Recent ghcr.io/hkuds/lightrag releases validate auth config at startup
and refuse to boot with `TOKEN_SECRET must be explicitly set to a
non-default value when AUTH_ACCOUNTS is configured`. The container
crash-looped and Caddy returned 502.
Generate LIGHTRAG_TOKEN_SECRET (secret:64) and pass it as TOKEN_SECRET
to the lightrag container. Existing installations pick it up on
`make update` via 03_generate_secrets.sh --update.
Release 1.4.3.
Closes#60
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
supabase-storage crashes with "Region is missing" after upstream image
update because @aws-sdk/client-s3vectors requires REGION env var.
- add REGION, GLOBAL_S3_BUCKET, STORAGE_TENANT_ID to .env.example
- auto-generate S3_PROTOCOL_ACCESS_KEY_ID/SECRET in secret generation
- sync new env vars to existing supabase/docker/.env during updates
(append-only, never overwrites existing values)
- bump version 1.3.3 → 1.4.1
fix healthcheck port (3000→3001), add missing logging config,
add UPTIME_KUMA_HOSTNAME to caddy env, add import service_tls
in caddyfile, fix hostname typo in .env.example, add uptime-kuma
to GOST_NO_PROXY, fix profile name in wizard/final report, fix
env var in welcome page generator, add missing trailing comma in
app.js, move changelog to Added section, declare volume in
top-level section, fix container name in caddyfile, fix volume
mount path, fix broken markdown link in README
the postiz backend image uses dotenv-cli to load /app/.env, which
doesn't exist when config is only passed via docker environment vars.
generate postiz.env from root .env and mount it read-only. also handle
edge case where docker creates the file as a directory on bind mount
failure, and quote values to prevent dotenv-cli misparses.
load COMPOSE_PROFILES early in 05_configure_services.sh so
is_profile_active guards n8n workflow import and worker config
sections, avoiding confusing prompts for users who don't use n8n
adds appsmith as an optional service with caddy reverse proxy,
auto-generated encryption secrets, wizard selection, welcome page
integration, update preview support, and final report output.
bumps version to 1.3.0.
users may mistakenly use https:// for http proxies, which causes
gost to fail connecting to upstream. the protocol refers to proxy
type, not connection security.
docker volume mounts preserve host permissions, and caddy container
may run as different uid than host user, causing certificate read
failures with restrictive (600) permissions.
add temporal and temporal-ui services to the postiz profile for
workflow orchestration. includes caddy reverse proxy with basic
auth, secret generation, and welcome page integration.
adds caddy-addon mechanism for custom certificates when let's encrypt
is not available. includes setup script with interactive wizard,
example configs, and documentation.
adds support for forks that maintain custom changes and need to merge
from upstream instead of resetting. the new GIT_MODE=merge option in
update.sh calls git_merge_from_upstream() which fetches and merges
upstream/main while preserving local commits.
- fix credentials counter bug caused by posix sh subshell behavior
- add trap for temp file cleanup on exit
- make import_workflows.sh executable
- add explanatory comments in restart.sh for down/up logic
- extract sleep value to EXTERNAL_SERVICE_INIT_DELAY constant
docker compose resolves relative paths from the first compose file's
directory. when multiple compose files are combined, supabase's
./volumes/logs/vector.yml path resolves from project root instead of
supabase/docker/, causing vector container to fail with "is a directory"
error. this matches the behavior of start_services.py.
n8n couldn't connect to nocodb via internal hostname when gost proxy
is enabled. also ensures gost_no_proxy is updated from template on
system updates.
add build_compose_files_array() and getter functions for n8n-workers,
supabase, dify compose files in utils.sh. simplifies restart.sh and
apply_update.sh by using shared function. now checks both profile
activation AND file existence before including external compose files.
rebrand backup service following upstream project rename.
updates docker image to databasus/databasus:latest,
adds healthcheck, and includes cleanup function for
migration from old container name.
- create scripts/telemetry.sh with all telemetry functions
- rename init_databases.sh to databases.sh and convert to library
- remove code duplication in init_all_databases()
- update all scripts to source new modules
- update documentation references
the telemetry id was being lost during updates because:
1. apply_update.sh didn't export INSTALLATION_ID
2. 03_generate_secrets.sh only checked env var, not existing .env
now checks both exported var and generated_values from existing .env,
and generates new id for pre-telemetry installations upgrading
collect basic usage statistics (install/update events, version, os, selected
services) to help improve the project. users can opt-out by setting
SCARF_ANALYTICS=false or DO_NOT_TRACK=1.
- start postgresql first, then run init_databases.sh, then other services
- add depends_on postgres for lightrag service
- remove unused nocodb from databases list
- document database initialization in add-new-service workflow
add init_databases.sh script that creates dedicated databases for
langfuse, lightrag, nocodb, postiz, and waha during install/update.
update connection strings to use service-specific databases instead
of sharing the default postgres database.
