epistemophiliac/erpnext
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Use :main tag only and host sync instead of compose preload.

Browse source 
Remove image-preload service (compose creates all containers before it can run); Jenkins and sync-main-from-forgejo.sh load :main on the host internally.
This commit is contained in:
epistemophiliac 2026-06-16 21:05:44 -04:00
parent 260aa8c7da
commit 2aca11bb75
6 changed files with 83 additions and 154 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

13
coolify.env.example
View file

@ -1,16 +1,9 @@
# Paste into Coolify → erpnext service → Environment Variables # Paste into Coolify → erpnext service → Environment Variables
# After Jenkins green build, copy CUSTOM_IMAGE / CUSTOM_TAG from dist/coolify-image.env
# --- Custom image (required — from Jenkins Forgejo registry) --- # --- Custom image (always :main = latest Jenkins build) ---
CUSTOM_IMAGE=git.aexoradao.com/epistemophiliac/erpnext CUSTOM_IMAGE=git.aexoradao.com/epistemophiliac/erpnext
CUSTOM_TAG=main-26933f3 CUSTOM_TAG=main
PULL_POLICY=never PULL_POLICY=if_not_present
# Forgejo registry read (internal image-preload service — same creds as Jenkins)
REGISTRY_USER=epistemophiliac
REGISTRY_PASSWORD=replace-with-forgejo-token
FORGEJO_HOST=forgejo-vydgeq365afzmxe4s1d75fwv
FORGEJO_NETWORK=vydgeq365afzmxe4s1d75fwv
# --- Secrets (required — change before first deploy) --- # --- Secrets (required — change before first deploy) ---
DB_PASSWORD=replace-with-strong-secret DB_PASSWORD=replace-with-strong-secret

97
docker-compose.yml
View file

@ -1,12 +1,12 @@
# ERPNext production stack for Coolify. # ERPNext production stack for Coolify.
# Domain: assign in Coolify UI → service `frontend` → port 8080. # Domain: assign in Coolify UI → service `frontend` → port 8080.
# SITE_NAME + FRAPPE_SITE_NAME_HEADER use SERVICE_FQDN_FRONTEND automatically. # Image: CUSTOM_IMAGE + CUSTOM_TAG=main (latest Jenkins build on Forgejo).
# Image: set CUSTOM_IMAGE / CUSTOM_TAG from Jenkins (dist/coolify-image.env). # Host must have the image before deploy — Jenkins preloads :main after each push.
# image-preload copies from internal Forgejo before any ERPNext container starts. # Manual once: bash scripts/coolify/sync-main-from-forgejo.sh
x-customizable-image: &customizable_image x-customizable-image: &customizable_image
image: ${CUSTOM_IMAGE:-git.aexoradao.com/epistemophiliac/erpnext}:${CUSTOM_TAG:-main} image: ${CUSTOM_IMAGE:-git.aexoradao.com/epistemophiliac/erpnext}:${CUSTOM_TAG:-main}
pull_policy: ${PULL_POLICY:-never} pull_policy: ${PULL_POLICY:-if_not_present}
restart: ${RESTART_POLICY:-unless-stopped} restart: ${RESTART_POLICY:-unless-stopped}
x-frappe-platform: &frappe_platform x-frappe-platform: &frappe_platform
@ -16,31 +16,15 @@ x-sites-volume: &sites_volume
volumes: volumes:
- sites:/home/frappe/frappe-bench/sites - sites:/home/frappe/frappe-bench/sites
services: x-depends-on-configurator: &depends_on_configurator
image-preload: depends_on:
image: quay.io/skopeo/stable:v1.17.0 configurator:
exclude_from_hc: true condition: service_completed_successfully
restart: 'no'
networks:
- default
- forgejo-internal
volumes:
- /var/run/docker.sock:/var/run/docker.sock
environment:
- 'CUSTOM_IMAGE=${CUSTOM_IMAGE:-git.aexoradao.com/epistemophiliac/erpnext}'
- 'CUSTOM_TAG=${CUSTOM_TAG:-main}'
- 'FORGEJO_HOST=${FORGEJO_HOST:-forgejo-vydgeq365afzmxe4s1d75fwv}'
- 'REGISTRY_USER=${REGISTRY_USER}'
- 'REGISTRY_PASSWORD=${REGISTRY_PASSWORD}'
entrypoint: ['sh', '-c']
command:
- >
if [ -z "$$REGISTRY_USER" ] || [ -z "$$REGISTRY_PASSWORD" ]; then echo "[image-preload] ERROR: set REGISTRY_USER and REGISTRY_PASSWORD in Coolify"; exit 1; fi;
echo "[image-preload] copying from http://$$FORGEJO_HOST:3000/epistemophiliac/erpnext:$$CUSTOM_TAG (internal Forgejo)";
skopeo copy "docker://$$FORGEJO_HOST:3000/epistemophiliac/erpnext:$$CUSTOM_TAG" "docker-daemon:$$CUSTOM_IMAGE:$$CUSTOM_TAG" --src-creds "$$REGISTRY_USER:$$REGISTRY_PASSWORD" --src-tls-verify=false --retry-times 3;
if [ "$$CUSTOM_TAG" != "main" ]; then skopeo copy "docker://$$FORGEJO_HOST:3000/epistemophiliac/erpnext:main" "docker-daemon:$$CUSTOM_IMAGE:main" --src-creds "$$REGISTRY_USER:$$REGISTRY_PASSWORD" --src-tls-verify=false --retry-times 3; fi;
echo "[image-preload] OK: $$CUSTOM_IMAGE:$$CUSTOM_TAG on host docker";
x-backend-defaults: &backend_defaults
<<: [*depends_on_configurator, *customizable_image, *frappe_platform, *sites_volume]
services:
db: db:
image: mariadb:11.8 image: mariadb:11.8
restart: unless-stopped restart: unless-stopped
@ -82,7 +66,7 @@ services:
retries: 5 retries: 5
configurator: configurator:
<<: [*customizable_image, *frappe_platform, *sites_volume] <<: *backend_defaults
exclude_from_hc: true exclude_from_hc: true
restart: 'no' restart: 'no'
entrypoint: ['bash', '-c'] entrypoint: ['bash', '-c']
@ -103,8 +87,6 @@ services:
- 'REDIS_QUEUE=redis-queue:6379' - 'REDIS_QUEUE=redis-queue:6379'
- 'SOCKETIO_PORT=9000' - 'SOCKETIO_PORT=9000'
depends_on: depends_on:
image-preload:
condition: service_completed_successfully
db: db:
condition: service_healthy condition: service_healthy
redis-cache: redis-cache:
@ -113,9 +95,10 @@ services:
condition: service_healthy condition: service_healthy
create-site: create-site:
<<: [*customizable_image, *frappe_platform, *sites_volume] <<: *customizable_image
exclude_from_hc: true exclude_from_hc: true
restart: 'no' restart: 'no'
platform: linux/amd64
entrypoint: ['bash', '-c'] entrypoint: ['bash', '-c']
command: command:
- > - >
@ -131,16 +114,16 @@ services:
- 'ADMIN_PASSWORD=${ADMIN_PASSWORD:-changeme}' - 'ADMIN_PASSWORD=${ADMIN_PASSWORD:-changeme}'
- 'DB_PASSWORD=${DB_PASSWORD:-changeme}' - 'DB_PASSWORD=${DB_PASSWORD:-changeme}'
- 'INSTALL_APPS=${INSTALL_APPS:-erpnext,payments,hrms,lending,lms}' - 'INSTALL_APPS=${INSTALL_APPS:-erpnext,payments,hrms,lending,lms}'
volumes:
- sites:/home/frappe/frappe-bench/sites
depends_on: depends_on:
image-preload:
condition: service_completed_successfully
configurator: configurator:
condition: service_completed_successfully condition: service_completed_successfully
db: db:
condition: service_healthy condition: service_healthy
migrator: migrator:
<<: [*customizable_image, *frappe_platform, *sites_volume] <<: *backend_defaults
exclude_from_hc: true exclude_from_hc: true
restart: 'no' restart: 'no'
entrypoint: ['bash', '-c'] entrypoint: ['bash', '-c']
@ -153,22 +136,16 @@ services:
environment: environment:
- 'MIGRATE_SITES=${MIGRATE_SITES:-true}' - 'MIGRATE_SITES=${MIGRATE_SITES:-true}'
depends_on: depends_on:
image-preload:
condition: service_completed_successfully
configurator:
condition: service_completed_successfully
create-site: create-site:
condition: service_completed_successfully condition: service_completed_successfully
backend: backend:
<<: [*customizable_image, *frappe_platform, *sites_volume] <<: *backend_defaults
environment: environment:
- 'GUNICORN_THREADS=${GUNICORN_THREADS:-4}' - 'GUNICORN_THREADS=${GUNICORN_THREADS:-4}'
- 'GUNICORN_WORKERS=${GUNICORN_WORKERS:-2}' - 'GUNICORN_WORKERS=${GUNICORN_WORKERS:-2}'
- 'GUNICORN_TIMEOUT=${GUNICORN_TIMEOUT:-120}' - 'GUNICORN_TIMEOUT=${GUNICORN_TIMEOUT:-120}'
depends_on: depends_on:
image-preload:
condition: service_completed_successfully
configurator: configurator:
condition: service_completed_successfully condition: service_completed_successfully
create-site: create-site:
@ -183,20 +160,17 @@ services:
start_period: 120s start_period: 120s
websocket: websocket:
<<: [*customizable_image, *frappe_platform, *sites_volume] <<: [*depends_on_configurator, *customizable_image, *frappe_platform, *sites_volume]
command: command:
- node - node
- /home/frappe/frappe-bench/apps/frappe/socketio.js - /home/frappe/frappe-bench/apps/frappe/socketio.js
depends_on: depends_on:
image-preload:
condition: service_completed_successfully
configurator:
condition: service_completed_successfully
create-site: create-site:
condition: service_completed_successfully condition: service_completed_successfully
frontend: frontend:
<<: [*customizable_image, *frappe_platform, *sites_volume] <<: *customizable_image
platform: linux/amd64
command: command:
- nginx-entrypoint.sh - nginx-entrypoint.sh
environment: environment:
@ -210,9 +184,9 @@ services:
- 'UPSTREAM_REAL_IP_RECURSIVE=${UPSTREAM_REAL_IP_RECURSIVE:-off}' - 'UPSTREAM_REAL_IP_RECURSIVE=${UPSTREAM_REAL_IP_RECURSIVE:-off}'
- 'PROXY_READ_TIMEOUT=${PROXY_READ_TIMEOUT:-120}' - 'PROXY_READ_TIMEOUT=${PROXY_READ_TIMEOUT:-120}'
- 'CLIENT_MAX_BODY_SIZE=${CLIENT_MAX_BODY_SIZE:-50m}' - 'CLIENT_MAX_BODY_SIZE=${CLIENT_MAX_BODY_SIZE:-50m}'
volumes:
- sites:/home/frappe/frappe-bench/sites
depends_on: depends_on:
image-preload:
condition: service_completed_successfully
backend: backend:
condition: service_healthy condition: service_healthy
websocket: websocket:
@ -225,49 +199,37 @@ services:
start_period: 90s start_period: 90s
queue-short: queue-short:
<<: [*customizable_image, *frappe_platform, *sites_volume] <<: *backend_defaults
command: command:
- bench - bench
- worker - worker
- --queue - --queue
- short,default - short,default
depends_on: depends_on:
image-preload:
condition: service_completed_successfully
configurator:
condition: service_completed_successfully
create-site: create-site:
condition: service_completed_successfully condition: service_completed_successfully
migrator: migrator:
condition: service_completed_successfully condition: service_completed_successfully
queue-long: queue-long:
<<: [*customizable_image, *frappe_platform, *sites_volume] <<: *backend_defaults
command: command:
- bench - bench
- worker - worker
- --queue - --queue
- long,default,short - long,default,short
depends_on: depends_on:
image-preload:
condition: service_completed_successfully
configurator:
condition: service_completed_successfully
create-site: create-site:
condition: service_completed_successfully condition: service_completed_successfully
migrator: migrator:
condition: service_completed_successfully condition: service_completed_successfully
scheduler: scheduler:
<<: [*customizable_image, *frappe_platform, *sites_volume] <<: *backend_defaults
command: command:
- bench - bench
- schedule - schedule
depends_on: depends_on:
image-preload:
condition: service_completed_successfully
configurator:
condition: service_completed_successfully
create-site: create-site:
condition: service_completed_successfully condition: service_completed_successfully
migrator: migrator:
@ -277,8 +239,3 @@ volumes:
sites: sites:
db-data: db-data:
redis-queue-data: redis-queue-data:
networks:
forgejo-internal:
external: true
name: ${FORGEJO_NETWORK:-vydgeq365afzmxe4s1d75fwv}

34
docs/COOLIFY_DEPLOY.md
View file

@ -23,10 +23,8 @@ Copy from [`coolify.env.example`](../coolify.env.example). **Required before fir
| Variable | Set in Coolify? | Source | | Variable | Set in Coolify? | Source |
|----------|----------------|--------| |----------|----------------|--------|
| `CUSTOM_IMAGE` | yes | Jenkins artifact / `dist/coolify-image.env` | | `CUSTOM_IMAGE` | yes | Jenkins artifact / `dist/coolify-image.env` |
| `CUSTOM_TAG` | yes | e.g. `main-26933f3` (pin) or `main` | | `CUSTOM_TAG` | yes | `main` (latest Jenkins build — do not pin commit tags) |
| `PULL_POLICY` | yes | `never` (image-preload loads internally) | | `PULL_POLICY` | yes | `if_not_present` |
| `REGISTRY_USER` | yes | Forgejo username |
| `REGISTRY_PASSWORD` | yes | Forgejo token (package read) |
| `DB_PASSWORD` | yes | strong secret | | `DB_PASSWORD` | yes | strong secret |
| `ADMIN_PASSWORD` | yes | Frappe `Administrator` password | | `ADMIN_PASSWORD` | yes | Frappe `Administrator` password |
| `INSTALL_APPS` | yes | `erpnext,payments,hrms,lending,lms` | | `INSTALL_APPS` | yes | `erpnext,payments,hrms,lending,lms` |
@ -47,21 +45,21 @@ Copy from [`coolify.env.example`](../coolify.env.example). **Required before fir
**Order matters:** assign domain **then** deploy. If `create-site` runs with an empty site name, the stack exits with a clear error. **Order matters:** assign domain **then** deploy. If `create-site` runs with an empty site name, the stack exits with a clear error.
## 4. Internal image load (automatic) ## 4. Image on the Coolify host (before first deploy)
Compose includes an **`image-preload`** init service (Skopeo → internal Forgejo, same path as Jenkins push). It copies the image into host Docker **before** ERPNext services start — no Cloudflare pull. The custom image is **~1.2 GB**. Coolify must find `git.aexoradao.com/epistemophiliac/erpnext:main` on the **host** Docker daemon — not pulled through Cloudflare during deploy.
Required Coolify env vars (see [`coolify.env.example`](../coolify.env.example)): **Jenkins does this automatically** after each green build (`jenkins-push-image.sh` copies `:main` from internal Forgejo via Skopeo).
```env **Manual / one-time** on the Coolify server as root:
REGISTRY_USER=epistemophiliac
REGISTRY_PASSWORD=<forgejo-token> ```bash
CUSTOM_IMAGE=git.aexoradao.com/epistemophiliac/erpnext export REGISTRY_USER=epistemophiliac
CUSTOM_TAG=main-26933f3 export REGISTRY_PASSWORD='<forgejo-token>'
PULL_POLICY=never bash scripts/coolify/sync-main-from-forgejo.sh
``` ```
Jenkins also preloads the host after each green build, so redeploys are fast. Coolify env: `CUSTOM_TAG=main` only — no `main-<sha>` pins.
## 5. First deploy ## 5. First deploy
@ -75,8 +73,8 @@ Login: `https://your-domain` — user `Administrator`, password = `ADMIN_PASSWOR
## 6. Upgrades ## 6. Upgrades
1. Jenkins builds new image → update `CUSTOM_TAG` in Coolify 1. Jenkins builds new image → pushes `:main` and preloads host Docker
2. Redeploy `migrator` runs `bench migrate` 2. Redeploy Coolify — `if_not_present` uses the updated local `:main`
## Troubleshooting ## Troubleshooting
@ -85,5 +83,5 @@ Login: `https://your-domain` — user `Administrator`, password = `ADMIN_PASSWOR
| `SITE_NAME empty` on create-site | Assign domain on `frontend:8080` before deploy | | `SITE_NAME empty` on create-site | Assign domain on `frontend:8080` before deploy |
| Wrong site / 404 nginx | Delete old `SITE_NAME` in Coolify UI; ensure header matches domain | | Wrong site / 404 nginx | Delete old `SITE_NAME` in Coolify UI; ensure header matches domain |
| Site created with wrong name | Wipe `sites` volume or rename site manually — env change alone won't rename | | Site created with wrong name | Wipe `sites` volume or rename site manually — env change alone won't rename |
| Deploy fails at `Downloading …/487MB` / exit 255 | Image is OK — run `scripts/coolify/preload-image.sh` on host, set `PULL_POLICY=if_not_present`, redeploy | | Deploy fails at pull / `No such image` | Run `scripts/coolify/sync-main-from-forgejo.sh` on host, or Jenkins **Build Now** (preloads `:main`) |
| Image pull failed | Check `CUSTOM_IMAGE` / `CUSTOM_TAG` in Forgejo Packages; preload on host for private/large registry | | Image pull failed | Ensure `:main` on host via Jenkins or sync script — do not pull large image through Cloudflare |

4
scripts/ci/jenkins-build-image.sh
View file

@ -29,10 +29,10 @@ $DOCKER buildx build --load \
--file=images/layered/Containerfile . --file=images/layered/Containerfile .
mkdir -p dist mkdir -p dist
echo "${REGISTRY_IMAGE}:${IMAGE_TAG}" > dist/image-reference.txt echo "${REGISTRY_IMAGE}:main" > dist/image-reference.txt
cat > dist/coolify-image.env <<EOF cat > dist/coolify-image.env <<EOF
CUSTOM_IMAGE=${REGISTRY_IMAGE} CUSTOM_IMAGE=${REGISTRY_IMAGE}
CUSTOM_TAG=${IMAGE_TAG} CUSTOM_TAG=main
PULL_POLICY=if_not_present PULL_POLICY=if_not_present
EOF EOF

54
scripts/coolify/preload-image.sh
View file

@ -1,54 +0,0 @@
#!/usr/bin/env bash
# Pre-load the ERPNext custom image into the Coolify host Docker daemon.
# Run on the Coolify server (root) BEFORE the first deploy, or after Jenkins pushes a new tag.
#
# Why: the custom image is ~1.2GB with large layers. Coolify deploy can fail while
# `docker compose up` streams pull progress (exit 255) when pulling through Cloudflare/Traefik.
# Skopeo copies from internal Forgejo (same trick as Jenkins push) — fast and reliable.
#
# Usage (on Coolify host):
# export REGISTRY_USER=epistemophiliac
# export REGISTRY_PASSWORD='<forgejo-token>'
# export CUSTOM_TAG=main-26933f3 # or main
# bash scripts/coolify/preload-image.sh
#
# Then in Coolify env: PULL_POLICY=if_not_present
set -euo pipefail
REGISTRY_IMAGE="${CUSTOM_IMAGE:-git.aexoradao.com/epistemophiliac/erpnext}"
IMAGE_TAG="${CUSTOM_TAG:-main}"
FORGEJO_HOST="${FORGEJO_HOST:-forgejo-vydgeq365afzmxe4s1d75fwv}"
FORGEJO_NETWORK="${FORGEJO_NETWORK:-vydgeq365afzmxe4s1d75fwv}"
SKOPEO_IMAGE="${SKOPEO_IMAGE:-quay.io/skopeo/stable:v1.17.0}"
if [ -z "${REGISTRY_USER:-}" ] || [ -z "${REGISTRY_PASSWORD:-}" ]; then
echo "ERROR: set REGISTRY_USER and REGISTRY_PASSWORD (Forgejo token with package read)"
exit 1
fi
if ! docker info >/dev/null 2>&1; then
echo "ERROR: run as root on the Coolify host (docker info failed)"
exit 1
fi
echo "=== Preload ${REGISTRY_IMAGE}:${IMAGE_TAG} ==="
echo "Source: http://${FORGEJO_HOST}:3000/epistemophiliac/erpnext:${IMAGE_TAG} (internal)"
docker run --rm \
--network "${FORGEJO_NETWORK}" \
-v /var/run/docker.sock:/var/run/docker.sock \
"${SKOPEO_IMAGE}" \
copy \
"docker://${FORGEJO_HOST}:3000/epistemophiliac/erpnext:${IMAGE_TAG}" \
"docker-daemon:${REGISTRY_IMAGE}:${IMAGE_TAG}" \
--src-creds "${REGISTRY_USER}:${REGISTRY_PASSWORD}" \
--src-tls-verify=false \
--retry-times 3
if [ "${IMAGE_TAG}" != "main" ]; then
docker tag "${REGISTRY_IMAGE}:${IMAGE_TAG}" "${REGISTRY_IMAGE}:main"
echo "Also tagged ${REGISTRY_IMAGE}:main"
fi
echo "OK: ${REGISTRY_IMAGE}:${IMAGE_TAG} is on the host."
echo "Set PULL_POLICY=if_not_present in Coolify, then redeploy."

35
scripts/coolify/sync-main-from-forgejo.sh Executable file
View file

@ -0,0 +1,35 @@
#!/usr/bin/env bash
# Copy :main from internal Forgejo into host Docker (bypasses Cloudflare).
# Run on the Coolify host as root before first deploy, or after Jenkins pushes a new image.
set -euo pipefail
REGISTRY_IMAGE="${CUSTOM_IMAGE:-git.aexoradao.com/epistemophiliac/erpnext}"
IMAGE_TAG="${CUSTOM_TAG:-main}"
FORGEJO_HOST="${FORGEJO_HOST:-forgejo-vydgeq365afzmxe4s1d75fwv}"
FORGEJO_NETWORK="${FORGEJO_NETWORK:-vydgeq365afzmxe4s1d75fwv}"
SKOPEO_IMAGE="${SKOPEO_IMAGE:-quay.io/skopeo/stable:v1.17.0}"
if [ -z "${REGISTRY_USER:-}" ] || [ -z "${REGISTRY_PASSWORD:-}" ]; then
echo "ERROR: set REGISTRY_USER and REGISTRY_PASSWORD"
exit 1
fi
if ! docker info >/dev/null 2>&1; then
echo "ERROR: run as root on the Coolify host"
exit 1
fi
echo "=== Sync ${REGISTRY_IMAGE}:${IMAGE_TAG} from internal Forgejo ==="
docker run --rm \
--network "${FORGEJO_NETWORK}" \
-v /var/run/docker.sock:/var/run/docker.sock \
"${SKOPEO_IMAGE}" \
copy \
"docker://${FORGEJO_HOST}:3000/epistemophiliac/erpnext:${IMAGE_TAG}" \
"docker-daemon:${REGISTRY_IMAGE}:${IMAGE_TAG}" \
--src-creds "${REGISTRY_USER}:${REGISTRY_PASSWORD}" \
--src-tls-verify=false \
--retry-times 3
echo "OK: ${REGISTRY_IMAGE}:${IMAGE_TAG} ready on host — deploy erpnext in Coolify"