epistemophiliac/frappe_docker
1
0
Fork 0
mirror of https://github.com/frappe/frappe_docker.git synced 2026-06-17 13:55:08 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 3

chore: run pre-commit fixes

Browse source
This commit is contained in:
RocketQuack 2026-01-19 19:31:55 +01:00
parent c5525bf021
commit 80a11fb47f
7 changed files with 161 additions and 155 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

8
docs/02-setup/04-env-variables.md
View file

@ -45,10 +45,10 @@ Then edit `.env` and set variables according to your needs.
## HTTPS & SSL Configuration
| Variable | Purpose | Default | When to Set |
| ------------------- | ------------------------------------------------ | ------- | ---------------------------------------- |
| `LETSENCRYPT_EMAIL` | Email for Let's Encrypt certificate registration | — | Required if using HTTPS override |
| `SITES_RULE` | List of domains for SSL (Traefik rule for TLS domain routing) | — | Required if using reverse proxy override |
| Variable | Purpose | Default | When to Set |
| ------------------- | ------------------------------------------------------------- | ------- | ---------------------------------------- |
| `LETSENCRYPT_EMAIL` | Email for Let's Encrypt certificate registration | — | Required if using HTTPS override |
| `SITES_RULE` | List of domains for SSL (Traefik rule for TLS domain routing) | — | Required if using reverse proxy override |
**Format for `SITES_RULE`:**

36
docs/02-setup/05-overrides.md
View file

@ -4,24 +4,24 @@ Overrides extend the base compose.yaml with additional services or modify existi
docker compose -f compose.yaml -f overrides/compose.mariadb.yaml -f overrides/compose.redis.yaml config > compose.custom.yaml
```
| Overrider | Purpose | Additional Info |
| ------------------------------ | ------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ----------------------------------------------------------------------------------------------------- |
| **Database** | | |
| compose.mariadb.yaml | Adds MariaDB database service | set `DB_PASSWORD` or default Password will be used |
| compose.mariadb-secrets.yaml | Adds MariaDB with password from a secret file instead of environment variable | Set `DB_PASSWORD_SECRETS_FILE` to the path of your secret file |
| compose.mariadb-shared.yaml | Makes MariaDB available on a shared network (mariadb-network) for other services | set `DB_PASSWORD` |
| compose.postgres.yaml | Uses PostgreSQL instead of MariaDB as the database | set `DB_PASSWORD` |
| **Proxy** | | |
| compose.noproxy.yaml | Exposes the application directly on port `:8080` without a reverse proxy | |
| compose.proxy.yaml | Uses Traefik as HTTP reverse proxy on port `:80` | You can change the published port by setting `HTTP_PUBLISH_PORT` |
| Overrider | Purpose | Additional Info |
| ------------------------------ | ------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ---------------------------------------------------------------------------------------------------------- |
| **Database** | | |
| compose.mariadb.yaml | Adds MariaDB database service | set `DB_PASSWORD` or default Password will be used |
| compose.mariadb-secrets.yaml | Adds MariaDB with password from a secret file instead of environment variable | Set `DB_PASSWORD_SECRETS_FILE` to the path of your secret file |
| compose.mariadb-shared.yaml | Makes MariaDB available on a shared network (mariadb-network) for other services | set `DB_PASSWORD` |
| compose.postgres.yaml | Uses PostgreSQL instead of MariaDB as the database | set `DB_PASSWORD` |
| **Proxy** | | |
| compose.noproxy.yaml | Exposes the application directly on port `:8080` without a reverse proxy | |
| compose.proxy.yaml | Uses Traefik as HTTP reverse proxy on port `:80` | You can change the published port by setting `HTTP_PUBLISH_PORT` |
| compose.https.yaml | Uses Traefik as HTTPS reverse proxy on Port `:443` with automatic HTTP-to-HTTPS redirect | `SITES_RULE` and `LETSENCRYPT_EMAIL` must be set. `HTTP_PUBLISH_PORT` and `HTTPS_PUBLISH_PORT` can be set. |
| **Redis** | | |
| **Redis** | | |
| compose.redis.yaml | Adds Redis service for caching and background job queuing |
| **TBD** | **The following overrides are available but lack documentation. If you use them and understand their purpose, please consider contributing to this documentation.** |
| compose.backup-cron.yaml | | |
| compose.custom-domain-ssl.yaml | | |
| compose.custom-domain.yaml | | |
| compose.multi-bench-ssl.yaml | | |
| compose.multi-bench.yaml | | |
| compose.traefik-ssl.yaml | | |
| compose.traefik.yaml | | |
| compose.backup-cron.yaml | | |
| compose.custom-domain-ssl.yaml | | |
| compose.custom-domain.yaml | | |
| compose.multi-bench-ssl.yaml | | |
| compose.multi-bench.yaml | | |
| compose.traefik-ssl.yaml | | |
| compose.traefik.yaml | | |

18
docs/06-migration/02-traefik-v3-migration.md
View file

@ -3,24 +3,27 @@
Use this guide if you already run Traefik v2 with `frappe_docker` and want to upgrade to v3. It focuses on the image upgrade and the v3 routing rule changes that affect existing setups.
### Before you start
Before migrating anything, it is always recommended to create a backup. Better safe than sorry. In particular, compose and .env should be backed up.
### Quick upgrade summary
1) Pull the updated repo
2) Update env variables especially the updated `SITES` to `SITES_RULE`
3) Regenerate the compose config and restart the stack
1. Pull the updated repo
2. Update env variables especially the updated `SITES` to `SITES_RULE`
3. Regenerate the compose config and restart the stack
#### Multiple hostnames
v2 allowed comma-separated host lists inside `Host(...)`. In v3 traefik uses logical OR
**Before (v2):**
```
Host(`a.example.com`,`b.example.com`)
```
**After (v3):**
```
Host(`a.example.com`) || Host(`b.example.com`)
```
@ -30,11 +33,13 @@ Host(`a.example.com`) || Host(`b.example.com`)
All Traefik routing for HTTPS and multi-bench setups now uses `SITES_RULE`, which is a full v3 rule expression
**Single site:**
```
SITES_RULE=Host(`erp.example.com`)
```
**Multiple sites:**
```
SITES_RULE=Host(`a.example.com`) || Host(`b.example.com`)
```
@ -51,6 +56,7 @@ docker compose --env-file .env \
-f overrides/compose.https.yaml \
config > ~/gitops/docker-compose.yml
```
```sh
docker compose --project-name <project-name> -f ~/gitops/docker-compose.yml up -d
```
@ -65,6 +71,6 @@ After restarting, Traefik will be used in the new supported version 3.6 and the
If you need to rollback:
1) Revert Traefik image to `v2.11`
2) Restore the old `SITES` variable format and v2 rules
3) Regenerate the compose config and restart
1. Revert Traefik image to `v2.11`
2. Restore the old `SITES` variable format and v2 rules
3. Regenerate the compose config and restart

54
overrides/compose.https.yaml
View file

@ -1,33 +1,33 @@
services:
frontend:
labels:
services:
frontend:
labels:
- traefik.enable=true
- traefik.http.services.frontend.loadbalancer.server.port=8080
- traefik.http.routers.frontend-http.entrypoints=websecure
- traefik.http.routers.frontend-http.tls.certresolver=main-resolver
- traefik.http.routers.frontend-http.ruleSyntax=v3
- traefik.http.routers.frontend-http.rule=${SITES_RULE:?SITES_RULE not set}
proxy:
image: traefik:v3.6
restart: unless-stopped
command:
- --providers.docker=true
- --providers.docker.exposedbydefault=false
- --entrypoints.web.address=:80
- --entrypoints.web.http.redirections.entrypoint.to=websecure
- --entrypoints.web.http.redirections.entrypoint.scheme=https
- --entrypoints.websecure.address=:443
- --certificatesResolvers.main-resolver.acme.httpChallenge=true
- --certificatesResolvers.main-resolver.acme.httpChallenge.entrypoint=web
- --certificatesResolvers.main-resolver.acme.email=${LETSENCRYPT_EMAIL:?No Let's Encrypt email set}
- --certificatesResolvers.main-resolver.acme.storage=/letsencrypt/acme.json
ports:
- ${HTTP_PUBLISH_PORT:-80}:80
- ${HTTPS_PUBLISH_PORT:-443}:443
volumes:
- cert-data:/letsencrypt
- /var/run/docker.sock:/var/run/docker.sock:ro
volumes:
cert-data:
proxy:
image: traefik:v3.6
restart: unless-stopped
command:
- --providers.docker=true
- --providers.docker.exposedbydefault=false
- --entrypoints.web.address=:80
- --entrypoints.web.http.redirections.entrypoint.to=websecure
- --entrypoints.web.http.redirections.entrypoint.scheme=https
- --entrypoints.websecure.address=:443
- --certificatesResolvers.main-resolver.acme.httpChallenge=true
- --certificatesResolvers.main-resolver.acme.httpChallenge.entrypoint=web
- --certificatesResolvers.main-resolver.acme.email=${LETSENCRYPT_EMAIL:?No Let's Encrypt email set}
- --certificatesResolvers.main-resolver.acme.storage=/letsencrypt/acme.json
ports:
- ${HTTP_PUBLISH_PORT:-80}:80
- ${HTTPS_PUBLISH_PORT:-443}:443
volumes:
- cert-data:/letsencrypt
- /var/run/docker.sock:/var/run/docker.sock:ro
volumes:
cert-data:

30
overrides/compose.proxy.yaml
View file

@ -1,20 +1,20 @@
services:
frontend:
labels:
services:
frontend:
labels:
- traefik.enable=true
- traefik.http.services.frontend.loadbalancer.server.port=8080
- traefik.http.routers.frontend-http.entrypoints=web
- traefik.http.routers.frontend-http.ruleSyntax=v3
- traefik.http.routers.frontend-http.rule=HostRegexp(`^.+$`)
proxy:
image: traefik:v3.6
command:
- --providers.docker
- --providers.docker.exposedbydefault=false
- --entrypoints.web.address=:80
ports:
- ${HTTP_PUBLISH_PORT:-80}:80
volumes:
- /var/run/docker.sock:/var/run/docker.sock:ro
userns_mode: host
proxy:
image: traefik:v3.6
command:
- --providers.docker
- --providers.docker.exposedbydefault=false
- --entrypoints.web.address=:80
ports:
- ${HTTP_PUBLISH_PORT:-80}:80
volumes:
- /var/run/docker.sock:/var/run/docker.sock:ro
userns_mode: host

90
overrides/compose.traefik-ssl.yaml
View file

@ -1,49 +1,49 @@
services:
traefik:
labels:
# https-redirect middleware to redirect HTTP to HTTPS
# It can be reused by other stacks in other Docker Compose files
- traefik.http.middlewares.https-redirect.redirectscheme.scheme=https
- traefik.http.middlewares.https-redirect.redirectscheme.permanent=true
# traefik-http to use the middleware to redirect to https
- traefik.http.routers.traefik-public-http.middlewares=https-redirect
services:
traefik:
labels:
# https-redirect middleware to redirect HTTP to HTTPS
# It can be reused by other stacks in other Docker Compose files
- traefik.http.middlewares.https-redirect.redirectscheme.scheme=https
- traefik.http.middlewares.https-redirect.redirectscheme.permanent=true
# traefik-http to use the middleware to redirect to https
- traefik.http.routers.traefik-public-http.middlewares=https-redirect
# traefik-https the actual router using HTTPS
# Uses the environment variable DOMAIN
- traefik.http.routers.traefik-public-https.ruleSyntax=v3
- traefik.http.routers.traefik-public-https.rule=Host(`${TRAEFIK_DOMAIN}`)
- traefik.http.routers.traefik-public-https.entrypoints=https
- traefik.http.routers.traefik-public-https.tls=true
# Use the special Traefik service api@internal with the web UI/Dashboard
- traefik.http.routers.traefik-public-https.service=api@internal
# Use the "le" (Let's Encrypt) resolver created below
- traefik.http.routers.traefik-public-https.tls.certresolver=le
# Enable HTTP Basic auth, using the middleware created above
- traefik.http.routers.traefik-public-https.middlewares=admin-auth
command:
# Enable Docker in Traefik, so that it reads labels from Docker services
- --providers.docker=true
# Do not expose all Docker services, only the ones explicitly exposed
- --providers.docker.exposedbydefault=false
# Create an entrypoint http listening on port 80
- --entrypoints.http.address=:80
# Create an entrypoint https listening on port 443
- --entrypoints.https.address=:443
# Create the certificate resolver le for Let's Encrypt, uses the environment variable EMAIL
- --certificatesresolvers.le.acme.email=${EMAIL:?No EMAIL set}
# Store the Let's Encrypt certificates in the mounted volume
- --certificatesresolvers.le.acme.storage=/certificates/acme.json
# Use the TLS Challenge for Let's Encrypt
- --certificatesresolvers.le.acme.tlschallenge=true
# Enable the access log, with HTTP requests
- --accesslog
# Enable the Traefik log, for configurations and errors
- --log
# Enable the Dashboard and API
- --api
ports:
- ${HTTPS_PUBLISH_PORT:-443}:443
volumes:
- cert-data:/certificates
volumes:
cert-data:
- traefik.http.routers.traefik-public-https.entrypoints=https
- traefik.http.routers.traefik-public-https.tls=true
# Use the special Traefik service api@internal with the web UI/Dashboard
- traefik.http.routers.traefik-public-https.service=api@internal
# Use the "le" (Let's Encrypt) resolver created below
- traefik.http.routers.traefik-public-https.tls.certresolver=le
# Enable HTTP Basic auth, using the middleware created above
- traefik.http.routers.traefik-public-https.middlewares=admin-auth
command:
# Enable Docker in Traefik, so that it reads labels from Docker services
- --providers.docker=true
# Do not expose all Docker services, only the ones explicitly exposed
- --providers.docker.exposedbydefault=false
# Create an entrypoint http listening on port 80
- --entrypoints.http.address=:80
# Create an entrypoint https listening on port 443
- --entrypoints.https.address=:443
# Create the certificate resolver le for Let's Encrypt, uses the environment variable EMAIL
- --certificatesresolvers.le.acme.email=${EMAIL:?No EMAIL set}
# Store the Let's Encrypt certificates in the mounted volume
- --certificatesresolvers.le.acme.storage=/certificates/acme.json
# Use the TLS Challenge for Let's Encrypt
- --certificatesresolvers.le.acme.tlschallenge=true
# Enable the access log, with HTTP requests
- --accesslog
# Enable the Traefik log, for configurations and errors
- --log
# Enable the Dashboard and API
- --api
ports:
- ${HTTPS_PUBLISH_PORT:-443}:443
volumes:
- cert-data:/certificates
volumes:
cert-data:

80
overrides/compose.traefik.yaml
View file

@ -1,46 +1,46 @@
services:
traefik:
image: "traefik:v3.6"
restart: unless-stopped
labels:
# Enable Traefik for this service, to make it available in the public network
- traefik.enable=true
# Use the traefik-public network (declared below)
- traefik.docker.network=traefik-public
services:
traefik:
image: "traefik:v3.6"
restart: unless-stopped
labels:
# Enable Traefik for this service, to make it available in the public network
- traefik.enable=true
# Use the traefik-public network (declared below)
- traefik.docker.network=traefik-public
# admin-auth middleware with HTTP Basic auth
# Using the environment variables USERNAME and HASHED_PASSWORD
- traefik.http.middlewares.admin-auth.basicauth.users=admin:${HASHED_PASSWORD:?No HASHED_PASSWORD set}
# Uses the environment variable TRAEFIK_DOMAIN
- traefik.http.routers.traefik-public-http.ruleSyntax=v3
- traefik.http.routers.traefik-public-http.rule=Host(`${TRAEFIK_DOMAIN:?No TRAEFIK_DOMAIN set}`)
- traefik.http.routers.traefik-public-http.entrypoints=http
# Use the special Traefik service api@internal with the web UI/Dashboard
- traefik.http.routers.traefik-public-http.service=api@internal
# Enable HTTP Basic auth, using the middleware created above
- traefik.http.routers.traefik-public-http.middlewares=admin-auth
# Define the port inside of the Docker service to use
- traefik.http.services.traefik-public.loadbalancer.server.port=8080
command:
# Enable Docker in Traefik, so that it reads labels from Docker services
- --providers.docker=true
# Do not expose all Docker services, only the ones explicitly exposed
- --providers.docker.exposedbydefault=false
# Create an entrypoint http listening on port 80
- --entrypoints.http.address=:80
# Enable the access log, with HTTP requests
- --accesslog
# Enable the Traefik log, for configurations and errors
- --log
# Enable the Dashboard and API
- --api
ports:
- ${HTTP_PUBLISH_PORT:-80}:80
volumes:
- /var/run/docker.sock:/var/run/docker.sock:ro
networks:
- traefik-public
networks:
traefik-public:
name: traefik-public
external: false
- traefik.http.routers.traefik-public-http.entrypoints=http
# Use the special Traefik service api@internal with the web UI/Dashboard
- traefik.http.routers.traefik-public-http.service=api@internal
# Enable HTTP Basic auth, using the middleware created above
- traefik.http.routers.traefik-public-http.middlewares=admin-auth
# Define the port inside of the Docker service to use
- traefik.http.services.traefik-public.loadbalancer.server.port=8080
command:
# Enable Docker in Traefik, so that it reads labels from Docker services
- --providers.docker=true
# Do not expose all Docker services, only the ones explicitly exposed
- --providers.docker.exposedbydefault=false
# Create an entrypoint http listening on port 80
- --entrypoints.http.address=:80
# Enable the access log, with HTTP requests
- --accesslog
# Enable the Traefik log, for configurations and errors
- --log
# Enable the Dashboard and API
- --api
ports:
- ${HTTP_PUBLISH_PORT:-80}:80
volumes:
- /var/run/docker.sock:/var/run/docker.sock:ro
networks:
- traefik-public
networks:
traefik-public:
name: traefik-public
external: false