epistemophiliac/frappe_docker
1
0
Fork 0
mirror of https://github.com/frappe/frappe_docker.git synced 2026-06-21 23:35:09 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 4

chore: run pre-commit fixes

Browse source
This commit is contained in:
RocketQuack 2026-01-19 19:31:55 +01:00
parent c5525bf021
commit 80a11fb47f
7 changed files with 161 additions and 155 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

8
docs/02-setup/04-env-variables.md
View file

@ -45,10 +45,10 @@ Then edit `.env` and set variables according to your needs.
## HTTPS & SSL Configuration ## HTTPS & SSL Configuration
| Variable | Purpose | Default | When to Set | | Variable | Purpose | Default | When to Set |
| ------------------- | ------------------------------------------------ | ------- | ---------------------------------------- | | ------------------- | ------------------------------------------------------------- | ------- | ---------------------------------------- |
| `LETSENCRYPT_EMAIL` | Email for Let's Encrypt certificate registration | — | Required if using HTTPS override | | `LETSENCRYPT_EMAIL` | Email for Let's Encrypt certificate registration | — | Required if using HTTPS override |
| `SITES_RULE` | List of domains for SSL (Traefik rule for TLS domain routing) | — | Required if using reverse proxy override | | `SITES_RULE` | List of domains for SSL (Traefik rule for TLS domain routing) | — | Required if using reverse proxy override |
**Format for `SITES_RULE`:** **Format for `SITES_RULE`:**

36
docs/02-setup/05-overrides.md
View file

@ -4,24 +4,24 @@ Overrides extend the base compose.yaml with additional services or modify existi
docker compose -f compose.yaml -f overrides/compose.mariadb.yaml -f overrides/compose.redis.yaml config > compose.custom.yaml docker compose -f compose.yaml -f overrides/compose.mariadb.yaml -f overrides/compose.redis.yaml config > compose.custom.yaml
``` ```
| Overrider | Purpose | Additional Info | | Overrider | Purpose | Additional Info |
| ------------------------------ | ------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ----------------------------------------------------------------------------------------------------- | | ------------------------------ | ------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ---------------------------------------------------------------------------------------------------------- |
| **Database** | | | | **Database** | | |
| compose.mariadb.yaml | Adds MariaDB database service | set `DB_PASSWORD` or default Password will be used | | compose.mariadb.yaml | Adds MariaDB database service | set `DB_PASSWORD` or default Password will be used |
| compose.mariadb-secrets.yaml | Adds MariaDB with password from a secret file instead of environment variable | Set `DB_PASSWORD_SECRETS_FILE` to the path of your secret file | | compose.mariadb-secrets.yaml | Adds MariaDB with password from a secret file instead of environment variable | Set `DB_PASSWORD_SECRETS_FILE` to the path of your secret file |
| compose.mariadb-shared.yaml | Makes MariaDB available on a shared network (mariadb-network) for other services | set `DB_PASSWORD` | | compose.mariadb-shared.yaml | Makes MariaDB available on a shared network (mariadb-network) for other services | set `DB_PASSWORD` |
| compose.postgres.yaml | Uses PostgreSQL instead of MariaDB as the database | set `DB_PASSWORD` | | compose.postgres.yaml | Uses PostgreSQL instead of MariaDB as the database | set `DB_PASSWORD` |
| **Proxy** | | | | **Proxy** | | |
| compose.noproxy.yaml | Exposes the application directly on port `:8080` without a reverse proxy | | | compose.noproxy.yaml | Exposes the application directly on port `:8080` without a reverse proxy | |
| compose.proxy.yaml | Uses Traefik as HTTP reverse proxy on port `:80` | You can change the published port by setting `HTTP_PUBLISH_PORT` | | compose.proxy.yaml | Uses Traefik as HTTP reverse proxy on port `:80` | You can change the published port by setting `HTTP_PUBLISH_PORT` |
| compose.https.yaml | Uses Traefik as HTTPS reverse proxy on Port `:443` with automatic HTTP-to-HTTPS redirect | `SITES_RULE` and `LETSENCRYPT_EMAIL` must be set. `HTTP_PUBLISH_PORT` and `HTTPS_PUBLISH_PORT` can be set. | | compose.https.yaml | Uses Traefik as HTTPS reverse proxy on Port `:443` with automatic HTTP-to-HTTPS redirect | `SITES_RULE` and `LETSENCRYPT_EMAIL` must be set. `HTTP_PUBLISH_PORT` and `HTTPS_PUBLISH_PORT` can be set. |
| **Redis** | | | | **Redis** | | |
| compose.redis.yaml | Adds Redis service for caching and background job queuing | | compose.redis.yaml | Adds Redis service for caching and background job queuing |
| **TBD** | **The following overrides are available but lack documentation. If you use them and understand their purpose, please consider contributing to this documentation.** | | **TBD** | **The following overrides are available but lack documentation. If you use them and understand their purpose, please consider contributing to this documentation.** |
| compose.backup-cron.yaml | | | | compose.backup-cron.yaml | | |
| compose.custom-domain-ssl.yaml | | | | compose.custom-domain-ssl.yaml | | |
| compose.custom-domain.yaml | | | | compose.custom-domain.yaml | | |
| compose.multi-bench-ssl.yaml | | | | compose.multi-bench-ssl.yaml | | |
| compose.multi-bench.yaml | | | | compose.multi-bench.yaml | | |
| compose.traefik-ssl.yaml | | | | compose.traefik-ssl.yaml | | |
| compose.traefik.yaml | | | | compose.traefik.yaml | | |

18
docs/06-migration/02-traefik-v3-migration.md
View file

@ -3,24 +3,27 @@
Use this guide if you already run Traefik v2 with `frappe_docker` and want to upgrade to v3. It focuses on the image upgrade and the v3 routing rule changes that affect existing setups. Use this guide if you already run Traefik v2 with `frappe_docker` and want to upgrade to v3. It focuses on the image upgrade and the v3 routing rule changes that affect existing setups.
### Before you start ### Before you start
Before migrating anything, it is always recommended to create a backup. Better safe than sorry. In particular, compose and .env should be backed up. Before migrating anything, it is always recommended to create a backup. Better safe than sorry. In particular, compose and .env should be backed up.
### Quick upgrade summary ### Quick upgrade summary
1) Pull the updated repo 1. Pull the updated repo
2) Update env variables especially the updated `SITES` to `SITES_RULE` 2. Update env variables especially the updated `SITES` to `SITES_RULE`
3) Regenerate the compose config and restart the stack 3. Regenerate the compose config and restart the stack
#### Multiple hostnames #### Multiple hostnames
v2 allowed comma-separated host lists inside `Host(...)`. In v3 traefik uses logical OR v2 allowed comma-separated host lists inside `Host(...)`. In v3 traefik uses logical OR
**Before (v2):** **Before (v2):**
``` ```
Host(`a.example.com`,`b.example.com`) Host(`a.example.com`,`b.example.com`)
``` ```
**After (v3):** **After (v3):**
``` ```
Host(`a.example.com`) || Host(`b.example.com`) Host(`a.example.com`) || Host(`b.example.com`)
``` ```
@ -30,11 +33,13 @@ Host(`a.example.com`) || Host(`b.example.com`)
All Traefik routing for HTTPS and multi-bench setups now uses `SITES_RULE`, which is a full v3 rule expression All Traefik routing for HTTPS and multi-bench setups now uses `SITES_RULE`, which is a full v3 rule expression
**Single site:** **Single site:**
``` ```
SITES_RULE=Host(`erp.example.com`) SITES_RULE=Host(`erp.example.com`)
``` ```
**Multiple sites:** **Multiple sites:**
``` ```
SITES_RULE=Host(`a.example.com`) || Host(`b.example.com`) SITES_RULE=Host(`a.example.com`) || Host(`b.example.com`)
``` ```
@ -51,6 +56,7 @@ docker compose --env-file .env \
-f overrides/compose.https.yaml \ -f overrides/compose.https.yaml \
config > ~/gitops/docker-compose.yml config > ~/gitops/docker-compose.yml
``` ```
```sh ```sh
docker compose --project-name <project-name> -f ~/gitops/docker-compose.yml up -d docker compose --project-name <project-name> -f ~/gitops/docker-compose.yml up -d
``` ```
@ -65,6 +71,6 @@ After restarting, Traefik will be used in the new supported version 3.6 and the
If you need to rollback: If you need to rollback:
1) Revert Traefik image to `v2.11` 1. Revert Traefik image to `v2.11`
2) Restore the old `SITES` variable format and v2 rules 2. Restore the old `SITES` variable format and v2 rules
3) Regenerate the compose config and restart 3. Regenerate the compose config and restart

54
overrides/compose.https.yaml
View file

@ -1,33 +1,33 @@
services: services:
frontend: frontend:
labels: labels:
- traefik.enable=true - traefik.enable=true
- traefik.http.services.frontend.loadbalancer.server.port=8080 - traefik.http.services.frontend.loadbalancer.server.port=8080
- traefik.http.routers.frontend-http.entrypoints=websecure - traefik.http.routers.frontend-http.entrypoints=websecure
- traefik.http.routers.frontend-http.tls.certresolver=main-resolver - traefik.http.routers.frontend-http.tls.certresolver=main-resolver
- traefik.http.routers.frontend-http.ruleSyntax=v3 - traefik.http.routers.frontend-http.ruleSyntax=v3
- traefik.http.routers.frontend-http.rule=${SITES_RULE:?SITES_RULE not set} - traefik.http.routers.frontend-http.rule=${SITES_RULE:?SITES_RULE not set}
proxy: proxy:
image: traefik:v3.6 image: traefik:v3.6
restart: unless-stopped restart: unless-stopped
command: command:
- --providers.docker=true - --providers.docker=true
- --providers.docker.exposedbydefault=false - --providers.docker.exposedbydefault=false
- --entrypoints.web.address=:80 - --entrypoints.web.address=:80
- --entrypoints.web.http.redirections.entrypoint.to=websecure - --entrypoints.web.http.redirections.entrypoint.to=websecure
- --entrypoints.web.http.redirections.entrypoint.scheme=https - --entrypoints.web.http.redirections.entrypoint.scheme=https
- --entrypoints.websecure.address=:443 - --entrypoints.websecure.address=:443
- --certificatesResolvers.main-resolver.acme.httpChallenge=true - --certificatesResolvers.main-resolver.acme.httpChallenge=true
- --certificatesResolvers.main-resolver.acme.httpChallenge.entrypoint=web - --certificatesResolvers.main-resolver.acme.httpChallenge.entrypoint=web
- --certificatesResolvers.main-resolver.acme.email=${LETSENCRYPT_EMAIL:?No Let's Encrypt email set} - --certificatesResolvers.main-resolver.acme.email=${LETSENCRYPT_EMAIL:?No Let's Encrypt email set}
- --certificatesResolvers.main-resolver.acme.storage=/letsencrypt/acme.json - --certificatesResolvers.main-resolver.acme.storage=/letsencrypt/acme.json
ports: ports:
- ${HTTP_PUBLISH_PORT:-80}:80 - ${HTTP_PUBLISH_PORT:-80}:80
- ${HTTPS_PUBLISH_PORT:-443}:443 - ${HTTPS_PUBLISH_PORT:-443}:443
volumes: volumes:
- cert-data:/letsencrypt - cert-data:/letsencrypt
- /var/run/docker.sock:/var/run/docker.sock:ro - /var/run/docker.sock:/var/run/docker.sock:ro
volumes: volumes:
cert-data: cert-data:

30
overrides/compose.proxy.yaml
View file

@ -1,20 +1,20 @@
services: services:
frontend: frontend:
labels: labels:
- traefik.enable=true - traefik.enable=true
- traefik.http.services.frontend.loadbalancer.server.port=8080 - traefik.http.services.frontend.loadbalancer.server.port=8080
- traefik.http.routers.frontend-http.entrypoints=web - traefik.http.routers.frontend-http.entrypoints=web
- traefik.http.routers.frontend-http.ruleSyntax=v3 - traefik.http.routers.frontend-http.ruleSyntax=v3
- traefik.http.routers.frontend-http.rule=HostRegexp(`^.+$`) - traefik.http.routers.frontend-http.rule=HostRegexp(`^.+$`)
proxy: proxy:
image: traefik:v3.6 image: traefik:v3.6
command: command:
- --providers.docker - --providers.docker
- --providers.docker.exposedbydefault=false - --providers.docker.exposedbydefault=false
- --entrypoints.web.address=:80 - --entrypoints.web.address=:80
ports: ports:
- ${HTTP_PUBLISH_PORT:-80}:80 - ${HTTP_PUBLISH_PORT:-80}:80
volumes: volumes:
- /var/run/docker.sock:/var/run/docker.sock:ro - /var/run/docker.sock:/var/run/docker.sock:ro
userns_mode: host userns_mode: host

90
overrides/compose.traefik-ssl.yaml
View file

@ -1,49 +1,49 @@
services: services:
traefik: traefik:
labels: labels:
# https-redirect middleware to redirect HTTP to HTTPS # https-redirect middleware to redirect HTTP to HTTPS
# It can be reused by other stacks in other Docker Compose files # It can be reused by other stacks in other Docker Compose files
- traefik.http.middlewares.https-redirect.redirectscheme.scheme=https - traefik.http.middlewares.https-redirect.redirectscheme.scheme=https
- traefik.http.middlewares.https-redirect.redirectscheme.permanent=true - traefik.http.middlewares.https-redirect.redirectscheme.permanent=true
# traefik-http to use the middleware to redirect to https # traefik-http to use the middleware to redirect to https
- traefik.http.routers.traefik-public-http.middlewares=https-redirect - traefik.http.routers.traefik-public-http.middlewares=https-redirect
# traefik-https the actual router using HTTPS # traefik-https the actual router using HTTPS
# Uses the environment variable DOMAIN # Uses the environment variable DOMAIN
- traefik.http.routers.traefik-public-https.ruleSyntax=v3 - traefik.http.routers.traefik-public-https.ruleSyntax=v3
- traefik.http.routers.traefik-public-https.rule=Host(`${TRAEFIK_DOMAIN}`) - traefik.http.routers.traefik-public-https.rule=Host(`${TRAEFIK_DOMAIN}`)
- traefik.http.routers.traefik-public-https.entrypoints=https - traefik.http.routers.traefik-public-https.entrypoints=https
- traefik.http.routers.traefik-public-https.tls=true - traefik.http.routers.traefik-public-https.tls=true
# Use the special Traefik service api@internal with the web UI/Dashboard # Use the special Traefik service api@internal with the web UI/Dashboard
- traefik.http.routers.traefik-public-https.service=api@internal - traefik.http.routers.traefik-public-https.service=api@internal
# Use the "le" (Let's Encrypt) resolver created below # Use the "le" (Let's Encrypt) resolver created below
- traefik.http.routers.traefik-public-https.tls.certresolver=le - traefik.http.routers.traefik-public-https.tls.certresolver=le
# Enable HTTP Basic auth, using the middleware created above # Enable HTTP Basic auth, using the middleware created above
- traefik.http.routers.traefik-public-https.middlewares=admin-auth - traefik.http.routers.traefik-public-https.middlewares=admin-auth
command: command:
# Enable Docker in Traefik, so that it reads labels from Docker services # Enable Docker in Traefik, so that it reads labels from Docker services
- --providers.docker=true - --providers.docker=true
# Do not expose all Docker services, only the ones explicitly exposed # Do not expose all Docker services, only the ones explicitly exposed
- --providers.docker.exposedbydefault=false - --providers.docker.exposedbydefault=false
# Create an entrypoint http listening on port 80 # Create an entrypoint http listening on port 80
- --entrypoints.http.address=:80 - --entrypoints.http.address=:80
# Create an entrypoint https listening on port 443 # Create an entrypoint https listening on port 443
- --entrypoints.https.address=:443 - --entrypoints.https.address=:443
# Create the certificate resolver le for Let's Encrypt, uses the environment variable EMAIL # Create the certificate resolver le for Let's Encrypt, uses the environment variable EMAIL
- --certificatesresolvers.le.acme.email=${EMAIL:?No EMAIL set} - --certificatesresolvers.le.acme.email=${EMAIL:?No EMAIL set}
# Store the Let's Encrypt certificates in the mounted volume # Store the Let's Encrypt certificates in the mounted volume
- --certificatesresolvers.le.acme.storage=/certificates/acme.json - --certificatesresolvers.le.acme.storage=/certificates/acme.json
# Use the TLS Challenge for Let's Encrypt # Use the TLS Challenge for Let's Encrypt
- --certificatesresolvers.le.acme.tlschallenge=true - --certificatesresolvers.le.acme.tlschallenge=true
# Enable the access log, with HTTP requests # Enable the access log, with HTTP requests
- --accesslog - --accesslog
# Enable the Traefik log, for configurations and errors # Enable the Traefik log, for configurations and errors
- --log - --log
# Enable the Dashboard and API # Enable the Dashboard and API
- --api - --api
ports: ports:
- ${HTTPS_PUBLISH_PORT:-443}:443 - ${HTTPS_PUBLISH_PORT:-443}:443
volumes: volumes:
- cert-data:/certificates - cert-data:/certificates
volumes: volumes:
cert-data: cert-data:

80
overrides/compose.traefik.yaml
View file

@ -1,46 +1,46 @@
services: services:
traefik: traefik:
image: "traefik:v3.6" image: "traefik:v3.6"
restart: unless-stopped restart: unless-stopped
labels: labels:
# Enable Traefik for this service, to make it available in the public network # Enable Traefik for this service, to make it available in the public network
- traefik.enable=true - traefik.enable=true
# Use the traefik-public network (declared below) # Use the traefik-public network (declared below)
- traefik.docker.network=traefik-public - traefik.docker.network=traefik-public
# admin-auth middleware with HTTP Basic auth # admin-auth middleware with HTTP Basic auth
# Using the environment variables USERNAME and HASHED_PASSWORD # Using the environment variables USERNAME and HASHED_PASSWORD
- traefik.http.middlewares.admin-auth.basicauth.users=admin:${HASHED_PASSWORD:?No HASHED_PASSWORD set} - traefik.http.middlewares.admin-auth.basicauth.users=admin:${HASHED_PASSWORD:?No HASHED_PASSWORD set}
# Uses the environment variable TRAEFIK_DOMAIN # Uses the environment variable TRAEFIK_DOMAIN
- traefik.http.routers.traefik-public-http.ruleSyntax=v3 - traefik.http.routers.traefik-public-http.ruleSyntax=v3
- traefik.http.routers.traefik-public-http.rule=Host(`${TRAEFIK_DOMAIN:?No TRAEFIK_DOMAIN set}`) - traefik.http.routers.traefik-public-http.rule=Host(`${TRAEFIK_DOMAIN:?No TRAEFIK_DOMAIN set}`)
- traefik.http.routers.traefik-public-http.entrypoints=http - traefik.http.routers.traefik-public-http.entrypoints=http
# Use the special Traefik service api@internal with the web UI/Dashboard # Use the special Traefik service api@internal with the web UI/Dashboard
- traefik.http.routers.traefik-public-http.service=api@internal - traefik.http.routers.traefik-public-http.service=api@internal
# Enable HTTP Basic auth, using the middleware created above # Enable HTTP Basic auth, using the middleware created above
- traefik.http.routers.traefik-public-http.middlewares=admin-auth - traefik.http.routers.traefik-public-http.middlewares=admin-auth
# Define the port inside of the Docker service to use # Define the port inside of the Docker service to use
- traefik.http.services.traefik-public.loadbalancer.server.port=8080 - traefik.http.services.traefik-public.loadbalancer.server.port=8080
command: command:
# Enable Docker in Traefik, so that it reads labels from Docker services # Enable Docker in Traefik, so that it reads labels from Docker services
- --providers.docker=true - --providers.docker=true
# Do not expose all Docker services, only the ones explicitly exposed # Do not expose all Docker services, only the ones explicitly exposed
- --providers.docker.exposedbydefault=false - --providers.docker.exposedbydefault=false
# Create an entrypoint http listening on port 80 # Create an entrypoint http listening on port 80
- --entrypoints.http.address=:80 - --entrypoints.http.address=:80
# Enable the access log, with HTTP requests # Enable the access log, with HTTP requests
- --accesslog - --accesslog
# Enable the Traefik log, for configurations and errors # Enable the Traefik log, for configurations and errors
- --log - --log
# Enable the Dashboard and API # Enable the Dashboard and API
- --api - --api
ports: ports:
- ${HTTP_PUBLISH_PORT:-80}:80 - ${HTTP_PUBLISH_PORT:-80}:80
volumes: volumes:
- /var/run/docker.sock:/var/run/docker.sock:ro - /var/run/docker.sock:/var/run/docker.sock:ro
networks: networks:
- traefik-public - traefik-public
networks: networks:
traefik-public: traefik-public:
name: traefik-public name: traefik-public
external: false external: false