.docker/config.json` (e.g.
`/root/.docker/config.json`) and ships no registry credentials to the
swarm. Private-registry images then fail to pull on the nodes:
image registry.example.com/... could not be accessed on a registry to
record its digest. Each node will access ... independently
while the deploy still logs "Docker Compose Deployed: ✅".
Keep PATH isolation but preserve HOME so docker can read its config for
both `stack deploy --with-registry-auth` and `compose up -d --build`.
Add a regression test asserting the generated command preserves
`HOME="$HOME"` for both stack and docker-compose deploys.
Fixes#4401
Co-authored-by: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
On settings/servers, a long server name in the card title (h3) did not
wrap and overflowed its container, overlapping nearby content and
squeezing the three-dots actions menu until it disappeared.
Allow the title block to shrink and wrap (min-w-0 + break-words), keep
the server icon and the actions trigger from being crushed (shrink-0),
and add gap between the title and the actions button.
* feat: add self-hosted enterprise restrictions (remote-servers-only, enforce-sso)
- Add `remoteServersOnly` field to webServerSettings: prevents creating services
on the local Dokploy VM, forcing all deployments to remote servers. Validated
in all 8 service routers (application, compose, postgres, mysql, mongo, redis,
mariadb, libsql).
- Add `enforceSSO` field to webServerSettings: hides the email/password login
form and shows only the SSO button on the login page.
- Both settings are enterprise-only (enterpriseProcedure) and self-hosted-only
(blocked at the API level when IS_CLOUD=true).
- UI toggles added to the SSO settings page under a new "Self-hosted
Restrictions" card (hidden in cloud). Login page reads enforceSSO from
getServerSideProps to avoid client-side flash.
- Migrations: 0167_fresh_goliath.sql, 0168_long_justice.sql
* fix: add missing final newlines to migration files
* refactor: improve code formatting for better readability in multiple components
- Adjusted formatting in `add-application.tsx`, `add-compose.tsx`, and `add-database.tsx` to enhance readability by adding line breaks and consistent indentation.
- Updated `toggle-enforce-sso.tsx` to simplify the Switch component's props.
- Reformatted imports in `index.tsx` and `sso.tsx` for consistency.
- Cleaned up conditional statements in various router files for improved clarity.
* fix: add enforceSSO to test mock
* fix(migrate-auth-secret): exit cleanly when there are no 2FA records
The empty-records branch of `main()` returned without calling
`process.exit(0)`, leaving the Drizzle Postgres connection pool
holding the event loop open. The `migrate-auth-secret` process
then hangs indefinitely after printing "No 2FA records found,
nothing to migrate." causing the upstream `0.29.3.sh` security
migration script (which calls this via `docker exec`) to never
reach its final `docker service update` step that mounts the new
Docker Secret. Operators end up with the new secret created but
the dokploy service still configured with the hardcoded
`BETTER_AUTH_SECRET`, while believing the migration completed.
Match the success branch a few lines below which already does
`process.exit(0)`, and the pattern used in sibling scripts
`reset-password.ts` and `reset-2fa.ts`.
Closes#4392
* feat(compose): add import from base64 in create service dropdown
Adds an "Import" option to the Create Service dropdown that lets users
paste a base64-encoded compose export, preview the template (compose YAML,
domains, envs, mounts) before confirming, and create the service only on
confirm. Adds a `previewTemplate` tRPC procedure that processes the base64
without touching the DB, with server access validation via session.
* [autofix.ci] apply automated fixes
* Enhance version synchronization workflow to include SDK repository
- Updated the GitHub Actions workflow to sync versioning across MCP, CLI, and SDK repositories.
- Added steps to bump the version in the SDK repository and regenerate tools from the latest OpenAPI spec.
- Improved commit message formatting to include source and release information for all repositories.
- Ensured successful synchronization messages for each repository after the version update.
* feat(deployment): add readLogs procedure to fetch deployment logs
- Introduced a new `readLogs` procedure that allows users to retrieve logs for a specific deployment by providing the deployment ID and an optional tail parameter.
- Implemented permission checks to ensure users have access to the requested logs.
- Enhanced log retrieval for both cloud and non-cloud environments, utilizing appropriate commands based on the server context.
Resolve https://github.com/Dokploy/mcp/issues/14
* feat(deployment): add server access validation for deployment actions
- Implemented server access validation in deployment procedures to ensure users can only access deployments associated with their active organization.
- Added checks to throw an UNAUTHORIZED error if a user attempts to access a deployment linked to a server outside their organization.
This enhancement improves security and access control within the deployment management system.
* feat(organization): prevent inviting users with owner role
- Added validation to prevent users from being invited with the owner role in the organization and user routers.
- Implemented TRPCError responses to ensure proper error handling when attempting to assign the owner role.
This change enhances role management and security within the organization structure.
https://github.com/Dokploy/dokploy/security/advisories/GHSA-fm9p-wmpw-gxjh
* feat(user): implement session cleanup on user update
- Added functionality to delete old sessions when a user updates their password, ensuring that only the current session remains active.
- This change enhances security by preventing unauthorized access from previous sessions after a password change.
Close here https://github.com/Dokploy/dokploy/security/advisories/GHSA-rr9m-w87g-46f3
* feat(settings): add copy button to server IP in web server settings (#4397)
* fix: copy Dokploy server IP when clicking server badge (#4390)
* fix: copy Dokploy server IP when clicking server badge
When a service runs on the local Dokploy server (no remote server),
clicking the server badge did nothing because `data.server` is null.
Now falls back to the server IP from settings so the badge always
copies an IP address.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
* feat(copy-ip): implement IP address copying functionality across database service components
- Added the ability to copy the server IP address to the clipboard when clicking the server badge in various database service components (Libsql, MariaDB, MongoDB, MySQL, PostgreSQL, Redis).
- Integrated the `copy-to-clipboard` library and `sonner` for user feedback upon successful copy action.
- Ensured fallback to the server IP from settings when the service data is not available, enhancing user experience and functionality.
---------
Co-authored-by: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Co-authored-by: Mauricio Siu <siumauricio@icloud.com>
* fix: responsive layout (#4391)
Signed-off-by: Nahidujjaman Hridoy <hridoyboss12@gmail.com>
* fix: automatically converting username to lowercase both in creation of register, and build for extra. (#4382)
* fix: allow square brackets in zip path validation for Next.js dynamic routes (#4468)
* fix: allow square brackets in zip drop path validation for Next.js dynamic routes
ZIP uploads containing Next.js dynamic route files (e.g. app/api/[id]/route.ts,
pages/[slug].tsx) were rejected by readValidDirectory because the path regex
did not include square bracket characters.
* [autofix.ci] apply automated fixes
---------
Co-authored-by: autofix-ci[bot] <114827586+autofix-ci[bot]@users.noreply.github.com>
* fix: prevent webhook deploy crash when commit data lacks modified files (#4470)
shouldDeploy passed undefined/null entries from commit.modified straight
into micromatch, which throws "Expected input to be a string" and fails
every webhook deployment when watch paths are configured. Filter out
non-string values before matching.
* fix: add type="button" to TooltipTrigger in form components to prevent accidental submission (#4422)
Co-authored-by: Maks Pikov <mixelburg@users.noreply.github.com>
* fix: enable comment toggle shortcut in env variable editor (#4402) (#4473)
* fix: add tls=true label for domains when certificateType is none (#4018) (#4474)
* fix: add tls=true label for compose domains when certificateType is none (#4018)
* test: cover tls=true label for certificateType none, require https
* fix: scope tls fix to compose labels, leave traefik file config unchanged (#4018)
* chore: update version to v0.29.5 in package.json
---------
Signed-off-by: Nahidujjaman Hridoy <hridoyboss12@gmail.com>
Co-authored-by: ngenohkevin <ngenohkevin19@gmail.com>
Co-authored-by: Mauricio Siu <47042324+Siumauricio@users.noreply.github.com>
Co-authored-by: Mauricio Siu <siumauricio@icloud.com>
Co-authored-by: autofix-ci[bot] <114827586+autofix-ci[bot]@users.noreply.github.com>
Co-authored-by: Volodymyr Kravchuk <volodymyr.kravch@gmail.com>
Co-authored-by: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Co-authored-by: Nahidujjaman Hridoy <75487507+nhridoy@users.noreply.github.com>
Co-authored-by: Francis <9560564+Baker@users.noreply.github.com>
Co-authored-by: mixelburg <52622705+mixelburg@users.noreply.github.com>
Co-authored-by: Maks Pikov <mixelburg@users.noreply.github.com>
shouldDeploy passed undefined/null entries from commit.modified straight
into micromatch, which throws "Expected input to be a string" and fails
every webhook deployment when watch paths are configured. Filter out
non-string values before matching.
* fix: allow square brackets in zip drop path validation for Next.js dynamic routes
ZIP uploads containing Next.js dynamic route files (e.g. app/api/[id]/route.ts,
pages/[slug].tsx) were rejected by readValidDirectory because the path regex
did not include square bracket characters.
* [autofix.ci] apply automated fixes
---------
Co-authored-by: autofix-ci[bot] <114827586+autofix-ci[bot]@users.noreply.github.com>
* fix: copy Dokploy server IP when clicking server badge
When a service runs on the local Dokploy server (no remote server),
clicking the server badge did nothing because `data.server` is null.
Now falls back to the server IP from settings so the badge always
copies an IP address.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
* feat(copy-ip): implement IP address copying functionality across database service components
- Added the ability to copy the server IP address to the clipboard when clicking the server badge in various database service components (Libsql, MariaDB, MongoDB, MySQL, PostgreSQL, Redis).
- Integrated the `copy-to-clipboard` library and `sonner` for user feedback upon successful copy action.
- Ensured fallback to the server IP from settings when the service data is not available, enhancing user experience and functionality.
---------
Co-authored-by: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Co-authored-by: Mauricio Siu <siumauricio@icloud.com>
- Added functionality to delete old sessions when a user updates their password, ensuring that only the current session remains active.
- This change enhances security by preventing unauthorized access from previous sessions after a password change.
Close here https://github.com/Dokploy/dokploy/security/advisories/GHSA-rr9m-w87g-46f3
- Added validation to prevent users from being invited with the owner role in the organization and user routers.
- Implemented TRPCError responses to ensure proper error handling when attempting to assign the owner role.
This change enhances role management and security within the organization structure.
https://github.com/Dokploy/dokploy/security/advisories/GHSA-fm9p-wmpw-gxjh
- Implemented server access validation in deployment procedures to ensure users can only access deployments associated with their active organization.
- Added checks to throw an UNAUTHORIZED error if a user attempts to access a deployment linked to a server outside their organization.
This enhancement improves security and access control within the deployment management system.
- Introduced a new `readLogs` procedure that allows users to retrieve logs for a specific deployment by providing the deployment ID and an optional tail parameter.
- Implemented permission checks to ensure users have access to the requested logs.
- Enhanced log retrieval for both cloud and non-cloud environments, utilizing appropriate commands based on the server context.
Resolve https://github.com/Dokploy/mcp/issues/14
- Updated the GitHub Actions workflow to sync versioning across MCP, CLI, and SDK repositories.
- Added steps to bump the version in the SDK repository and regenerate tools from the latest OpenAPI spec.
- Improved commit message formatting to include source and release information for all repositories.
- Ensured successful synchronization messages for each repository after the version update.
Adds an "Import" option to the Create Service dropdown that lets users
paste a base64-encoded compose export, preview the template (compose YAML,
domains, envs, mounts) before confirming, and create the service only on
confirm. Adds a `previewTemplate` tRPC procedure that processes the base64
without touching the DB, with server access validation via session.
The empty-records branch of `main()` returned without calling
`process.exit(0)`, leaving the Drizzle Postgres connection pool
holding the event loop open. The `migrate-auth-secret` process
then hangs indefinitely after printing "No 2FA records found,
nothing to migrate." causing the upstream `0.29.3.sh` security
migration script (which calls this via `docker exec`) to never
reach its final `docker service update` step that mounts the new
Docker Secret. Operators end up with the new secret created but
the dokploy service still configured with the hardcoded
`BETTER_AUTH_SECRET`, while believing the migration completed.
Match the success branch a few lines below which already does
`process.exit(0)`, and the pattern used in sibling scripts
`reset-password.ts` and `reset-2fa.ts`.
Closes#4392
- Modified the regex pattern in the `readValidDirectory` function to allow for a wider range of characters, including colons, improving the validation of directory names.
- This change enhances input integrity by ensuring valid directory formats are accepted.
- Implemented a new workflow step to clone the SDK repository and update the OpenAPI specification.
- Configured Git user details for the sync operation and added a commit message format that includes source and update timestamp.
- Ensured successful synchronization of OpenAPI documentation to the SDK repository.
- Changed the path of the `migrate-auth-secret` script from the root directory to the `scripts` folder for better organization and clarity in the project structure.
- Added a regex validation for branch names in Bitbucket, Git, Gitea, GitHub, and GitLab provider schemas to ensure consistent and valid branch formats.
- Refactored the branch validation logic to improve readability and maintainability across the schemas.
- Enhanced input integrity by ensuring all provider schemas adhere to the same branch name validation rules.
- Added a new script `migrate-auth-secret.ts` to facilitate the migration of 2FA secrets when changing the BETTER_AUTH_SECRET.
- Updated `package.json` to include a command for running the migration script.
- Refactored the handling of BETTER_AUTH_SECRET to improve security by removing the hardcoded default and introducing a fallback mechanism using environment variables or Docker secrets.
- Updated the authentication logic to utilize the new `betterAuthSecret` function for retrieving the secret.
- Introduced a new validation schema for registry URLs, ensuring they conform to a specific format (hostname[:port]) and disallow shell metacharacters.
- Updated the `createSchema`, `apiCreateRegistry`, and `apiTestRegistry` functions to utilize the new registry URL validation.
- Improved security and input integrity for registry URL fields.
- Updated the `removeRegistry` function to escape the registry URL during logout to prevent command injection vulnerabilities.
- Updated the `destinationPath` field in the upload file schema to include a regex validation, ensuring only alphanumeric characters, dots, dashes, underscores, and forward slashes are allowed.
- Added a corresponding regex check in the `uploadFileToContainer` function to validate the destination path before processing, improving input integrity and preventing errors.
- Updated the WebSocket server to encode the log path in base64 before executing the tail command on the remote server.
- Added validation to ensure the directory name adheres to a specified regex pattern, improving input integrity for directory paths.
- Modified the `writeConfigRemote` function to encode the Traefik configuration in base64 before saving it to the remote YAML file.
- This change ensures that the configuration is correctly handled and prevents potential issues with special characters in the config.
- Introduced a regex validation for branch names in Bitbucket, Git, Gitea, GitHub, and GitLab provider schemas to ensure valid branch formats.
- Updated the corresponding schemas to include the new validation rule, enhancing input integrity and preventing potential errors.
- Added a utility for branch validation in the server utils.
- Updated the schedule form schema to include an optional 'description' field.
- Enhanced the form to allow users to input a description for each schedule.
- Modified the schedule display component to show the description if available.
- Added a database migration to include the 'description' column in the schedule table.
Introduced an optional 'isolated' boolean property in the CompleteTemplate interface to manage isolated deployment settings. Added tests to verify default behavior (isolated=true) and explicit settings (isolated=true/false) in the deployment configuration.
This change enhances template flexibility for deployment configurations.
Templates using network_mode: host (e.g. cloudflared) can now declare
isolated = false in their [config] section to prevent Dokploy from
injecting networks into the compose, which would cause a Docker error.
Default behavior (isolated = true) is unchanged for all existing templates.
Fixes#4366
Cards with descriptions appeared taller than those without, causing
the 'Created at' and service count text to be misaligned across cards
in the same row.
- Add flex-col and mt-auto to project cards so footer sticks to bottom
- Add h-full to service card Link and Card so they fill the grid cell
Three stray debug console.log calls had been left in production code paths:
- restore-backup.tsx: logged the full form payload on every backup restore
submission.
- add-database.tsx: logged the libsql `enableNamespaces` field value from
inside a `render` callback, firing on every re-render of the parent form.
- project.ts (duplicateProject mutation): logged the freshly-created
target project/environment row on the server on every duplicate.
No behaviour change; strictly removes log noise.
Add 10s AbortSignal timeout to all template fetch calls so they fail
cleanly instead of hanging indefinitely when templates.dokploy.com is
unreachable. Add try/catch to getTags endpoint which was missing error
handling, causing a 500 instead of returning an empty list.
Closes#4282
Replace permanent (301) redirects with temporary (302) redirects across
all pages that check authentication state in getServerSideProps.
Permanent redirects are cached by the browser indefinitely, causing a
bug where users had to manually refresh after login: the browser would
cache the unauthenticated redirect (dashboard → login page) and replay
it even after a successful login, preventing navigation to the dashboard.
Fixes#4220
Closes#3909
The previous 10s interval triggered a DB query (SELECT 1) 360 times/hour,
keeping Node.js heap under constant pressure and preventing the GC from
reclaiming memory efficiently. Increasing to 30s reduces query load by 3x.
Also adds start-period=60s to avoid false failures during startup.
- Added a maximum length constraint of 255 characters for the email input field.
- Updated validation schema to include a message for exceeding the maximum length.
- Added `sendInvitationEmail` function to send invitation emails when a new organization is created in the cloud environment.
- Updated email template to enhance the invitation message and included a direct link for users to accept the invitation.
- Refactored email sending logic in the user router to utilize the new invitation email rendering function.
- Improved organization invitation email design for better user experience.
- Implemented checks in the WebSocket server setups for Docker container logs, terminal, and deployment logs to ensure users can only access resources associated with their active organization.
- Enhanced security by closing WebSocket connections if the organization ID does not match the session's active organization ID.
Prevents owner/admin users of one organization from accessing servers,
destinations, and Docker Swarm join tokens belonging to other organizations
by validating organizationId on all endpoints that accept serverId or
destinationId as direct input.
- cluster: validate serverId org on getNodes, addWorker, addManager, removeWorker
- deployment: validate serverId org on allByServer
- backup: validate destinationId + serverId org on listBackupFiles
- volume-backups: validate destinationId + serverId org on restoreVolumeBackupWithLogs
- wss: validate server org on docker-container-logs, docker-container-terminal,
listen-deployment, and terminal WebSocket handlers
- auth: fix TypeScript type for API key metadata parsing
Allows users to quickly copy the AI-generated log analysis to their
clipboard from the analyze-logs popover, matching the copy UX used in
the deployment and docker logs views.
Made-with: Cursor
- Added comprehensive permission checks for creating, updating, and deleting schedules based on user roles (owner/admin) and schedule types (server/dokploy-server).
- Implemented restrictions for cloud users to prevent managing host-level schedules and changing schedule types.
- Improved access control for server-level schedules to ensure users can only manage schedules associated with their organization.
The search filter on the Requests tab was incorrectly filtering by
RequestPath instead of RequestHost, causing "filter by name" to match
URL paths rather than hostnames. Updated the placeholder text to
reflect the correct field being searched.
Fixes#4249
- Adjusted the Card component to have a minimum height of 85vh for better visual consistency.
- Ensured the inner div has a full height to enhance the layout structure.
- Replace individual project and server queries with a consolidated homeStats query to streamline data retrieval for the dashboard.
- Update the ShowHome component to utilize homeStats for displaying project, environment, application, and service counts, along with their status breakdown.
- Enhance data handling for user permissions to ensure accurate statistics based on user access levels.
- Home: 4 KPI cards (projects, services, deploys/7d, status list),
server column with icon in recent deployments, empty state with
icon, dashboard card frame to match other pages.
- Include libsql in project services count sort.
- Fix bulk actions in environment page: libsql was missing from
start, stop, move, delete and deploy handlers.
Adds a new /dashboard/home landing with welcome header, KPI cards
(deploys/24h, build, CPU, memory) and a recent deployments list.
Home is now the post-login landing and the destination for permission
fallback redirects across the app. Projects remains accessible from
the sidebar.
Update the version retrieval command in the GitHub Actions workflow to strip the 'v' prefix from the version number in package.json. This change ensures that the version format is consistent for downstream processes.
Modify the GitHub Actions workflow to clone the MCP and CLI repositories into temporary directories instead of the current directory. This change improves the organization of the workflow and ensures that the latest OpenAPI specification is correctly referenced during the synchronization process.
Enhance the GitHub Actions workflow by adding a workflow_dispatch trigger, allowing manual execution of the version synchronization process. This provides greater flexibility in managing version updates for MCP and CLI repositories.
Update the GitHub Actions workflow to bump the version in package.json after installing dependencies, ensuring that the version is not overwritten by pnpm install. This change enhances the reliability of version synchronization for both MCP and CLI repositories.
Change the logger's disabled property to be dependent on the NODE_ENV variable, ensuring logging is disabled in production for improved performance and security.
- Add `sendOnSignIn: true` to emailVerification config so unverified users
receive a new verification email when they attempt to sign in
- Create styled verification email template matching the invoice email design
- Extract `sendVerificationEmail` helper to keep auth.ts clean
- Show friendly message on login when email is not verified
Enhance the TagSelector component to display a message when no tags are created, prompting users to add tags. This improves user experience by providing clear feedback in the UI.
Update the GitHub Actions workflow to include regeneration of tools from the latest OpenAPI specification and ensure the latest openapi.json is copied to the CLI repository. This improves the consistency and accuracy of the versioning and API documentation across both repositories.
Implement a GitHub Actions workflow to automatically sync the version from the Dokploy repository to the MCP and CLI repositories upon release. This includes cloning the repositories, updating the package.json version, and committing the changes with relevant metadata, ensuring consistent versioning across platforms.
Implement workflows to sync the OpenAPI specification to both the MCP and CLI repositories. This includes cloning the repositories, updating the openapi.json file, and committing the changes with relevant metadata. The process ensures that the OpenAPI documentation is consistently updated across multiple platforms.
Integrate a new component, ShowContainerNetworks, to display network details for each container in the dashboard. This includes a dialog that shows network information such as IP address, gateway, and MAC address, enhancing the container management capabilities.
Add a new "View Mounts" action to the container dropdown that displays
volume and bind mounts in a formatted table (type, source, destination,
mode, read/write). Also add "View Config" and "Terminal" actions to the
compose containers tab which previously only had logs and lifecycle actions.
Right-click on service cards to quickly Start, Deploy, Stop, or Delete
a service without navigating into it. Uses shadcn/ui ContextMenu
component built on @radix-ui/react-context-menu. Delete action shows
a confirmation dialog. LibSQL services are excluded since they lack
standard mutation endpoints.
Change the audit action from "kill" to "stop" for the containerKill function to better reflect the operation being performed. This aligns the logging with the intended action and improves clarity in audit records.
Change restartContainer, startContainer, stopContainer, and killContainer
endpoints to use service.read instead of docker.read so members with
access to the compose can use container lifecycle actions.
Add a Containers tab to the compose service page that lists all
containers with their state, status, and container ID. Each container
has a dropdown menu with lifecycle actions: View Logs, Restart, Start,
Stop, and Kill.
- Add containerStart, containerStop, containerKill functions to docker service
- Add corresponding tRPC procedures with server ownership checks and audit logging
- Update containerRestart to support remote servers via serverId
- Create ShowComposeContainers component with table view and action menu
- Add Containers tab between Deployments and Backups, gated by docker.read permission
- Simplified code formatting for better readability in various components.
- Updated job scheduling functions to handle errors gracefully, ensuring that failures in scheduling do not disrupt the overall process.
- Enhanced logging for better traceability of job scheduling issues.
These changes improve code maintainability and user experience by providing clearer error messages and more organized code structure.
- Added customer update fields for automatic name and address handling during subscription creation.
- Enabled billing address collection and tax ID collection for improved compliance and billing accuracy.
These changes enhance the Stripe payment process by ensuring necessary customer information is captured and managed effectively.
- Introduced a new feature allowing users to enable or disable invoice email notifications in the billing settings.
- Implemented email notifications for successful invoice payments and payment failures, enhancing user communication regarding billing.
- Updated the database schema to include a new column for storing user preferences on invoice notifications.
- Added corresponding email templates for invoice notifications and payment failure alerts.
These changes improve user experience by keeping users informed about their billing status and actions required.
When both stripPath and internalPath are configured, addPrefix was pushed
before stripPrefix causing incorrect path rewriting (e.g. /app/v2/public/api
instead of /app/v2/api). Traefik executes middlewares in array order, so
stripPrefix must come first.
Closes#4061
When users set a custom docker compose command without the -p flag,
Docker Compose defaults to using the directory name (code) as the
project name. If the custom command is later removed, Dokploy uses
-p appName, creating a new stack while the old one remains running.
Injecting COMPOSE_PROJECT_NAME=appName into the .env ensures the
project name is always consistent regardless of the command used.
Closes#4019
Commands were chained with && so if the project directory was missing,
cd would fail and docker compose down would never execute — leaving
containers and volumes running. Use semicolons to run each command
independently, matching the existing stack deletion pattern.
Closes#4064
- Updated the AnalyzeLogs component to display a message and button for configuring AI providers when none are available, improving user guidance.
- Added a link to the settings page for easy access to AI provider configuration.
- Integrated new icon for the configuration button to enhance UI clarity.
These changes improve the user experience by ensuring users are informed about the need to set up AI providers for log analysis.
- Updated the `getContainerLogs` function to accept either an application name or container ID, improving flexibility in log retrieval.
- Simplified the command execution logic by consolidating the remote and local execution paths.
- Added a new parameter to directly use container IDs, streamlining the process for users.
These changes enhance the usability of the logging feature, allowing for more efficient access to container logs.
- Implemented a new `readLogs` procedure across various routers (application, compose, libsql, mariadb, mongo, mysql, postgres, redis) to enable users to retrieve logs from containers.
- Each procedure includes input validation for parameters such as `tail`, `since`, and `search`, ensuring robust access control and authorization checks.
- Enhanced the `getContainerLogs` service to support fetching logs from both Docker containers and services, improving the logging capabilities of the application.
This feature enhances observability and troubleshooting for users by providing direct access to container logs.
- Corrected the API URL for Z.AI by removing the trailing slash.
- Modified the AI router mutation to include context and added access control to ensure users can only access their organization's AI settings.
These changes improve the accuracy of the API integration and enhance security by enforcing organizational access restrictions.
- Introduced the AnalyzeLogs component for analyzing logs using AI, allowing users to select AI providers and view analysis results.
- Integrated AnalyzeLogs into the ShowDeployment and DockerLogsId components, enabling log analysis for both build and runtime contexts.
- Updated the AI router to include a new endpoint for log analysis, which processes logs and returns structured insights.
- Enhanced the AI provider selection logic to support new providers, including Z.AI and MiniMax.
This feature enhances the user experience by providing actionable insights from logs, improving troubleshooting and operational efficiency.
Add allForApps endpoint that returns only sshKeyId and name using protectedProcedure instead of withPermission, so members can select SSH keys in the git provider dropdown without needing access to the SSH Keys management panel.
closes#4069
Move server.listen() before the initialization block so the HTTP server
is already responding when Docker healthchecks begin. Previously, slow
operations like SMTP timeouts in sendDokployRestartNotifications() could
block the server from listening, causing healthcheck failures and
container restarts.
Closes#4049
The catch block was swallowing the real error from the ntfy server,
making it impossible to diagnose connection failures (e.g. SSL, DNS,
auth issues). Now the underlying error message is included in the
tRPC error response.
Closes#4047
- Change compose.loadServices permission from service:create to service:read
since loading services from a compose file is a read-only operation
- Add saveEnvironment endpoint to compose router with envVars:write permission
- Update show-environment.tsx to use saveEnvironment mutations instead of
generic update mutations for all service types (compose, databases)
Closes#4052
The actions array in Slack attachments requires Interactive Components
to be configured on the Slack app, which causes notifications to fail.
Replaces with a Details field using mrkdwn hyperlink syntax and adds
mrkdwn_in to ensure the link renders as clickable.
Closes#4053
writeDomainsToCompose reads the compose file in Node.js before the
shell script runs, so patches applied as shell commands were being
overwritten by the stale pre-patch content.
Split patch execution into a separate step that runs before
getBuildComposeCommand, so the file is already patched when Node.js
reads it for domain injection.
Also added missing patch support to rebuildCompose which was skipping
patches entirely on redeploys.
Closes#4113
The naive split(":").pop() approach treated the port number in
registry URLs (e.g. registry:5000/image) as the image tag.
Now uses lastIndexOf(":") and checks if the suffix matches a port
followed by a path (digits + slash), consistent with extractImageName.
Closes#4082
- Normalize emails with toLowerCase().trim() before comparing
- Wrap getUserByToken in try/catch since it throws TRPCError on miss,
rethrow as APIError for consistent error responses
Also checks that the invitation is not expired and has not already been
used before allowing account creation.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
- Updated the authentication process to check if the email of the user matches the email associated with the invitation token.
- Improved error handling for cases where the user is not found or the email does not match the invitation.
- Added `isEnterpriseCloud` field to the user schema to enhance user differentiation for enterprise cloud services.
- This change supports the ongoing updates to billing and subscription management for enterprise users.
- Introduced `isEnterpriseCloud` boolean field in the user schema to differentiate enterprise users.
- Updated billing UI to display specific information for enterprise cloud users, including a dedicated section for managing subscriptions.
- Modified API webhook logic to handle subscription updates and server management based on the `isEnterpriseCloud` status.
- Introduced `accessedServers` field in user permissions schema and member table.
- Implemented server access validation across various API routers to ensure users can only access permitted servers.
- Added a new query to fetch accessible server IDs based on user roles and licenses.
- Updated UI components to support server selection in user permissions.
Resolve conflicts:
- Integrate credentials-based user provisioning with canary changes
- Use withPermission("member", "create") instead of adminProcedure
- Adopt standardSchemaResolver, inviteMember mutation, and custom roles from canary
- Restrict credentials flow to non-cloud environments
- Enhanced the `formatSizeValue`, `formatMemUsage`, and `formatIOValue` functions to handle edge cases more effectively.
- Updated regex and condition checks to ensure proper parsing of input strings, improving overall reliability in formatting size values.
- Introduced a tabbed layout in the ShowSwarmOverviewModal to separate the overview and containers views.
- Added ShowSwarmContainers component to the containers tab, improving the organization of information.
- Integrated Card component for better styling and presentation of the containers section.
- Introduced new components for handling various empty states in the Swarm containers dashboard, including `SwarmNotAvailable`, `ServicesError`, `NoServices`, and `NoRunningContainers`.
- Added `SummaryCards` component to display key metrics such as node count, down nodes, service count, and running containers.
- Enhanced the `ShowSwarmContainers` component to integrate the new empty states and summary cards, improving user feedback and overall experience.
- Introduced a new optional `icon` field to the application schema, allowing for icon uploads.
- Implemented validation to ensure the icon size does not exceed 2MB, enhancing data integrity.
- Updated the ShowIconSettings component to include a dialog for icon selection and upload.
- Added functionality to handle file uploads, including validation for file types and sizes.
- Implemented icon removal feature within the dialog.
- Refactored icon selection logic to improve user experience and maintainability.
- Adjusted the application page to integrate the updated ShowIconSettings component.
- Added `dompurify` for sanitizing SVG icons to prevent XSS vulnerabilities.
- Introduced `simple-icons` for a collection of SVG icons, enhancing the icon selection feature.
- Updated the `ShowIconSettings` component to utilize the new icon management logic.
- Removed the obsolete `icons.json` file and replaced it with a new `bundled-icons.ts` file for better structure and maintainability.
- Adjusted related API and component files to accommodate the new icon handling approach.
- Added logic to conditionally set the custom entry point based on the useCustomEntrypoint flag.
- Updated the onCheckedChange handler to clear the custom entry point value when the switch is turned off, improving form state management.
- Introduced a new SQL script to add a "middlewares" column to the "domain" table with a default value of an empty text array.
- Updated the journal to include the new migration entry for version 0161.
- Added a snapshot file for version 7, detailing the schema changes for the "account" and "apikey" tables.
- Introduced a new SQL script to set the default value for the "dockerImage" column in the "mongo" table.
- Updated the journal to include the new migration entry for version 0160.
- Added a snapshot file for version 7, detailing the schema for the "account" and "apikey" tables.
- Updated password validation in MariaDB, MongoDB, MySQL, Postgres, and Redis routers to enforce a regex pattern that restricts invalid characters.
- Introduced a consistent error message for invalid passwords to improve user guidance and ensure database compatibility.
- Refactored password validation logic in the schema files to utilize shared constants for regex and messages, promoting code reuse and maintainability.
- Added confirmation password field and validation to the `UpdateDatabasePassword` component.
- Refactored password update logic in MariaDB, MongoDB, MySQL, Postgres, and Redis routers to utilize database transactions for improved reliability.
- Ensured consistent handling of password updates across all database types, enhancing user experience and security.
- Improved error messages when updating the database password to provide clearer guidance based on the error type.
- Added specific feedback for cases where the database container is not running, prompting users to start the service before attempting to change the password.
- Introduced a new `UpdateDatabasePassword` component to facilitate password updates for database credentials.
- Implemented password change mutations in the respective API routers for MariaDB, MongoDB, MySQL, Postgres, and Redis.
- Enhanced user experience by providing success notifications upon successful password updates.
- Updated UI components to include the new password update functionality, ensuring consistency across different database types.
- Added a new section to the certificate details view to show associated server information, including the server name and IP address, enhancing the visibility of server-related data for each certificate.
- Updated the API to include server data when fetching certificates.
- Updated the `extractExpirationDate` and `extractCommonName` functions to return null instead of throwing errors when encountering unexpected structures in the certificate data. This change enhances the robustness of the certificate parsing logic.
- Eliminated the `autoRenew` field from the certificate schema, API router, and related components to streamline certificate management.
- Updated form handling and validation logic accordingly to reflect the removal of the auto-renew feature.
- Modified the access control settings for the 'certificate' resource to allow 'update' permissions for admin and owner roles.
- Updated the certificate router to use the new permission structure for the update mutation.
- Introduced `APP_NAME_REGEX` and `APP_NAME_MESSAGE` constants in `schema.ts` for consistent app name validation across `add-application.tsx`, `add-compose.tsx`, and `add-database.tsx`.
- Updated regex and error message in the respective schemas to utilize the new constants, improving maintainability and readability.
- Updated the `templates` procedure in the compose router to use `protectedProcedure` instead of `publicProcedure`, enhancing access control for this endpoint.
- Introduced a new column `bookmarkedTemplates` to the user table to store user-specific template bookmarks.
- Updated API methods to manage bookmarked templates, replacing the deprecated user_template_bookmarks table.
- Adjusted queries to retrieve and toggle bookmarks directly from the user record.
- Added DockerDiskUsageChart component to visualize Docker disk usage data.
- Refactored existing chart components (DockerBlockChart, DockerCpuChart, DockerDiskChart, DockerMemoryChart, DockerNetworkChart) to use a consistent ChartContainer and updated chart configurations.
- Improved tooltip functionality and styling across all charts for better user experience.
- Integrated new API endpoint for fetching Docker disk usage data.
- Replaced protectedProcedure with withPermission for the uploadFileToContainer mutation to enhance permission management.
- Improved code clarity by removing unnecessary imports.
- Consolidated the file upload logic for both remote and local servers into a single command.
- Removed redundant temporary file handling and streamlined error management.
- Improved code readability by reducing complexity in the uploadFileToContainer function.
- Restored the type import for UploadFileToContainer in the upload file modal component.
- Updated useForm to correctly utilize the UploadFileToContainer type for improved type safety.
- Changed zodResolver import to standardSchemaResolver for improved schema handling.
- Adjusted Dropzone layout for better visual alignment and user experience.
- Removed unused uploadProcedure from the Docker router to streamline the API.
- Replaced inline timestamp generation with the new getBackupTimestamp function across various backup modules (compose, libsql, mariadb, mongo, mysql, postgres, web-server, and volume-backups).
- Improved code readability and maintainability by centralizing timestamp formatting logic.
- Updated conditional checks for customEntrypoint to use a more concise syntax.
- Ensured consistent handling of HTTPS configurations across domain management functions.
- Improved code readability and maintainability by streamlining logic in addDomainToCompose and manageDomain functions.
- Implemented tests to verify the addition of stripPath and internalPath middlewares for custom entrypoints.
- Ensured correct path prefixing in router rules and combined middleware functionality.
- Added checks to confirm that redirect-to-https is not added for custom entrypoints even when HTTPS is enabled.
- Enhanced tests for router configuration with custom entrypoints, including path handling and TLS settings.
- Updated the repository cloning functions to prioritize internal URLs for Gitea and GitLab, enhancing security and access control.
- Ensured fallback to external URLs if internal ones are not available.
- Changed the anonymous async function to a named function `runRestore` for better readability.
- Enhanced error handling to log specific error messages during the restore process.
Updated the orderBy clause in the schedules query to sort by the createdAt field instead of the name, ensuring schedules are returned in the order they were created.
- Replaced `createSchema.pick` with `z.object` for `apiFindOneLibsql` and `apiFindMountByApplicationId` to enforce stricter validation.
- Ensured `libsqlId`, `serviceType`, and `serviceId` are required strings with minimum length constraints.
- Added loading state for the sharing toggle in the UI to prevent user interaction during processing.
- Enhanced authorization logic in the API to ensure that both user and organization ownership are validated before allowing sharing of Git providers.
- Improved error handling in the license key deactivation process to log failures for better debugging.
- Added functionality to toggle sharing of Git providers with the organization.
- Introduced a new column "sharedWithOrganization" in the git_provider table to track sharing status.
- Updated user permissions to include accessedGitProviders, allowing for more granular access control.
- Enhanced API routes to support fetching accessible Git providers based on user roles and permissions.
- Implemented UI components for managing Git provider sharing and permissions in the dashboard.
- Added dokployBackup parameter to various notification functions and schemas to support backup notifications.
- Updated HandleNotifications component to include dokployBackup in notification payloads.
- Enhanced notification utilities to accommodate new backup notification types across multiple channels.
- Introduced a new boolean column "dokployBackup" in the "notification" table with a default value of false.
- Added journal entry for version 7 tagged as "0156_fair_vargas" to track this schema change.
- Created a new snapshot file for version 7 to reflect the updated database schema.
- Introduced a new switch control in the notifications settings to enable or disable actions triggered by Dokploy backup creation.
- Enhanced user interface for better interaction with notification settings.
- Consolidated command execution for removing Traefik config files by using a single command string.
- Enhanced error handling to log issues encountered during the removal process for both local and remote configurations.
- Updated createCustomNotification, createLarkNotification, createMattermostNotification, and updateMattermostNotification to include volumeBackup as a parameter, enhancing notification capabilities.
- Introduced regex validation for the `additionalFlags` field to ensure proper flag formatting.
- Updated error handling in the API router to provide clearer feedback on validation issues.
- Refactored the database schema to align with the new validation rules for additionalFlags.
- Added a new validation module for destination-related checks.
- Refactored the `additionalFlags` field to use a structured object format, allowing for better validation and management of flag values.
- Replaced the textarea input with a dynamic list of input fields, enabling users to add or remove flags easily.
- Updated form handling to accommodate the new structure, ensuring proper data mapping during form submission.
- Introduced an optional `additionalFlags` field in the destination schema to allow users to specify extra parameters.
- Updated the form in the dashboard to include a textarea for entering additional flags.
- Modified the API router to handle the new `additionalFlags` input when creating or updating destinations.
- Adjusted database schema to accommodate the new field in the destination table.
- Added RemoveContainerDialog component for user confirmation before removing a Docker container.
- Integrated the dialog into the container management UI.
- Implemented server-side logic for container removal, including permission checks and error handling.
- Updated API router to include the new removeContainer mutation.
- Changed webhookUrl validation to ensure it is a valid URL.
- Updated input types for createMattermostNotification and updateMattermostNotification functions to use z.infer for better type inference.
- Refactored sendMattermostNotification to improve error handling and payload construction.
- Integrated MattermostIcon into the ShowNotifications component to support Mattermost notification type.
- Enhanced the user interface to visually represent Mattermost notifications alongside existing notification types.
- Introduced a new SQL file to alter the notificationType and create a Mattermost table.
- Added a foreign key relationship between the notification table and the new Mattermost table.
- Updated the journal and snapshot metadata to reflect these changes.
- Added FormDescription to clarify user requirements in the server handling component.
- Updated alert messages to inform users about connecting as root or non-root with passwordless sudo access.
- Introduced new status rows in the validation component to display privilege mode and Docker group membership.
- Implemented validation functions for sudo access and Docker group membership in the server setup scripts, ensuring proper permissions are checked during setup.
- Created a new SQL type for 'libsql' and established a corresponding table with necessary fields and constraints.
- Updated existing tables (backup, mount, volume_backup) to include foreign key references to 'libsql'.
- Enhanced the libsql schema in the application to support additional fields such as stopGracePeriodSwarm and endpointSpecSwarm.
- Adjusted form handling and validation to accommodate the new libsql service type, improving overall integration and functionality.
- Updated various swarm form components to include 'libsql' as a valid service type.
- Enhanced query and mutation handling for 'libsql' across multiple forms, ensuring comprehensive integration.
- Adjusted form schemas and data handling to accommodate 'libsql' service requirements, improving overall functionality.
- Created a new SQL type for 'libsql' and added it to the serviceType enum.
- Established a 'libsql' table with necessary fields and constraints.
- Updated existing tables (backup, mount, volume_backup) to include foreign key references to 'libsql'.
- Adjusted the mount schema to incorporate 'libsql' as a valid service type, enhancing service management capabilities.
- Updated service type checks in the getBaseFilesPath and getServerId functions to use application and service IDs for better clarity and reliability.
- Removed redundant service type checks and adjusted logic to enhance maintainability.
- Added 'libsql' to the server relations in the schema for improved service management.
- Added 'libsql' to the Services type in add-permissions.tsx for improved service management.
- Implemented extraction logic for 'libsql' services in the extractServices function.
- Updated project router to include 'libsql' in service filters and response columns, ensuring comprehensive data handling for libsql services.
- Modified the database name assignment in the RestoreBackup component to include 'iku.db' for the 'libsql' database type.
- Updated input disabling logic in both HandleBackup and RestoreBackup components to disable inputs for both 'web-server' and 'libsql' database types, enhancing user experience and preventing invalid input.
- Eliminated the ForceUpdate property from the TaskTemplate during service updates to streamline the update process.
- Adjusted the service update logic to focus on essential settings without the unnecessary increment of ForceUpdate.
- Replaced zodResolver import with standardSchemaResolver for improved schema handling.
- Refactored DockerProviderSchema to streamline validation logic and enhance readability.
- Updated external port validation to check for empty values and ensure proper error handling.
- Adjusted service access checks in the libsql router for better permission management.
- Removed unused imports from the ShowProjects component for better clarity.
- Updated LibsqlIcon dimensions to use relative units for improved responsiveness.
- Adjusted icon size in the EnvironmentPage for consistency with other icons.
- Added LibsqlIcon and updated ServiceCollections to include 'libsql'.
- Replaced BreadcrumbSidebar with AdvanceBreadcrumb in the Libsql service page for improved navigation consistency.
- Enhanced SERVICE_QUERY_KEYS and SERVICE_ICONS to accommodate libsql integration.
- Updated mutation hooks in the ShowExternalLibsqlCredentials and ShowGeneralLibsql components to use 'isPending' instead of 'isLoading' for better clarity in loading state representation.
- Adjusted button loading states accordingly to reflect the new naming convention.
- Updated backup and restore functionalities to include support for the 'libsql' database type.
- Enhanced the backup process with new methods for running and restoring libsql backups.
- Modified existing components and schemas to accommodate libsql, including updates to the database type enumerations and backup schemas.
- Removed obsolete bottomless replication features from the libsql schema.
- Updated related UI components to reflect changes in backup handling for libsql.
- Created a new SQL file defining the 'libsql' table with various fields including 'libsqlId', 'name', and 'databaseUser'.
- Added foreign key constraints linking 'libsql' to 'mount', 'volume_backup', 'environment', and 'server' tables.
- Updated the 'mount' and 'volume_backup' tables to include a new 'libsqlId' column and removed the obsolete 'serviceType' column.
- Added journal entry for the new schema version.
- Upgraded 'next' version from 16.1.6 to 16.2.0 in both pnpm-lock.yaml and package.json.
- Updated related dependency versions for '@trpc/next' and '@trpc/react-query' to align with the new 'next' version.
- Adjusted version hashes for better consistency in '@better-auth' packages.
- Simplified the payload construction for tag creation and updates in the HandleTag component.
- Improved code readability by consolidating the conditional logic for tagId handling.
- Added error handling for user permission fetching in the server-side props.
- Implemented a check for tag read permissions, redirecting unauthorized users to the home page.
- Enhanced the overall structure of the server-side logic for better clarity and maintainability.
- Replaced role-based access control with permission-based checks for tag visibility in the side menu.
- Updated API route handlers to utilize protected procedures for tag queries, enhancing security and consistency in permission management.
- Integrated user permissions for tag creation, updating, and deletion in the TagManager component.
- Updated API routes to enforce permission checks for tag operations.
- Added new permissions for managing tags in the roles configuration.
- Improved error handling for unauthorized access in tag-related operations.
- Added a new HandleTag component to manage tag creation and updates with validation.
- Integrated color selection and real-time preview for tags.
- Updated tag management references in TagFilter and TagSelector components to use the new HandleTag component.
- Introduced new SQL migration to create 'project_tag' and 'tag' tables.
- Added unique constraints and foreign key relationships to ensure data integrity.
- Updated journal and snapshot metadata to reflect the new migration.
- Bumped the version of @dokploy/trpc-openapi in both package.json and pnpm-lock.yaml.
- Removed unnecessary metadata from the dropDeployment procedure in application.ts.
- Added health check functionality for PostgreSQL, Redis, and Traefik services before updating the web server.
- Introduced a modal state management system to guide users through the verification and update process.
- Updated UI components to display service health status and relevant messages during the update workflow.
- Refactored the update server button to reflect the latest version and availability of updates.
- Changed the authorization check for deleting an API key to use referenceId instead of userId, ensuring proper validation against the current user's ID.
- Modified the apikey table to drop the user_id column and replace it with reference_id, establishing a foreign key relationship with the user table.
- Added config_id column with a default value to the apikey table.
- Updated related code in the account schema and user service to reflect these changes.
- Enhanced the journal and snapshot files to include the latest schema updates.
- Introduced predefined role presets with default permissions for viewer, developer, deployer, and devops roles to streamline custom role creation.
- Enhanced the UI to allow users to start from a preset role, improving the user experience in managing custom roles.
- Updated imports and adjusted component formatting for better readability.
- Enhanced code readability by adjusting formatting in the ShowBilling component, ensuring consistent line breaks and indentation.
- Updated the ShowUsers component to improve the layout of the warning message for users with custom roles without a valid license, maintaining clarity in the alert presentation.
- Introduced an AlertBlock to notify users with custom roles that a valid Enterprise license is required for those roles to function.
- Implemented logic to check for users assigned to custom roles and display a warning if the license is invalid.
- Replaced single server quantity state with separate states for hobby and startup server quantities.
- Adjusted calculations and UI elements to reflect the new state management for each tier.
- Ensured proper handling of server quantity in pricing calculations and button states.
- Updated the error message formatting in both database and volume backup notification functions to limit the displayed message length, ensuring better readability and preventing overflow.
- Introduced a new settings.json file to define permissions for various Bash commands and set the default mode to bypassPermissions.
- Updated the version in package.json to v0.28.7.
- Updated the mechanizeDockerContainer function to conditionally use authConfig when creating a Docker service, ensuring proper service creation based on authentication settings.
- Updated the rsync command in the runWebServerBackup function to exclude the 'volume-backups/' directory, ensuring that unnecessary data is not copied during the backup process.
- Removed TimeBadge from the ShowProjects component and integrated it into the BreadcrumbSidebar.
- Added a query to determine if the environment is cloud-based, allowing for conditional display of the TimeBadge.
- Updated layout in BreadcrumbSidebar for improved spacing and organization.
- Replaced direct state checks with a derived variable `isCollapsed` for better readability and maintainability.
- Updated class names and conditions in the SidebarLogo component to use the new `isCollapsed` variable.
- Adjusted overflow behavior in Sidebar and SidebarContent components for improved layout management.
- Added new components for displaying and managing audit logs, including a data table and filters for user actions.
- Introduced a custom roles management interface, allowing users to create and modify roles with specific permissions.
- Updated permission checks to ensure proper access control for audit logs and custom roles.
- Refactored existing components to integrate new functionality and improve user experience.
- Replaced the delete operation with an update for organization roles, ensuring existing roles are modified instead of removed.
- Adjusted the return value to reflect the updated role instead of a newly created entry.
- Reintroduced the audit logging functionality for role updates.
- Deleted the old SQL files for organization_role and audit_log.
- Introduced new SQL file defining organization_role and audit_log with updated foreign key constraints and indexes.
- Updated metadata snapshots to reflect the new table structures and relationships.
- Adjusted access control permissions for backup and notification operations to include update capabilities.
- Introduced new test files for permission checks, including `check-permission.test.ts`, `enterprise-only-resources.test.ts`, `resolve-permissions.test.ts`, and `service-access.test.ts`.
- Implemented permission checks in various components to ensure actions are gated by user permissions, including `ShowTraefikConfig`, `UpdateTraefikConfig`, `ShowVolumes`, `ShowDomains`, and others.
- Enhanced the logic for displaying UI elements based on user permissions, ensuring that only authorized users can access or modify resources.
When editing a notification, only the notification.all query cache was
invalidated. The notification.one query retained stale data, causing
the edit form to display previous values on subsequent edits.
Switch from z.instanceof(FormData) to uploadFileSchema (zod-form-data)
so the OpenAPI generator produces a proper multipart/form-data spec
with typed fields (zip as binary, applicationId, dropBuildPath).
Regenerate openapi.json with the drop-deployment endpoint included.
Enable file upload deployments via the public API, unlocking CI/CD workflows
similar to `railway up`. Users can now programmatically deploy by uploading
zip archives.
Depends on: Dokploy/trpc-openapi multipart/form-data support
- Added @codemirror/search version 6.6.0.
- Updated @codemirror/view to version 6.39.15 across multiple files.
- Adjusted imports in code-editor.tsx to include search functionality.
This update ensures compatibility with the latest features and improvements in the CodeMirror library.
Updated the createMount mutation to return the promise from createMount directly, enhancing readability. Additionally, adjusted the serviceType schema definition for clarity by removing the default value assignment.
Updated components to use the new API method for fetching the active organization, improving consistency across the codebase. This change enhances maintainability and aligns with recent API updates.
Updated the event fetching logic to utilize Promise.all for concurrent API calls, enhancing performance. Adjusted the UI table layout by modifying the column span for better alignment and presentation of the empty queue state. Introduced constants for maximum events to improve code clarity.
Added self-hosted and production configuration examples for Inngest to the .env.example file. This enhancement provides clearer guidance for developers on setting up the Inngest integration.
Added a new endpoint to fetch deployment jobs for a server, integrating with the Inngest API to retrieve job details. Updated the queue management system to support centralized job retrieval for cloud environments, improving the deployment monitoring experience. Enhanced the UI to include action buttons for job cancellation and improved error handling for job fetching.
Introduced a new deployments page that includes a table for viewing all application and compose deployments, as well as a queue table for monitoring deployment jobs. Updated the sidebar to include a link to the new deployments section. Enhanced the API to support centralized deployment queries and job queue retrieval, improving overall deployment management and visibility.
Added helper functions to format status labels and execution durations in the requests dashboard. Updated the display logic to show "N/A" for zero status and improved duration representation in microseconds and milliseconds. This enhances the clarity and usability of the request logs for better monitoring and analysis.
Added the 'name' column to the project API response structure to enhance the data returned for project queries. This change improves the clarity and usability of the API by ensuring that project names are included in the response, facilitating better data handling for clients.
Removed unused imports and redundant code in the project dashboard component to enhance readability. Updated the API project router to streamline the data structure by eliminating unnecessary domain retrievals, while ensuring essential application and compose details are still included. This refactor improves maintainability and optimizes data handling for the project management interface.
Replaced the existing project query with the new `allForPermissions` endpoint to enhance data retrieval for server monitoring settings. This change aligns with recent API enhancements aimed at improving permissions management.
Introduced a new API endpoint `allForPermissions` to retrieve projects along with their environments and services specifically for admin users. This enhancement allows for a more comprehensive permissions UI by including detailed information about each environment and its associated applications, improving the overall user experience in managing permissions.
Updated the mysql configuration in the environment service to include specific column selections for the server object. This change improves data structure clarity and allows for more precise data handling in future queries.
Eliminated the 'env' property from the duplicateEnvironment function to streamline the code and improve clarity. This change enhances maintainability by removing unnecessary parameters.
Updated project and environment services to include specific column selections for various database entities. This improves data retrieval efficiency and allows for more granular control over the returned data structure. Added columns for application, mariadb, mongo, mysql, postgres, redis, and compose entities, as well as enhancements to the environment query structure.
Implemented a search feature in application, compose, environment, mariadb, mongo, mysql, postgres, project, and redis routers. Each search allows filtering by various parameters and respects user permissions based on their role. The search queries utilize optimized conditions for efficient data retrieval.
Docker Swarm's default FailureAction is "pause". When a task fails or is
terminated early during a rolling update, Swarm pauses the update and
stops ALL reconciliation — orphan containers persist indefinitely, even
when healthy. This is the root cause of orphan container issues reported
in production (services showing Replicas: N/1 with multiple healthy
containers that never get cleaned up).
Setting FailureAction to "rollback" makes Swarm automatically revert to
the previous working service spec on failure, preventing orphans while
preserving service availability. Also adds a default RollbackConfig with
Order: "start-first" to match the update config (Docker defaults rollback
to "stop-first" otherwise).
Only affects the default config — users who have configured their own
updateConfigSwarm/rollbackConfigSwarm are not affected.
Relates to #1669, #2223, #2911, #2150
Change Drizzle column mode from "bigint" to "number" for stopGracePeriodSwarm
across all 6 service schemas. This fixes JSON.stringify failing silently in the
@dokploy/trpc-openapi adapter, which unlike the tRPC endpoint does not use
superjson and cannot serialize BigInt values.
No database migration needed — only the JS representation changes. The values
are nanosecond grace periods that fit safely within Number.MAX_SAFE_INTEGER.
Also adds onError logging and export const config to the OpenAPI route handler
to match the tRPC route and improve debuggability.
Fixes#3793
Importing the entire lodash library adds ~70kb to the bundle. Switch to
specific imports (lodash/debounce, lodash/escapeRegExp) so only the used
functions are included.
- Revised pricing calculations for Hobby and Startup tiers to reflect accurate annual rates with 20% discount.
- Updated comments for clarity and consistency in pricing logic.
- Adjusted billing display to show the correct annual pricing for additional servers.
- Eliminated outdated comments related to legacy plan detection and current pricing calculations.
- Improved code readability by removing unnecessary comments that no longer serve a purpose.
- Updated the product ID array construction to directly include Hobby and Startup product IDs.
- Streamlined the refinement logic for server quantity validation, improving readability without altering functionality.
- Ensured consistent validation messages for the Startup plan requirements.
- Modified the billing section to clarify that users can add more servers at the specified monthly rate.
- Added monthly pricing display for both Hobby and Startup tiers when the annual plan is selected.
- Enhanced user experience by providing clearer pricing information based on server quantity.
- Integrated a confirmation dialog for upgrading plans, providing users with clear details about their current and new plans.
- Added toast notifications to inform users of successful upgrades or errors during the process.
- Updated UI elements for better styling and user experience in the billing section.
- Added new pricing calculations for Hobby and Startup tiers, including server quantity handling.
- Implemented upgrade functionality for users on legacy plans to switch to Hobby or Startup plans.
- Updated Stripe webhook to correctly calculate server quantities based on subscription items.
- Refactored getStripeItems utility to accommodate new billing tiers and server quantity logic.
This fixes keyboard shortcuts (Ctrl+S, Ctrl+B, Ctrl+J, Ctrl+K) not working with non-English keyboard layouts (e.g., Russian, French AZERTY, German QWERTZ).
Fixes#3495
- Introduced a mock for the patch service's findMany method in both test files to simulate database behavior.
- This change enhances test coverage and ensures consistency across the test suite.
- Removed the mock for the patch service to streamline the test setup.
- This change enhances test clarity by eliminating unnecessary mock definitions.
- Removed the mock for the patch service to streamline the test setup.
- This change enhances test clarity by eliminating unnecessary mock definitions.
- Eliminated the mock constants for paths to simplify the test setup.
- This change enhances test clarity by focusing on relevant mocks and reducing unnecessary complexity.
- Eliminated the mock for the patch service and the associated deployment test case to streamline the test suite.
- This change focuses on improving test clarity and reducing complexity by removing redundant code.
- Replaced the mock for the patch service with a mock for db.query.patch.findMany to better simulate database behavior.
- Added type and updatedAt fields to the mock patch object for improved test accuracy.
- Added a mock for the patch table in application.command.test.ts to simulate findMany behavior.
- Updated application.real.test.ts to include new paths for COMPOSE_PATH, SSH_PATH, and BASE_PATH for improved test coverage.
- Introduced a new SQL file to create a "patch" table with a custom ENUM type "patchType" for tracking changes.
- Added foreign key constraints linking "applicationId" and "composeId" to their respective tables.
- Removed the previous SQL file that contained redundant definitions for the "patchType" and its column in the "patch" table.
- Modified deployment commands in Dockerfile, Dockerfile.cloud, Dockerfile.schedule, and Dockerfile.server to add the --legacy flag for compatibility during deployment.
- Removed fast-xml-parser version 4.3.4 and updated to version 5.3.6 in package.json and pnpm-lock.yaml.
- Updated strnum dependency from version 1.1.2 to 2.1.2 in pnpm-lock.yaml.
- Updated pnpm version from 9.12.0 to 10.22.0 in Dockerfiles for base, cloud, schedule, and server.
- Adjusted package.json files in multiple applications to reflect the new pnpm version.
- Updated dependencies for better-auth and related packages to version 1.4.18.
- Updated the recommended Node.js version in CONTRIBUTING.md to 24.4.0.
- Modified the Node.js version in the sync-openapi-docs.yml workflow to 24.4.0.
- Updated @better-auth/sso and better-auth dependencies to version 1.5.0-beta.16 in package.json files across multiple applications.
- Incremented @better-auth/utils version to 0.3.1.
- Adjusted pnpm-lock.yaml to reflect the updated dependency versions.
- Updated .nvmrc and Dockerfiles to use Node.js 24.4.0.
- Modified package.json files across multiple applications to reflect the new Node.js version and updated @types/node dependency.
- Updated better-auth and @better-auth/sso dependencies to version v1.5.0-beta.16 in relevant package.json files.
- Removed outdated .nvmrc file from apps/dokploy.
- Updated ID input validation to require a minimum length of 1 character.
- Simplified the logic for accessing repository directories by consolidating return statements and removing unnecessary error handling for missing application or compose types.
- Removed the unused import of the organization schema.
- Introduced a new import for the getOrganizationOwnerId function to enhance license validation logic.
- Replaced user data fetching with a dedicated query for trusted origins in SSO settings.
- Updated mutation functions to utilize the new trusted origins query.
- Introduced a new service function to validate enterprise licenses based on organization ownership.
- Enhanced SSO router to ensure trusted origins are managed by the organization owner.
- Added callback URL for email sign-in in the home page.
- Enhanced the isValidSearch function to restrict allowed characters to alphanumeric, space, dot, underscore, and hyphen, preventing command injection vulnerabilities.
- Updated unit tests to reflect the new validation rules and ensure comprehensive coverage against potential injection attacks.
- Updated the regex in the isValidSearch function to limit valid characters, improving input validation and security against potential injection attacks.
- Introduced tests for isValidTail, isValidSince, isValidSearch, and isValidContainerId functions to ensure proper validation and security against command injection.
- Updated docker-container-logs to utilize these validation functions, enhancing input handling for WebSocket connections.
- Introduced a new test suite to validate that the unzipDrop function prevents writing outside the application directory, specifically addressing potential sandbox escape vulnerabilities.
- Implemented setup and teardown logic to ensure a clean test environment for each test run.
- Updated the unzipDrop function to remove the symlink entry check and replace it with a more general validation for dangerous node entries.
- Adjusted the associated test to reflect the change in error messaging.
- Removed redundant command initialization and ensured proper command structure for deployment.
- Enhanced clarity by consolidating command building logic, improving maintainability of the deployCompose function.
- Added CreateFileDialog component for creating new files within the dashboard.
- Integrated file creation functionality into the PatchEditor, allowing users to create files directly from the directory structure.
- Enhanced user experience with form validation and success/error notifications during file creation.
- Updated ShowPatches to display file types with badges for better clarity on patch operations.
- Introduced a new ENUM type "patchType" with values 'create', 'update', and 'delete' to categorize patch operations.
- Updated the "patch" table schema to include a new "type" column, defaulting to 'update', ensuring better management of patch types.
- Added a new snapshot file for version 7 to reflect the updated database schema.
- Streamlined the command generation for applying patches by removing unnecessary checks for enabled status within the loop.
- Consolidated patch retrieval and filtering logic to enhance clarity and maintainability.
- Improved directory handling for file paths to ensure proper creation before applying patches, enhancing robustness.
- Eliminated the repoPath parameter from the PatchEditor component and related API calls, simplifying the patch management logic.
- Updated the patch retrieval and saving processes to focus on filePath and content, enhancing clarity and maintainability.
- Adjusted the handling of file content in the CodeEditor to ensure it retrieves the correct data, improving user experience.
- Introduced the EditPatchDialog component to facilitate patch editing within the dashboard.
- Integrated the dialog into the ShowPatches component, allowing users to edit patches directly from the list view.
- Enhanced user experience with loading indicators and success/error notifications during patch updates.
- Updated the UI to ensure consistent styling and behavior across patch management features.
- Consolidated patch retrieval for applications and composes into a single query method, improving code clarity and reducing redundancy.
- Updated the ShowPatches component to utilize the new unified query, simplifying data fetching logic.
- Refactored patch application commands to streamline the process for both application and compose types, enhancing maintainability and consistency across the codebase.
- Removed redundant helper functions for retrieving git configurations for applications and composes, streamlining the codebase.
- Updated the `ensurePatchRepo` function to directly handle repository cloning based on the application or compose type, improving clarity and maintainability.
- Refactored patch creation logic to eliminate unnecessary checks and streamline the process of creating patches.
- Enhanced the handling of output paths in repository cloning functions across different git providers, ensuring consistent behavior.
- Removed the local state for saving status and integrated loading state directly from the mutation hook.
- Updated the saveAsPatch function to handle success and error notifications more cleanly.
- Adjusted the file content loading to ensure it retrieves the latest data, improving user experience and consistency in the PatchEditor component.
- Refactored API calls in the patch router to unify patch retrieval logic for applications and composes, enhancing maintainability.
- Updated the PatchEditor and ShowPatches components to accept a unified `id` and `type` prop, replacing the previous separate `applicationId` and `composeId` props.
- Refactored API calls in the patch router to handle both application and compose types, improving code clarity and maintainability.
- Enhanced the UI to provide consistent behavior for creating and managing patches across different types.
- Removed the cloud check from the ClearDeployments component, simplifying the logic.
- Updated the clearOldDeployments function to accept appName and serverId, enhancing its flexibility.
- Adjusted the return values in the application and compose routers to return a boolean instead of a detailed message, improving consistency.
- Renamed and consolidated the functions for clearing old deployments to a single method, `clearOldDeployments`, which now accepts an ID and type (application or compose).
- Updated the logic to filter deployments based on status and type, improving code maintainability and reducing redundancy.
- Updated the deployment deletion process to include error handling for non-existent deployments.
- Refactored the command execution to handle both remote and local execution based on server availability.
- Simplified the logic for determining deletable deployments in the ShowDeployments component.
- Introduced support for Microsoft Teams notifications, including the ability to create, update, and test connections for Teams notifications.
- Updated the notification schema to include Teams as a notification type.
- Added Teams icon and UI components for handling Teams notifications in the dashboard.
- Implemented backend logic for creating and updating Teams notifications, along with necessary database schema changes.
- Enhanced existing notification functionalities to support Teams notifications across various events (e.g., build success, failure, database backups).
- Implemented a new function to verify if an environment has active services before allowing its deletion. This prevents accidental deletion of environments that are still in use.
- Updated the mode-form component to convert the Replicas value to a number only if it is defined and not an empty string, improving data handling for Replicated mode.
- Changed `@ts-expect-error` to `@ts-ignore` in the suggestVariants function to address TypeScript's excessively deep instantiation warning related to Zod and AI SDK output.
- Upgraded @ai-sdk dependencies to versions 3.0.44, 3.0.30, 3.0.21, 2.0.34, 3.0.20, and 3.0.29 in package.json files for both server and dokploy.
- Updated ai package to version 6.0.86 and ai-sdk-ollama to version 3.7.0.
- Updated swagger-ui-react to version 5.31.1.
- Added a new DEBUG-BUILD.md file for debugging build issues in the server package.
- Introduced tsconfig.server.no-decl.json to manage TypeScript compilation options without declaration files.
- Modified tsconfig.json to include .next directory for TypeScript compilation.
- Updated the WebDomain and ManageTraefikPorts components to use static placeholders and labels instead of localization functions, improving readability and simplifying the codebase.
- Updated zod version from 3.25.32 to 3.25.76 in pnpm-lock.yaml, package.json files for api, dokploy, schedules, and server.
- Removed i18next and related localization code from the dokploy application to streamline the codebase.
switchers
- Create AdvanceBreadcrumb component with searchable dropdowns
- Add project selector with environment expansion support
- Add service selector for quick switching between services
- Add environment selector badge for multi-environment projects
- Replace BreadcrumbSidebar with new component across all service pages
- Update projects page, environment page, and all service detail pages
(application, compose, postgres, mysql, mariadb, redis, mongo)
Add tag management system that allows users to create, edit, and delete
tags scoped to their organization, and assign them to projects for
better organization and filtering.
- Add tag and project_tag database schemas with Drizzle migration
- Add tRPC router for tag CRUD and project-tag assignment operations
- Add tag management page in Settings with color picker
- Add tag selector to project create/edit form
- Add tag filter to project list with localStorage persistence
- Display tag badges on project cards
- Simplified the organization selection process by enhancing the dropdown menu structure.
- Improved the layout for better visibility and usability, ensuring a smoother user experience when setting default organizations and deleting them.
- Added error handling for organization actions to provide user feedback on success or failure.
- Updated the dropdown menu to have a maximum height and added overflow handling for better usability.
- Adjusted the layout of the organizations list to ensure proper display and scrolling behavior.
- Changed the update mechanism for SSO providers to use a new `updateSSOProvider` function, improving code clarity and maintainability.
- Updated the payload structure for OIDC and SAML configurations to directly use the input values instead of stringifying them.
- Enhanced the overall handling of SSO provider updates within the API router.
- Added support for editing existing SAML providers, allowing users to update issuer, domains, entry point, and certificate.
- Introduced a new function to parse SAML configuration from JSON.
- Updated the UI to reflect changes in the registration dialog based on whether the user is adding or editing a provider.
- Improved user feedback with success messages tailored for registration and updates.
- Added a new column `created_at` to the `sso_provider` table for better tracking of provider creation times.
- Added support for editing existing OIDC providers, allowing users to update issuer, domains, client settings, and scopes.
- Introduced a new query to fetch OIDC provider details for editing.
- Updated the UI to reflect changes in the registration dialog based on whether the user is adding or editing a provider.
- Improved error handling for domain conflicts during updates.
`docker stack rm` was chained after `cd` with `&&`, so if the compose
directory didn't exist the stack removal command never executed. This left
orphaned Docker services with occupied ports after deletion via the API.
Also removed a duplicate `execAsync` call that always ran outside the
`if/else` block regardless of `compose.serverId`.
Fixes#3691
- Updated the account linking configuration to include trusted providers fetched from the database, enhancing flexibility in managing SSO integrations.
- Added tests to verify the conversion of Russian Cyrillic domains and subdomains with IDN TLDs to punycode format, ensuring proper handling in router configurations.
- Confirmed that non-ASCII parts are correctly converted while ASCII parts remain unchanged.
- Implemented a function to convert IDNs to ASCII punycode format, ensuring compatibility with Traefik requirements.
- Added tests to verify the conversion of IDNs and the handling of ASCII domains in router configurations.
- Enhanced error handling in the addDomainToCompose function to provide more descriptive messages when a domain's service name is missing or when the service does not exist in the compose configuration. This improves debugging and user feedback.
- Updated the Stripe API response to return only the monthly and annual subscription products.
- Enhanced the product listing logic to filter out unnecessary products, improving data handling in the application.
- Added functionality to add, edit, and remove trusted origins for SSO callbacks.
- Introduced new API mutations for managing trusted origins.
- Enhanced the SSO settings UI to include a dialog for managing trusted origins, with appropriate state handling and user feedback via toast notifications.
- Refactored the deployment worker to create a no-op worker when Redis is disabled (e.g., IS_CLOUD), preventing BullMQ connection errors.
- Updated queue initialization to use a no-op queue in cloud environments, ensuring compatibility and stability.
- Improved error handling and logging for job processing in the deployment worker.
- Updated repository selection logic across Bitbucket, Gitea, GitHub, and GitLab components to display a placeholder when no repository is selected.
- Enhanced loading state messages for better user experience, ensuring users are prompted to select an account before loading repositories.
- Cleaned up conditional rendering for loading states and account selection prompts in the UI.
- Introduced PRODUCT_MONTHLY_ID and PRODUCT_ANNUAL_ID constants to manage subscription product IDs.
- Updated the Stripe API call to fetch only the specified subscription products, enhancing performance and clarity in product management.
- Eliminated unnecessary console log statements in the LinkingAccount component to clean up the code and improve performance.
- Ensured that the account listing functionality remains intact while enhancing code readability.
- Added a new component for linking Google and GitHub accounts to user profiles.
- Integrated account linking functionality with the authentication client, allowing users to link and unlink their social accounts.
- Updated the profile settings page to conditionally display the linking account component based on cloud settings.
- Enhanced error handling and loading states for a better user experience.
- Updated the license key settings to ensure only users with the "owner" role can access certain functionalities.
- Modified the license key activation input validation to require a non-empty string.
- Improved error handling for network issues when validating license keys, providing clearer feedback to users.
- Adjusted the dashboard settings to redirect non-owner users appropriately.
When called with an empty array, `docker service ps` receives no
SERVICE argument and fails with "requires at least 1 argument".
Return early with [] when appNames is empty.
getSwarmNodes was changed to return [] on error, but the existing
SwarmMonitorCard checks `if (!nodes)` to detect failures. Since ![]
is false, the error state was silently skipped, breaking the Overview
tab for users without Docker Swarm initialized.
Reverted to return undefined on error (original behavior) so the
existing Overview tab error handling continues to work. The Containers
tab already handles nodes === undefined explicitly.
- Moved the Tooltip imports to a more appropriate location for better readability.
- Simplified the assignment of ulimitsSwarm to ensure it directly accesses the data property.
- Introduced a new column "ulimitsSwarm" of type json to the "application", "mariadb", "mongo", "mysql", "postgres", and "redis" tables.
- Added a corresponding entry in the journal for version 7 to track this migration.
- Corrected a typo in the CONTRIBUTING.md file, changing "comunity" to "community."
- Added a new section in CONTRIBUTING.md titled "Important Considerations for Pull Requests" to emphasize the necessity of testing before submission.
- Enhanced the pull request template to remind contributors to test their changes locally before submitting, ensuring a smoother review process.
- Updated the start script in package.json to eliminate the wait-for-postgres script, streamlining the application startup process.
- This change ensures that the migration and server processes are initiated directly without the wait-for-postgres dependency.
- Introduced a new script to wait for PostgreSQL to be ready before starting the application.
- Updated the Dockerfile to include a health check for the application.
- Modified the start script in package.json to run the wait-for-postgres script prior to starting the server and migration processes.
- Added the wait-for-postgres TypeScript file to handle connection retries to the PostgreSQL database.
- Changed the default value of BETTER_AUTH_SECRET to ensure compatibility for users who enabled 2FA before the introduction of the new secret.
- This update maintains existing authentication functionality while transitioning to a more secure default.
close https://github.com/Dokploy/dokploy/issues/3645
- Updated the authentication configuration to conditionally include advanced cookie settings only when not in a cloud environment.
- This change enhances flexibility in cookie management while maintaining existing security practices.
- Introduced advanced cookie settings in the authentication configuration, including options for secure cookies and default cookie attributes.
- This enhancement aims to improve security practices related to cookie handling in the application.
- Added a new entry point for migration in the esbuild configuration.
- Updated the start script in package.json to run the migration before starting the server.
- Removed the direct migration call from the server initialization process to streamline the workflow.
- Deleted the SQL file that added a unique constraint on the combination of applicationId and pullRequestId in the preview_deployments table.
- Removed the corresponding entry from the _journal.json to reflect the deletion of the migration.
- Deleted the snapshot file for version 142, which is no longer needed.
- Updated the preview-deployments schema to remove the unique index, reverting to the previous state.
- Introduced a new SQL file to add a unique constraint on the combination of applicationId and pullRequestId in the preview_deployments table.
- Updated the _journal.json to include the new migration entry for version 142.
- Created a new snapshot file for version 142 to reflect the current database schema.
- Modified the preview-deployments schema to include a unique index for applicationId and pullRequestId, enhancing data integrity.
- Updated the ShowDockerLogs component to use optional chaining when accessing the error property of services, preventing potential runtime errors.
- Refactored the deployApplication function to create an applicationEntity object, ensuring consistent use of serverId across repository cloning functions.
- Removed unused createEnvFile function from utils, streamlining the codebase.
- Updated the readValidDirectory function to include an optional serverId parameter, improving its flexibility for directory validation.
- Modified the deployment logs WebSocket server setup to utilize the updated readValidDirectory function, ensuring proper log path validation based on server context.
- Updated the cron schedule for Docker cleanup tasks across multiple files to use the new CLEANUP_CRON_JOB constant.
- This change enhances maintainability by centralizing the cron schedule configuration, ensuring consistency across the application.
- Added a locking mechanism to prevent concurrent volume backups, ensuring data integrity during backup operations.
- Introduced a `lockWrapper` function that manages the locking process using either `flock` or directory-based locking.
- Updated the `backupVolume` function to utilize the locking mechanism for both application and compose service types, enhancing the reliability of backup processes.
- Updated the volume backups query to include ordering by the `createdAt` field in descending order.
- This change improves the retrieval of backup records, ensuring the most recent backups are prioritized in the response.
- Updated the database query in the `reconnectServicesToTraefik` function to remove optional chaining, ensuring proper execution of the query.
- This change enhances the reliability of service reconnections to Traefik by ensuring the database connection is correctly utilized.
- Added a new function `reconnectServicesToTraefik` to facilitate the reconnection of services to Traefik based on the server ID.
- The function queries the database for isolated deployments and constructs Docker network connect commands for each service.
- Enhanced the existing Traefik setup process by ensuring services are properly reconnected after setup.
TL;DR: New "Containers" tab on the Swarm page showing which containers
run on which nodes, with live CPU/Memory/Block I/O/Network I/O metrics
refreshing every 5 seconds. Comprehensive edge case handling guides
users through prerequisites (swarm init, registry, service deployment).
---
## New Files
- `apps/dokploy/components/dashboard/swarm/containers/show-swarm-containers.tsx`
Main component: data fetching, error/empty states, summary cards,
and the node-grouped container layout.
- `apps/dokploy/components/dashboard/swarm/containers/node-section.tsx`
Collapsible per-node section with container table, role badge,
and down-node indicator.
- `apps/dokploy/components/dashboard/swarm/containers/container-row.tsx`
Table row for a single container: state badge with error tooltip,
formatted CPU/memory/IO metrics.
- `apps/dokploy/components/dashboard/swarm/containers/utils.ts`
Formatting helpers for docker stats values (CPU %, memory, I/O).
- `apps/dokploy/components/dashboard/swarm/containers/types.ts`
Shared TypeScript interfaces (ContainerStat, ContainerInfo, SwarmNode,
NodeGroup).
## Modified Files
- `apps/dokploy/pages/dashboard/swarm.tsx`
Added Tabs (Overview / Containers) wrapping existing SwarmMonitorCard
and the new ShowSwarmContainers component.
- `apps/dokploy/server/api/routers/swarm.ts`
Added `getContainerStats` tRPC endpoint calling `getAllContainerStats`,
following existing auth/validation patterns.
- `packages/server/src/services/docker.ts`
- Added `getAllContainerStats()` — runs `docker stats --no-stream` for
cluster-wide container metrics.
- Fixed `getSwarmNodes`, `getNodeApplications`, `getApplicationInfo` to
return `[]` instead of `undefined` on errors (prevents tRPC
serialization crashes) and added `console.error` logging.
- Added empty stdout guard (`if (!stdout.trim()) return []`) to prevent
`JSON.parse("")` crashes when no services exist.
## Features
- Container table per node: name, image, state, CPU %, memory usage,
block I/O, and network I/O
- Resource formatting: values rounded to 1 decimal (2.711MiB → 2.7 MiB),
CPU to 1 decimal (0.00% → 0.0%)
- Node role badges (Leader / Reachable / Worker) on each section header
- Error tooltips: hover the status badge to see Docker error details
- Down/drained node detection with red indicator dot and warning banner
- Multi-node metrics banner explaining docker stats manager-only limitation
- Unscheduled services footer for services scaled to 0 replicas
- Contextual empty/error states with actionable guidance, doc links to
Dokploy docs and Docker Swarm guide, and links to Cluster Settings
## Edge Cases Handled
1. Swarm not initialized (tRPC error or undefined data)
2. Docker command failures (stderr / non-zero exit)
3. Swarm active but no services deployed
4. Services exist but no running containers
5. Containers with Docker errors (shown in tooltip + error alert)
6. Nodes down or drained (cross-referenced from node list)
7. Multi-node setups (metrics only from manager node)
8. Services scaled to 0 replicas (separated from running containers)
9. Empty stdout from docker commands (no JSON.parse crash)
- Introduced a new field `giteaInternalUrl` in the Gitea provider settings to allow users to specify an internal URL for OAuth token exchange when Gitea runs on the same instance as Dokploy.
- Updated the Gitea provider forms to include the new field with appropriate descriptions.
- Modified the token exchange logic to utilize the internal URL if provided, enhancing connectivity options for users.
- Updated database schema to accommodate the new field.
- Introduced a new field `gitlabInternalUrl` in the GitLab provider settings to allow users to specify an internal URL for OAuth token exchange when GitLab runs on the same instance as Dokploy.
- Updated the GitLab provider forms to include the new field with appropriate descriptions.
- Modified the token exchange logic to utilize the internal URL if provided, enhancing connectivity options for users.
- Introduced a checkbox to skip YAML validation in both the UpdateTraefikConfig and ShowTraefikFile components, allowing users to save configurations that utilize Go templating.
- Updated the onSubmit logic to conditionally validate YAML based on the new checkbox state, enhancing flexibility for users working with dynamic configurations.
- Added error message display for containers in both the application and stack log views when using the "swarm" option.
- Updated Docker command to include error information for containers, enhancing visibility into container issues.
- Introduced a new action in the dashboard to clean the entire deployment queue, enhancing user control over deployment processes.
- Implemented error handling with toast notifications to inform users of the success or failure of the action.
- Updated the API to support the new clean all deployment queue functionality.
- Updated the job removal logic to default cronSchedule to an empty string if job.pattern is undefined, preventing potential errors during job removal.
- Upgraded bullmq to version 5.67.3 in both dokploy and schedules applications.
- Added new functions to retrieve jobs by application and compose IDs in the queue setup.
- Enhanced application and compose routers to cancel jobs based on user requests.
- Updated package dependencies for ioredis and msgpackr to their latest versions.
The setup.ts script imports execAsync from @dokploy/server, which triggers
the entire package to load including lib/auth.ts. This module initializes
betterAuth() with a database connection at import time, causing the setup
script to fail with ECONNREFUSED before the database container is created.
This fix replaces the import with Node.js native promisify(exec), avoiding
the module side-effect that attempts database connection during setup.
- Added a new health check mutation for reloading Traefik, improving user feedback during the reload process.
- Updated button states to reflect the execution status of health checks, preventing user actions during ongoing operations.
- Refactored error handling for Traefik reload to provide clearer feedback on failures.
- Updated Traefik setup calls to run in the background, allowing immediate client response.
- Added error handling to log issues during the background execution of Traefik setup for better debugging.
- Modified the Traefik setup call to execute in the background, allowing immediate response to the client.
- Added error handling to log any issues during the background execution of the Traefik setup.
- Added support for displaying "ready" state in badge color logic.
- Updated logs display to include container status and current state in the dashboard components.
- Modified Docker command outputs to include status and current state for better visibility of container health.
- Introduced a new column "created_at" with a default timestamp to the "invitation" table.
- Updated the account schema to reflect this change, ensuring consistency across the database structure.
- Added corresponding metadata in the snapshot and journal files for versioning.
- Introduced `useHealthCheckAfterMutation` hook to perform health checks after mutations, ensuring services are ready before proceeding.
- Updated `ShowTraefikActions`, `EditTraefikEnv`, and `ManageTraefikPorts` components to utilize the new hook, enhancing user feedback and error handling during updates.
- Improved loading states by incorporating health check execution status into button states.
- Updated the addDokployNetworkToService function to automatically include the "default" network when adding new networks.
- Modified test cases to reflect the new behavior, ensuring no duplicates of the default network are added.
- Improved handling of network addition for both arrays and objects.
- Eliminated the getDokployImage and pullLatestRelease functions to streamline the settings service.
- Updated the code to focus on dynamic image retrieval, enhancing clarity and maintainability.
- Simplified the rendering of DriverOptsEntries in the network form by consolidating the mapping logic.
- Improved formatting of example driver options in the form description for better readability.
- Ensured consistent handling of adding and removing driver options within the form.
- Removed the deprecated getDokployImage function and replaced it with dynamic image retrieval based on available updates.
- The service update now checks for available updates and uses the latest version from the update data, enhancing deployment efficiency.
- Introduced DriverOptsEntries to the network form schema, allowing users to specify driver options for networks.
- Updated the form UI to support adding, editing, and removing driver options dynamically.
- Adjusted the backend schema to accept driver options as a record of key-value pairs.
- Updated the backupVolume function to use `docker service update --replicas` instead of `docker service scale` for stopping and starting application replicas.
- This change enhances the backup process by ensuring proper handling of service updates with registry authentication.
- Updated backup processing logic to destructure appName from backup objects, ensuring it is available for further operations.
- This change is applied consistently across multiple sections of the project router.
- Introduced a new notification type 'resend' to the database.
- Created a new table 'resend' with fields for managing resend notifications.
- Updated the 'notification' table to include a foreign key reference to 'resendId'.
- Added corresponding snapshot and journal entries to reflect these changes.
- Introduced a new notification type 'pushover' to the database.
- Created a new table 'pushover' with relevant fields for notification management.
- Updated the 'notification' table to include a foreign key reference to 'pushoverId' for enhanced notification handling.
- Added corresponding snapshot and journal entries to reflect these changes.
- Deleted the '0137_worried_shriek.sql' file as it is no longer needed.
- Updated the journal to remove references to the deleted SQL file.
- Removed the corresponding snapshot JSON file to maintain a tidy project structure.
- Deleted SQL files '0136_tidy_puff_adder.sql' and '0137_worried_shriek.sql' as they are no longer needed.
- Updated the journal and removed references to the deleted SQL files.
- Cleaned up the corresponding snapshot JSON files to maintain a tidy project structure.
- Eliminated the sponsors section and related acknowledgments from the README.md to simplify the document.
- Updated the layout to focus on the core features and purpose of Dokploy.
- Added BETTER_AUTH_SECRET constant to manage authentication secret, defaulting to a predefined value if not set in the environment.
- Updated betterAuth configuration to utilize BETTER_AUTH_SECRET for enhanced security in authentication processes.
- Updated error handling in the ShowExternal*Credentials components for MariaDB, MongoDB, MySQL, PostgreSQL, and Redis to display specific error messages when saving the external port fails.
- Moved LICENSE_KEY_URL definition to a centralized location for better maintainability.
- Updated license validation function to utilize the new LICENSE_KEY_URL import, enhancing clarity and consistency in API calls.
- Upgraded @types/node from version ^18.19.104 to ^20.16.0 in package.json files for apps/api, apps/dokploy, apps/schedules, and packages/server.
- Adjusted pnpm-lock.yaml to reflect the updated @types/node version across all relevant dependencies.
- Added a new setup file for mock database interactions in the dokploy app to enhance testing capabilities.
- Updated drizzle-orm from version ^0.39.3 to ^0.41.0 for enhanced performance and features.
- Upgraded @better-auth/utils from version 0.2.4 to 0.3.0 to incorporate the latest improvements.
- Adjusted pnpm-lock.yaml to reflect these dependency updates.
- Upgraded drizzle-orm from version ^0.39.3 to ^0.41.0 for improved functionality and performance.
- Updated drizzle-kit from version ^0.30.6 to ^0.31.4 to ensure compatibility with the latest drizzle-orm version.
- Adjusted related dependencies in pnpm-lock.yaml to reflect these changes.
- Upgraded Vitest from version 1.6.1 to 4.0.18 to leverage new features and improvements.
- Updated dependency versions in pnpm-lock.yaml to ensure compatibility with the latest Vitest version.
- Deleted the mock database setup file to streamline the test environment.
- Updated the Vitest configuration to remove the reference to the deleted setup file, enhancing clarity in test setup.
- Added mock implementations for `member.findFirst` and `member.findMany` methods in the mock database setup.
- This enhancement improves the test environment by allowing more comprehensive simulation of member-related database interactions.
- Added logic to retrieve and delete SSO providers, ensuring proper permission checks and error handling.
- Updated user trusted origins when adding or removing SSO providers, maintaining accurate origin lists.
- Refactored trusted origins retrieval to improve clarity and efficiency in the authentication process.
- Introduced utility functions for normalizing trusted origins and converting request headers.
- Created a new table `sso_provider` with relevant fields and constraints.
- Added new columns to the `user` table: `enableEnterpriseFeatures`, `licenseKey`, `isValidEnterpriseLicense`, and `trustedOrigins`.
- Established foreign key relationships for `user_id` and `organization_id` in the `sso_provider` table.
- Deleted SQL migration files for `0137_naive_power_pack`, `0138_common_mathemanic`, `0139_smiling_havok`, and `0140_great_lightspeed` as they are no longer needed.
- Removed corresponding snapshot files to maintain consistency in the database schema history.
- Changed the setup file path for global mocks in the Vitest configuration to a more explicit location, improving clarity and organization of test setup.
- Updated the setup file path for global mocks in the Vitest configuration to improve clarity.
- Added environment variables for GitHub and Google credentials to the test environment, facilitating integration testing.
- Added a condition to display the deprecation warning for legacy database credentials only in non-test environments.
- This change prevents unnecessary warnings during testing, improving the developer experience.
- Introduced a mock implementation for the `values` method in the mock database setup.
- This addition improves the test environment by allowing more comprehensive simulation of database interactions.
- Added mock implementations for `webServerSettings` to support the `getWebServerSettings` function in tests.
- This update improves the test environment by simulating necessary database interactions for web server settings.
- Introduced a new mock database setup file to simulate database interactions during tests.
- Updated Vitest configuration to include the mock setup file, enhancing test reliability and isolation.
- Modified the database URL assignment logic to differentiate between production and development environments.
- Ensured that the correct database URL is used based on the NODE_ENV variable, improving deployment flexibility.
- Deleted the import statement for `getSSOProviders` and the associated logic for fetching issuer origins from SSO providers.
- This cleanup improves code clarity by removing unnecessary dependencies and streamlining the trusted origins configuration.
- Added a new service to fetch SSO providers from the database, including relevant fields such as id, providerId, issuer, domain, oidcConfig, and samlConfig.
- This functionality will support future enhancements in SSO integration.
- Updated user context to include `enableEnterpriseFeatures` and `isValidEnterpriseLicense` properties.
- Modified request validation to set these properties based on user data, enhancing enterprise feature management.
- Adjusted the enterprise procedure to check user flags directly from the context instead of querying the database.
- Changed the export of the `handler` and `api` constants to local scope for better clarity.
- Enhanced the trusted origins logic by restructuring the code for improved readability and maintainability.
- Commented out the cloud environment redirection logic for future consideration, aligning with previous changes in the codebase.
- Commented out the old database URL for security reasons.
- Updated the database connection string to use the Docker service name for PostgreSQL, ensuring proper connectivity in containerized environments.
- Added support for IdP metadata XML in the SAML registration dialog, allowing users to paste full metadata for configuration.
- Updated the callback URL and audience handling to dynamically incorporate the base URL.
- Refactored the SSO settings to enable SAML provider registration and improved the display of callback URLs based on provider details.
- Enhanced trusted origins configuration in the authentication logic to include additional domains for development and production environments.
- Updated the mapping logic in `register-oidc-dialog` to differentiate between Azure and other identity providers.
- Simplified the mapping structure for user attributes based on the issuer, improving flexibility in handling various OIDC providers.
- Added authorization checks to ensure only users with the "owner" role can activate or deactivate license keys.
- Updated the menu item visibility logic to simplify role checks for admin and owner users.
- Commented out the cloud environment redirection logic in the license settings page for future consideration.
- Included a new Okta domain in the array of allowed domains for SSO authentication.
- Modified the SSO request handling logic to return early if the request is an SSO callback, enhancing the flow of authentication.
- Refactored `register-oidc-dialog` and `register-saml-dialog` to accept an array of domains instead of a single domain string.
- Enhanced server-side validation to check for duplicate domains across registered providers.
- Updated SSO schema to reflect the change from a single domain to an array of domains, including validation for domain format.
- Updated the `listProviders` query to filter SSO providers by both organization ID and user ID.
- Modified the provider validation logic to ensure that only relevant providers are returned for the authenticated user.
- Refactored SSO registration logic in `register-oidc-dialog` and `register-saml-dialog` to use a new mutation method.
- Removed unused imports and error handling for registration failures.
- Added foreign key constraint for `organization_id` in the `sso_provider` table.
- Introduced new SSO schema and updated user relations to include SSO providers.
- Enhanced authentication flow to support SSO provider registration.
The button was unresponsive because the form's flat data structure
({ SpreadDescriptor }) didn't match the Zod schema's nested structure
({ Spread: { SpreadDescriptor } }), causing silent validation failure.
Updated schema to match form state and transform to nested structure
only when submitting to the API.
- Updated the exports in the swarm forms index to include LabelsForm and ModeForm while ensuring RestartPolicyForm and UpdateConfigForm are correctly exported.
- Removed the obsolete SQL file '0135_illegal_magik.sql' and its references from the journal.
- Deleted the associated snapshot JSON file to clean up unused database schema definitions.
- Introduced a new notification type "resend" to the system.
- Added database schema for resend notifications including fields for apiKey, fromAddress, and toAddress.
- Implemented functions to create, update, and send resend notifications.
- Updated notification router to handle resend notifications with appropriate API endpoints.
- Enhanced existing notification services to support sending notifications via the Resend service.
- Modified various notification utilities to accommodate the new resend functionality.
The profile form was sending `name` field but the database column is
`firstName`. This caused the firstName to be silently ignored during
updates. Changed form field and API schema to use `firstName` to match
the database column.
- Introduced a new notification type "resend" to the system.
- Added database schema for resend notifications including fields for apiKey, fromAddress, and toAddress.
- Implemented functions to create, update, and send resend notifications.
- Updated notification router to handle resend notifications with appropriate API endpoints.
- Enhanced existing notification services to support sending notifications via the Resend service.
- Modified various notification utilities to accommodate the new resend functionality.
- Introduced a function to read database credentials from a file for improved security.
- Added support for environment variables to configure database connection, replacing hardcoded values.
- Implemented a warning for users relying on deprecated hardcoded credentials, encouraging migration to Docker Secrets.
- Implemented a check for projects with no accessible environments, displaying an alert message to inform users.
- Updated project link behavior to prevent navigation when no environments are available, enhancing user experience.
- Added logic to conditionally hide the builder section when the Docker provider is selected, improving user experience by reducing unnecessary UI elements.
- Removed unused documentation URLs from menu items in swarm settings.
- Enhanced doc descriptions for better clarity on configuration options.
- Refactored tooltip implementation for improved UI consistency.
- Added tooltips to menu items in the swarm settings for better user guidance.
- Included documentation URLs and descriptions for Health Check, Restart Policy, Placement, Update Config, Rollback Config, Mode, Labels, Stop Grace Period, and Endpoint Spec.
- Updated type assertions in rollback and update config forms for improved type safety.
- Added multiple forms for managing swarm settings including Health Check, Restart Policy, Placement, Update Config, Rollback Config, Mode, Labels, Stop Grace Period, and Endpoint Spec.
- Introduced utility functions for filtering empty values and checking for values to save.
- Enhanced the UI for better navigation and form handling within the dashboard.
- Integrated form validation using Zod and React Hook Form for improved user experience.
This migration file is not used nor present in the journal. This is a legacy file that did not get cleaned. I am removing the file to clean the state of the migrations and allow for custom ci/cd scripts to have a clean run and avoid duplicated migration ids (this file conflicts with the `0057_tricky_living_tribunal...`)
- Introduced a dropdown for selecting Railpack versions, including a manual entry option for custom versions.
- Implemented state management to toggle between predefined versions and manual input.
- Updated form handling to accommodate the new selection method and provide user guidance.
- Added logic to getUpdateData to compare current and latest image digests for canary and feature tags, indicating if an update is available.
- Updated reloadDockerResource to ensure the correct image tag is used during dokploy service updates based on the current image tag.
- Updated the reloadDockerResource function to include an optional version parameter.
- Modified the command for updating the dokploy service to specify the image version during updates.
- Modified the SQL queries in GetLastNContainerMetrics and GetAllMetricsContainer functions to use an exact match for container names instead of a LIKE clause, improving query accuracy and performance.
- Updated the SetupServer component to use a Button instead of DropdownMenuItem for better accessibility and user experience.
- Enhanced the ShowServers component by adding tooltips for the Setup Server action, providing users with additional context on server configuration.
- Introduced `ShowBillingInvoices` component to manage and display billing invoices.
- Updated `ShowBilling` component to include navigation for invoices and enhanced subscription management.
- Refactored `ShowInvoices` component for improved loading and display logic.
- Created a new invoices page with server-side validation and layout integration.
- Added `ShowInvoices` component to display user invoices with status and actions.
- Integrated Stripe API to fetch invoices for the authenticated user.
- Updated `ShowBilling` component to conditionally render invoices if the user has a Stripe customer ID.
Users deploying to Docker Swarm can now configure resource ulimits
(nofile, nproc, etc.) to prevent applications from hitting system
limits that cause crashes or degraded performance.
- Update environment selection to fallback to first accessible environment when default is not accessible
- Fix search command to handle users without default environment access
- Fix projects list to use accessible environment instead of always default
- Add server-side redirect to accessible environment when accessing inaccessible one
- Add comprehensive test coverage for environment access fallback logic
Fixes#3394
- Refactored server data handling to separate deploy and build servers.
- Updated the UI to display servers in distinct groups for better clarity.
- Enhanced the server selection experience by dynamically rendering server options based on availability.
- Updated the AddRegistrySchema to make the password field optional when editing an existing registry.
- Introduced a new mutation, testRegistryById, to validate registry credentials using existing data.
- Improved form handling to conditionally require the password based on the editing state.
- Enhanced user feedback for registry testing with clearer error messages and instructions.
- Wrapped server status display in a TooltipProvider to provide additional context for deactivated servers.
- Implemented a tooltip that informs users about the reason for deactivation and instructions for reactivation, enhancing user experience and clarity in server management.
- Added `asButton` prop to `HandleServers`, `SetupServer`, `ShowServerActions`, and `TerminalModal` components to allow rendering as buttons for improved UI flexibility.
- Updated the server management interface to use buttons for actions like editing and setting up servers, enhancing user experience.
- Introduced new icons for better visual representation of actions in the server management dashboard.
Database creation APIs (mysql, mariadb, postgres, mongo) now return
the created database object with databaseID instead of boolean true.
This enables automation workflows to deploy databases immediately
after creation.
Fixes#3268
- Modified the admin check to use optional chaining, ensuring that the user property is accessed only if it exists, preventing potential runtime errors.
- Introduced new test cases to verify the behavior of the `processValue` function when dealing with empty string variables and undefined variables.
- Ensured that empty strings are correctly replaced and undefined variables remain unchanged in the output.
- Updated deployment logic across multiple API routes to run deployments in the background, allowing for immediate response and avoiding potential webhook timeouts.
- Added error handling to log any failures during background deployment.
- Added a new `cleanupAllBackground` function to execute Docker cleanup commands in the background, allowing for immediate return and avoiding gateway timeouts.
- Refactored existing cleanup functions to utilize a centralized `cleanupCommands` object for better maintainability and readability.
- Modified the project environment link to reference the default production environment instead of the first environment in the list, improving accuracy in navigation.
- Updated validation schema to require that both Build Server and Build Registry must be selected together or both set to None.
- Added informational alert to guide users on the selection requirements.
- Enhanced onChange handlers to reset the corresponding field when one is set to "none".
- Replace limited 15-timezone list with comprehensive 421 IANA timezones
- Add searchable timezone selector with region grouping for better UX
- Create dedicated timezones.ts file following project conventions
- Support all timezone offsets including 30-min and 45-min offsets
Closes#2935🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
- Updated the description for the environment file creation option to specify that the .env file will be created in the same directory as the Dockerfile during the build process, enhancing user understanding.
- Updated the logic to disallow renaming the default environment while still allowing updates to its description and other properties.
- Adjusted error message for clarity when attempting to rename the default environment.
- Updated Next.js version in both root and dokploy package.json files to 16.0.10 for improved performance and features.
- Removed the turbopack development script from the dokploy package.json to streamline the development process.
- Added volumeBackup property to notification handling in multiple files for enhanced backup options.
- Enhanced the user interface for server selection in the registry settings, providing clearer instructions based on whether the server is cloud-based or not.
- Added conditional messaging to inform users about authentication processes related to the selected server, improving overall user experience.
- Made the registry URL field optional and added refined validation to ensure only valid hostnames are accepted, excluding protocols and paths.
- Updated the handling of registry URL in the form to default to an empty string if not provided.
- Added descriptive guidance in the form to assist users in entering the correct format for the registry URL.
- Eliminated the alert block that notified users about the lack of HTTPS support for traefik.me domains, streamlining the user interface in the AddPreviewDomain component.
- Updated test cases for the environment structure to include the new `isDefault` boolean flag.
- Ensured consistency in the environment schema across different test files, enhancing test coverage for environment-related functionalities.
- Implemented checks for traefik.me domains across AddDomain, AddPreviewDomain, and ShowPreviewSettings components.
- Added informational alerts to notify users that traefik.me is a public HTTP service and does not support SSL/HTTPS, ensuring clarity in domain configuration.
- Added `isDefault` boolean column to the environment schema, defaulting to false.
- Updated environment creation and deletion logic to handle default environments, allowing the production environment to be created and renamed.
- Enhanced error handling for environment updates and deletions to prevent modifications to default environments.
- Updated UI components to reflect changes in environment selection based on the new default logic.
- Introduced a new test suite for the getRegistryTag function, covering various scenarios including handling of usernames, image prefixes, and custom registry URLs.
- Ensured that the function correctly constructs image tags based on different input conditions, improving test coverage and reliability.
- Added a test case to ensure Dokploy dashboard requests are filtered out correctly.
- Updated the logs processing logic to exclude both Dokploy service app and dashboard requests, improving log clarity and relevance.
- Simplified the validation process for webhook image and Docker tag by consolidating checks and maintaining backward compatibility.
- If webhook image information is not provided, the system now defaults to using the configured image, preserving previous behavior.
- Updated test configurations for both drop and traefik to include the new `createEnvFile` option, ensuring that tests reflect the latest environment settings.
- Introduced a new boolean field `createEnvFile` in the environment schema to control the generation of an .env file during the build process.
- Updated the form in the dashboard to include a toggle for `createEnvFile`, allowing users to enable or disable this feature.
- Modified the Docker command generation logic to respect the `createEnvFile` flag, ensuring that the environment file is only created when appropriate.
- Updated the database schema to include the `createEnvFile` column in the application table with a default value of true.
- Updated the log processing functions to filter out requests that start with "/dashboard".
- Enhanced the monitoring configuration to also exclude Dashboard requests alongside the Dokploy service app.
- Updated the dashboard layout to use the HubSpotWidget instead of ChatwootWidget.
- Added a new HubSpotWidget component that loads the HubSpot script asynchronously.
- Added verification to ensure users are members of the specified organization when creating API keys.
- Implemented checks to restrict organization queries to users who are either checking their own organizations or are admins/owners of the active organization.
- Enhanced error handling to return FORBIDDEN responses for unauthorized access attempts.
- Added verification to ensure the user is a member of the organization before allowing deletion.
- Implemented checks to confirm the user is either the organization owner or has the owner role.
- Improved error handling to return a FORBIDDEN response if the user is not authorized to delete the organization.
- Implemented a check to verify if the user is a member of the organization before allowing access to organization data.
- Added error handling to return a FORBIDDEN response if the user is not a member.
- Added checks to ensure the organization exists before allowing updates.
- Implemented user membership verification to restrict updates to organization members only.
- Ensured that only the organization owner or users with the owner role can perform updates.
- Introduced a new `commonTimezones` array for timezone selection in the UI.
- Updated the schedule form to include an optional timezone field.
- Modified the database schema to add a `timezone` column to the `schedule` table.
- Enhanced the scheduling logic to utilize the specified timezone, defaulting to UTC if not provided.
- Introduced a new SQL migration script `0130_abandoned_dagger.sql` to add the `customEntrypoint` column to the `domain` table.
- Updated the journal entry in `_journal.json` to reflect this new migration.
- Created a snapshot file `0130_snapshot.json` to capture the current state of the database schema after this migration.
- Deleted the SQL script `0122_sleepy_aqueduct.sql` which added a `customEntrypoint` column to the `domain` table.
- Removed the corresponding journal entry from `_journal.json` to clean up migration history.
- Deleted the snapshot file `0122_snapshot.json` as it is no longer needed.
- Updated the custom notification type to include an array of headers, allowing for more flexible header management.
- Removed the obsolete KeyValueInput component, streamlining the notification settings interface.
- Adjusted the database schema to support JSONB for headers in the custom table, improving data handling.
- Enhanced the notification testing functionality to accommodate the new headers structure.
- Updated related API endpoints and utility functions to reflect these changes.
- Deleted SQL file related to the 'custom' notification type and its schema changes.
- Removed corresponding journal entry from the metadata to reflect the deletion of the custom notification type.
- Added a new notification type 'custom' to the notificationType enum.
- Created a new 'custom' table with fields for customId, endpoint, and headers.
- Updated the notification table to include a customId column and established a foreign key relationship with the new custom table.
- Updated journal and snapshot files to reflect these changes.
- Removed the 'customId' field and its associated foreign key constraints from the notification schema in both 0113_snapshot.json and 0114_snapshot.json.
- Updated the list of supported notification types to exclude 'custom', reflecting the recent changes in notification handling.
- Deleted SQL scripts related to the 'custom' notification type and its associated table modifications, as they are no longer needed in the current schema.
Add comprehensive tests to verify that Traefik Host rule labels are
generated with the correct format: Host(`domain.com`) with both
opening and closing parentheses.
These tests cover:
- Basic Host rule format validation
- PathPrefix format validation
- Combined Host and PathPrefix rules
- YAML serialization round-trip preservation
- Edge cases for various domain name formats
- Multiple entrypoints (web/websecure)
- Special characters in paths
Related to: #3161
- Removed try-catch block in the rollback function to streamline error handling, allowing for direct propagation of errors from the rollbackApplication call.
- This change enhances code readability and maintains the functionality of the rollback process.
- Changed mockReturnValue to mockResolvedValue for getBuildCommand in deployApplication tests, ensuring asynchronous command generation is handled correctly.
- Added rollbackRegistryId, rollbackRegistry, and deployments fields to application settings in drop and traefik tests for improved rollback functionality.
- Updated the deployPreviewApplication function to await the getBuildCommand call, ensuring the command is fully constructed before execution.
- This change improves the reliability of the deployment process by handling asynchronous command generation correctly.
- Added a new optional field `rollbackRegistryId` to the application schema to support rollback registry selection.
- Enhanced the form in the ShowRollbackSettings component to include a dropdown for selecting a rollback registry when rollbacks are enabled.
- Updated the application service to handle rollback registry logic during deployment and rollback processes.
- Improved error handling and validation for rollback settings, ensuring a registry is selected when rollbacks are active.
- Adjusted database schema and migration files to accommodate the new rollback registry feature.
- Consolidated header creation for the notification request, improving code readability and maintainability.
- Made the Authorization header conditional based on the presence of accessToken, enhancing flexibility.
- Modified the notification schema to allow accessToken to be optional, enhancing flexibility in notification settings.
- Updated related components and database schema to accommodate the change, ensuring backward compatibility.
- Improved handling of accessToken in notification requests and responses, defaulting to null when not provided.
- Replaced the select component with a popover for model selection, allowing for better user experience.
- Added search capability to filter models, improving accessibility and usability.
- Updated form handling to reset model selection when API URL or API Key changes.
- Ensured proper state management for popover visibility and search input.
- Updated the useEffect hooks to remove unnecessary dependencies, improving performance and readability.
- Ensured that the form resets correctly based on the presence of data.
- Updated the domain validation schema to ensure the host string does not have leading or trailing spaces.
- Added a refinement to the host field to validate and transform the input accordingly.
- Adjusted the create and update domain functions to trim the host value before saving to the database.
- Introduced a function to automatically set the date range to the last 3 days upon component initialization.
- Updated the reset button to restore the default date range instead of clearing the dates.
- Updated the chart container to improve layout with a fixed height and overflow handling.
- Adjusted margin settings for better spacing and added support for data overflow in the Y-axis.
- Changed the Area chart type to 'monotone' for smoother transitions in the data representation.
- Introduced an `args` field in the `baseApp` configuration for both drop and traefik test files to support command arguments in application testing.
- This change aligns with recent updates to application schemas, enhancing the flexibility of command handling in tests.
- Updated the Redis container build function to simplify the handling of command and arguments.
- Ensured default command and arguments are set when none are provided, improving robustness.
- Updated the application, mariadb, mongo, mysql, postgres, and redis schemas to include an optional `args` field for command arguments.
- Enhanced the AddCommand and ShowCustomCommand components to handle multiple arguments using a dynamic form.
- Modified the database build functions to incorporate the new `args` parameter when creating containers.
- Added SQL migrations to update the database schema for existing applications and services to accommodate the new `args` field.
- Updated the directory structure in the OpenAPI sync workflow to ensure the openapi.json file is copied to the correct path (apps/docs/public) for proper deployment.
- Modified the workflow to trigger on pushes to the 'canary' and 'main' branches.
- Re-enabled path filters for specific directories related to the OpenAPI documentation.
- Removed commented-out sections for clarity and improved workflow readability.
- Modified the workflow to always commit the OpenAPI specification to the website repository, even if no changes are detected.
- Enhanced the copy command to force overwrite the existing openapi.json file.
- Improved commit message formatting by allowing empty commits to ensure consistency in the sync process.
- Re-enabled the steps to commit the generated OpenAPI specification to the website repository.
- Improved checks for changes in the OpenAPI spec before committing.
- Enhanced commit message formatting for clarity and added a timestamp to the commit.
- Commented out the steps related to committing the OpenAPI specification in the GitHub Actions workflow to prevent automatic commits.
- Adjusted the condition for triggering the website sync based on changes detected in the OpenAPI spec.
- Upgraded the pnpm action to version 4 for improved performance.
- Specified Node.js version to 20.16.0 and enabled caching for pnpm to optimize dependency installation.
- Updated the GitHub Actions workflow to format the commit message for OpenAPI specification updates using multiple `-m` flags for better readability and clarity.
- Added `continue-on-error: true` to the repository dispatch step to ensure the workflow proceeds even if the dispatch fails.
- Commented out the paths section in the GitHub Actions workflow for syncing OpenAPI documentation to allow for more flexible triggering without specific path constraints.
- Changed the branch trigger for the OpenAPI documentation sync workflow from 'canary' to 'feat/sync-open-api-website-docs' to align with the new feature branch naming convention.
- Introduced a new script to generate OpenAPI specifications for the Dokploy API.
- Added a GitHub Actions workflow to automate the generation and syncing of OpenAPI documentation upon changes in the API routers.
- Updated package.json files to include new commands for generating OpenAPI specifications.
- Added openapi.json to .gitignore to prevent accidental commits of generated files.
- Updated the rebuildApplication function to utilize a consistent server ID by incorporating buildServerId where available.
- Refactored deployment command execution to ensure compatibility with the new server ID logic, enhancing deployment reliability.
- Created a new SQL file to define the serverType enum and added buildServerId and buildRegistryId columns to the application and deployment tables.
- Established foreign key constraints for buildServerId and buildRegistryId to ensure referential integrity with the server and registry tables.
- Updated the journal and snapshot files to reflect these schema changes, enhancing the overall build server functionality.
- Deleted SQL files for cold server type, careless Odin application properties, and faulty synchronization constraints.
- Removed corresponding snapshot files to maintain consistency in the database schema versioning.
- Introduced new properties (buildServerId, buildRegistryId, buildRegistry) in the ApplicationNested model for better build server configuration.
- Updated the CreateServer component to include a default server type for deployments.
- Improved logging messages for clarity during the image upload process.
- Added support for build server configuration in the application dashboard, including new UI elements and validation.
- Updated database schema to include build server associations and foreign key constraints.
- Enhanced deployment logic to utilize build server IDs, improving deployment flexibility.
- Improved logging and user feedback during the build and deployment processes, including new alerts for image download status.
- Refactored application and deployment services to accommodate build server integration.
- Added logic to differentiate between build servers and regular servers in the ValidateServer component.
- Updated the server setup process to conditionally install dependencies based on server type.
- Enhanced the default command generation to include specific commands for build servers.
- Improved UI feedback to reflect the server type in the dashboard.
- Introduced a new component for configuring build servers in the application dashboard.
- Implemented form validation using Zod and integrated API calls for updating build server settings.
- Enhanced server and application schemas to support build server and registry associations.
- Updated UI to display build server options and provide user feedback on updates.
- Introduced an info alert in the AddDomain component to remind users to redeploy their compose after making changes to domains, enhancing user awareness and experience.
- Translated comments from Spanish to English for better accessibility.
- Enhanced comment clarity to improve understanding of test behavior and expectations.
- Updated the condition for StopGracePeriod in various database builder files to check for null and undefined values, improving code robustness and clarity.
- Added a step to initialize Docker Swarm and create an overlay network for testing jobs.
- This enhancement improves the CI environment setup for containerized testing.
- Updated the type definition for the createChainableMock function to enhance type safety.
- Ensured that the returning method in the mock returns a properly typed value.
- Added steps to install Nixpacks and Railpack in the CI workflow for testing jobs.
- Updated the PATH to include build tools for better accessibility during the build process.
- Improved Vitest configuration to ensure proper TypeScript path resolution.
- Updated the handling of StopGracePeriod in various database builders to streamline the condition check, improving code readability and maintainability.
- Introduced a command to set the RAILPACK_VERSION environment variable and execute the Railpack installation script.
- This enhancement ensures that the correct version of Railpack is used during the build process.
- Enhanced error messages in HandleNotifications and notificationRouter to provide more specific feedback.
- Updated email and Discord notification functions to throw detailed errors on failure.
- Ensured consistent error handling across notification utilities for better debugging.
- Updated the user action dropdown to conditionally display options based on user role, ensuring that only non-owner users can access certain actions.
- Improved the delete and unlink user functionalities with better error handling and success notifications.
- Streamlined the code for clarity and maintainability.
- Added quotes around S3 configuration options in rclone flags to ensure proper handling of special characters and spaces.
- This change enhances the reliability of the S3 integration by preventing potential parsing issues.
- Introduced new rclone flags: --retries, --low-level-retries, --timeout, and --contimeout to enhance S3 operations.
- These options aim to improve reliability and performance during file transfers.
- Removed the findMountsByApplicationId and updateMount functions from the postgres router as they are no longer needed after the recent refactor of the getMountPath function.
- Cleaned up the code to streamline the update process for PostgreSQL instances.
- Moved the getMountPath function from the postgres router to the postgres service for better organization.
- Updated the logic to return the correct mount path based on the PostgreSQL version, ensuring compatibility with versions below 18.
- Changed cleanup operations to use async functions for better error handling.
- Replaced Promise.allSettled with a for loop to individually await each operation, allowing for more granular error management.
- Updated the options parameter in execAsync to a more streamlined type, focusing on cwd, env, and shell properties for improved clarity and usability.
- Enhanced the options parameter in execAsync to accept ObjectEncodingOptions and ExecOptions, allowing for more versatile command execution configurations.
- Introduced a new ExecError class to standardize error handling during command execution.
- Updated deployApplication and deployCompose functions to log detailed error messages, excluding ExecError instances.
- Improved execAsync and execAsyncRemote functions to throw ExecError with additional context for better debugging.
- Added base64 encoding for error messages to ensure sensitive information is handled appropriately.
- Introduced a new SQL script to update the `createdAt` field in the `environment` table, converting PostgreSQL timestamp formats to ISO 8601 format.
- This change addresses issue #2992, ensuring consistency in date formats across environments.
- Updated journal to include the new migration tag for tracking purposes.
- Modified the onChange event for input fields in AddApplication, AddCompose, and AddDatabase components to ensure proper trimming of whitespace from the input value before slugification.
- Updated the Docker command execution to include environment variable exports directly in the command, enhancing the handling of environment variables during deployment.
- Simplified the export command structure for better readability and efficiency.
Fix https://github.com/Dokploy/dokploy/pull/3066#issuecomment-3558022350
- Removed a comment regarding the use of shell-quote for escaping export statements, as the functionality is now handled by the `prepareEnvironmentVariablesForShell` function introduced in a previous commit.
- Added `prepareEnvironmentVariablesForShell` function to properly escape environment variables for shell usage.
- Updated various builders (Docker, Heroku, Nixpacks, Paketo, Railpack) to utilize the new function for improved handling of special characters in environment variables.
- Introduced tests to validate the handling of environment variables with various special characters, ensuring robustness in shell command execution.
- Added `shell-quote` dependency to manage quoting of shell arguments effectively.
- Modified Docker command invocations in compose service functions to use `env -i PATH="$PATH"` for improved environment isolation.
- Ensured consistent handling of Docker commands across `removeCompose`, `startCompose`, and `stopCompose` functions in `compose.ts`.
- Updated command execution in the builders to maintain environment integrity during Docker operations.
- Introduced a new KillBuild component that allows users to terminate ongoing Docker builds for both applications and compose setups.
- Implemented corresponding API mutations in the application and compose routers to handle build termination requests.
- Enhanced queue setup with a killDockerBuild function to execute the termination commands on the server.
- Refactored the getServiceImageDigest function to streamline the command used for retrieving the Docker service image digest, enhancing reliability.
- Removed unnecessary console logging for the current digest.
- Refactored the getServiceImageDigest function to use a more robust command for fetching the Docker service image digest, improving accuracy.
- Added console logging for the current digest to aid in debugging and monitoring.
- Added error logging to the getUpdateData function to capture and display errors when retrieving the current service image digest, enhancing debugging capabilities.
Fixes#3033
The container logs WebSocket connection was closing after approximately
60 seconds of inactivity with error code 1006 (abnormal closure).
This required users to manually refresh the page to re-establish the
connection, making it difficult to monitor containers that produce logs
infrequently.
Changes:
- Added WebSocket ping mechanism sending ping frames every 45 seconds
- Ensures connection stays alive indefinitely during periods of no log activity
- Properly cleanup ping intervals on connection close (3 locations)
- Prevents memory leaks by clearing intervals on error and close events
The browser automatically responds with pong frames, keeping the
connection alive without requiring any client-side changes.
- Redesigned InputOTP component with modern visual boxes
- Added native password manager support (Dashlane, 1Password, etc.)
- Implemented automatic cursor movement on input/delete
- Removed legacy slot-based components (InputOTPGroup, InputOTPSlot, InputOTPSeparator)
- Updated login page and 2FA setup to use new component
- Enhanced UX with hover effects, focus states, and filled state styling
The new InputOTP component uses a hidden native input with autoComplete='one-time-code'
for password manager compatibility while displaying modern rounded boxes with smooth
animations and visual feedback.
This commit introduces a top-loading progress bar that provides visual feedback during page transitions, improving the user's navigation experience.
- **Package Integration:** The `nextjs-toploader` package has been added to provide a lightweight and efficient progress bar solution for Next.js.
- **Theme-Aware Color:** The progress bar's color is dynamically set using the `hsl(var(--sidebar-ring))` CSS variable, ensuring it automatically adapts to the application's current theme (light or dark mode).
- **Implementation:** The `NextTopLoader` component is integrated into the main `_app.tsx` file, making it active across the entire application.
Adds a top-loading progress bar that appears during page transitions to improve user experience by providing visual feedback during navigation.
- Integrated the `nextjs-toploader` package, a lightweight and efficient solution for Next.js applications.
- The progress bar is initialized in the main `_app.tsx` file to ensure it's active across the entire application.
- This feature works seamlessly with the Next.js App Router and does not interfere with server-side rendering (SSR).
description: Create distinctive, production-grade frontend interfaces with high design quality. Use this skill when the user asks to build web components, pages, or applications. Generates creative, polished code that avoids generic AI aesthetics.
license: Complete terms in LICENSE.txt
---
This skill guides creation of distinctive, production-grade frontend interfaces that avoid generic "AI slop" aesthetics. Implement real working code with exceptional attention to aesthetic details and creative choices.
The user provides frontend requirements: a component, page, application, or interface to build. They may include context about the purpose, audience, or technical constraints.
## Design Thinking
Before coding, understand the context and commit to a BOLD aesthetic direction:
- **Purpose**: What problem does this interface solve? Who uses it?
- **Tone**: Pick an extreme: brutally minimal, maximalist chaos, retro-futuristic, organic/natural, luxury/refined, playful/toy-like, editorial/magazine, brutalist/raw, art deco/geometric, soft/pastel, industrial/utilitarian, etc. There are so many flavors to choose from. Use these for inspiration but design one that is true to the aesthetic direction.
- **Differentiation**: What makes this UNFORGETTABLE? What's the one thing someone will remember?
**CRITICAL**: Choose a clear conceptual direction and execute it with precision. Bold maximalism and refined minimalism both work - the key is intentionality, not intensity.
Then implement working code (HTML/CSS/JS, React, Vue, etc.) that is:
- Production-grade and functional
- Visually striking and memorable
- Cohesive with a clear aesthetic point-of-view
- Meticulously refined in every detail
## Frontend Aesthetics Guidelines
Focus on:
- **Typography**: Choose fonts that are beautiful, unique, and interesting. Avoid generic fonts like Arial and Inter; opt instead for distinctive choices that elevate the frontend's aesthetics; unexpected, characterful font choices. Pair a distinctive display font with a refined body font.
- **Color & Theme**: Commit to a cohesive aesthetic. Use CSS variables for consistency. Dominant colors with sharp accents outperform timid, evenly-distributed palettes.
- **Motion**: Use animations for effects and micro-interactions. Prioritize CSS-only solutions for HTML. Use Motion library for React when available. Focus on high-impact moments: one well-orchestrated page load with staggered reveals (animation-delay) creates more delight than scattered micro-interactions. Use scroll-triggering and hover states that surprise.
- **Spatial Composition**: Unexpected layouts. Asymmetry. Overlap. Diagonal flow. Grid-breaking elements. Generous negative space OR controlled density.
- **Backgrounds & Visual Details**: Create atmosphere and depth rather than defaulting to solid colors. Add contextual effects and textures that match the overall aesthetic. Apply creative forms like gradient meshes, noise textures, geometric patterns, layered transparencies, dramatic shadows, decorative borders, custom cursors, and grain overlays.
NEVER use generic AI-generated aesthetics like overused font families (Inter, Roboto, Arial, system fonts), cliched color schemes (particularly purple gradients on white backgrounds), predictable layouts and component patterns, and cookie-cutter design that lacks context-specific character.
Interpret creatively and make unexpected choices that feel genuinely designed for the context. No design should be the same. Vary between light and dark themes, different fonts, different aesthetics. NEVER converge on common choices (Space Grotesk, for example) across generations.
**IMPORTANT**: Match implementation complexity to the aesthetic vision. Maximalist designs need elaborate code with extensive animations and effects. Minimalist or refined designs need restraint, precision, and careful attention to spacing, typography, and subtle details. Elegance comes from executing the vision well.
Remember: Claude is capable of extraordinary creative work. Don't hold back, show what can truly be created when thinking outside the box and committing fully to a distinctive vision.
@@ -8,7 +8,7 @@ Before submitting this PR, please make sure that:
- [ ] You created a dedicated branch based on the `canary` branch.
- [ ] You have read the suggestions in the CONTRIBUTING.md file https://github.com/Dokploy/dokploy/blob/canary/CONTRIBUTING.md#pull-request
- [ ] You have tested this PR in your local instance.
- [ ] You have tested this PR in your local instance. If you have not tested it yet, please do so before submitting. This helps avoid wasting maintainers' time reviewing code that has not been verified by you.
Before you start, please make the clone based on the `canary` branch, since the `main` branch is the source of truth and should always reflect the latest stable release, also the PRs will be merged to the `canary` branch.
We use Node v20.16.0 and recommend this specific version. If you have nvm installed, you can run `nvm install 20.16.0 && nvm use` in the root directory.
We use Node v24.4.0 and recommend this specific version. If you have nvm installed, you can run `nvm install 24.4.0 && nvm use` in the root directory.
```bash
git clone https://github.com/dokploy/dokploy.git
@@ -98,7 +99,14 @@ pnpm run dokploy:build
## Docker
To build the docker image
To build the docker image first run commands to copy .env files
- If your pull request fixes an open issue, please reference the issue in the pull request description.
- Once your pull request is merged, you will be automatically added as a contributor to the project.
**Important Considerations for Pull Requests:**
### Important Considerations for Pull Requests
- **Testing is Mandatory:** All Pull Requests **must be tested** by the PR author before submission. You must verify that your changes work as expected in a local development environment (see [Setup](#setup)). **Pull Requests that have not been tested by their creator will be rejected.** This policy keeps the PR history clean and values contributors who submit verified, working code. Untested PRs are often recognizable by disproportionately large or scattered changes for simple tasks—please test first.
- **Focus and Scope:** Each Pull Request should ideally address a single, well-defined problem or introduce one new feature. This greatly facilitates review and reduces the chances of introducing unintended side effects.
- **Avoid Unfocused Changes:** Please avoid submitting Pull Requests that contain only minor changes such as whitespace adjustments, IDE-generated formatting, or removal of unused variables, unless these are part of a larger, clearly defined refactor or a dedicated "cleanup" Pull Request that addresses a specific `good first issue` or maintenance task.
- **Issue Association:** For any significant change, it's highly recommended to open an issue first to discuss the proposed solution with the community and maintainers. This ensures alignment and avoids duplicated effort. If your PR resolves an existing issue, please link it in the description (e.g., `Fixes #123`, `Closes #456`).
- **Large Features:** Pull Requests that introduce very large or broad features **will not be accepted** unless the idea is first outlined and discussed in a GitHub issue. Large features should be designed together with the Dokploy team so the project stays coherent and moves in the same direction. Open an issue to propose and align on the design before implementing.
Portions of this software are licensed as follows:
Copyright 2025 Mauricio Siu.
* All content that resides under a "/proprietary" directory of this repository, if that directory exists, is licensed under the license defined in "LICENSE_PROPRIETARY".
* Content outside of the above mentioned directories or restrictions above is available under the "Apache License 2.0" license as defined below.
## Apache License 2.0
Copyright 2026-present Dokploy Technology, Inc.
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
@@ -15,12 +20,4 @@ distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and limitations under the License.
## Additional Terms for Specific Features
The following additional terms apply to the multi-node support, Docker Compose file, Preview Deployments and Multi Server features of Dokploy. In the event of a conflict, these provisions shall take precedence over those in the Apache License:
- **Self-Hosted Version Free**: All features of Dokploy, including multi-node support, Docker Compose file support, Schedules, Preview Deployments and Multi Server, will always be free to use in the self-hosted version.
- **Restriction on Resale**: The multi-node support, Docker Compose file support, Schedules, Preview Deployments and Multi Server features cannot be sold or offered as a service by any party other than the copyright holder without prior written consent.
- **Modification Distribution**: Any modifications to the multi-node support, Docker Compose file support, Schedules, Preview Deployments and Multi Server features must be distributed freely and cannot be sold or offered as a service.
For further inquiries or permissions, please contact us directly.
The Dokploy Source Available license (DSAL) version 1.0
Copyright (c) 2026-present Dokploy Technology, Inc.
With regard to the Dokploy Software:This software and associated documentation files (the "Software") may only beused in production, if you (and any entity that you represent) have agreed to, and are in compliance with, a valid commercial agreement from Dokploy.Subject to the foregoing sentence, you are free to modify this Software and publish patches to the Software. You agree that Dokploy and/or its licensors (as applicable) retain all right, title and interest in and to all such modifications and/or patches, and all such modifications and/or patches may only be used, copied, modified, displayed, distributed, or otherwise exploited with a valid Dokploy Source Available License. Notwithstanding the foregoing, you may copy and modify the Software for development and testing purposes, without requiring a subscription. You agree that Dokploy and/or its licensors (as applicable) retain all right, title and interest in and to all such modifications. You are not granted any other rights beyond what is expressly stated herein. Subject to theforegoing, it is forbidden to copy, merge, publish, distribute, sublicense,and/or sell the Software.
This Dokploy Source Available license applies only to the part of this Software that is in a /proprietary folder. The full text of this License shall be included in all copies or substantial portions of the Software.
THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS ORIMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THEAUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHERLIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THESOFTWARE.
For all third party components incorporated into the Dokploy Software, thosecomponents are licensed under the original license provided by the owner of the applicable component.
### [Tuple, the premier screen sharing app for developers](https://tuple.app/dokploy)
[Available for MacOS & Windows](https://tuple.app/dokploy)<br>
</div>
Dokploy is a free, self-hostable Platform as a Service (PaaS) that simplifies the deployment and management of applications and databases.
## ✨ Features
Dokploy includes multiple features to make your life easier.
- **Applications**: Deploy any type of application (Node.js, PHP, Python, Go, Ruby, etc.).
- **Databases**: Create and manage databases with support for MySQL, PostgreSQL, MongoDB, MariaDB, and Redis.
- **Databases**: Create and manage databases with support for MySQL, PostgreSQL, MongoDB, MariaDB, libsql, and Redis.
- **Backups**: Automate backups for databases to an external storage destination.
- **Docker Compose**: Native support for Docker Compose to manage complex applications.
- **Multi Node**: Scale applications to multiple nodes using Docker Swarm to manage the cluster.
@@ -55,75 +39,14 @@ To get started, run the following command on a VPS:
Want to skip the installation process? [Try the Dokploy Cloud](https://app.dokploy.com).
```bash
curl -sSL https://dokploy.com/install.sh | sh
curl -sSL https://dokploy.com/install.sh |bash
```
For detailed documentation, visit [docs.dokploy.com](https://docs.dokploy.com).
## ♥️ Sponsors
🙏 We're deeply grateful to all our sponsors who make Dokploy possible! Your support helps cover the costs of hosting, testing, and developing new features.
[Dokploy Open Collective](https://opencollective.com/dokploy)
Some files were not shown because too many files have changed in this diff
Show More
Reference in New Issue
Block a user
Blocking a user prevents them from interacting with repositories, such as opening or commenting on pull requests or issues. Learn more about blocking a user.
Mauricio Siu
