Merge pull request #63 from kossakovsky/develop

release: v1.5.0 — four bug fixes (cadvisor, nocodb, dify, n8n)

.env.example

@@ -216,8 +216,21 @@ N8N_WORKER_COUNT=1
 # When true, the main n8n instance does not execute workflows, only coordinates.
 OFFLOAD_MANUAL_EXECUTIONS_TO_WORKERS=true
 
-# Maximum number of concurrent Code node executions per task runner. Defaults to 5.
-N8N_RUNNERS_MAX_CONCURRENCY=5
+# Maximum number of concurrent Code node executions per task runner. Defaults to 10.
+N8N_RUNNERS_MAX_CONCURRENCY=10
+
+# Maximum time (seconds) a single Code-node execution can run before the task
+# runner aborts it. Raise for long-running data processing or heavy computations.
+N8N_RUNNERS_TASK_REQUEST_TIMEOUT=300
+
+# Idle seconds before a task runner shuts down. 0 disables auto-shutdown so the
+# runner lives as long as its worker (recommended; avoids "Missing process handler"
+# errors caused by runner shutdown between jobs).
+N8N_RUNNERS_AUTO_SHUTDOWN_TIMEOUT=0
+
+# Redis Bull queue prefix. Default "n8n" isolates n8n queue keys (n8n:bull:jobs:*)
+# from any other Bull-based service sharing the same Redis instance.
+QUEUE_BULL_PREFIX=n8n
 
 N8N_BLOCK_FILE_ACCESS_TO_N8N_FILES=true
 EXECUTIONS_MODE=queue
@@ -226,6 +239,10 @@ N8N_LOG_LEVEL=info
 NODES_EXCLUDE="[]"
 N8N_LOG_OUTPUT=console
 
+# Maximum payload size in MB for n8n requests (default: 256 MB).
+# Increase if you need to handle large files or webhook payloads.
+N8N_PAYLOAD_SIZE_MAX=256
+
 # Timezone for n8n and workflows (https://docs.n8n.io/hosting/configuration/environment-variables/timezone-localization/)
 GENERIC_TIMEZONE=America/New_York
 
@@ -275,11 +292,13 @@ RAGAPP_PASSWORD=
 # LightRAG credentials (for built-in authentication)
 # Username and password for web interface login
 # API key for programmatic access to the API
+# Token secret signs JWTs issued on web login (required when AUTH_ACCOUNTS is set)
 ############
 
 LIGHTRAG_USERNAME=
 LIGHTRAG_PASSWORD=
 LIGHTRAG_API_KEY=
+LIGHTRAG_TOKEN_SECRET=
 
    #
    #

.github/workflows/claude-code-review.yml

@@ -1,44 +0,0 @@
-name: Claude Code Review
-
-on:
-  pull_request:
-    types: [opened, synchronize, ready_for_review, reopened]
-    # Optional: Only run on specific file changes
-    # paths:
-    #   - "src/**/*.ts"
-    #   - "src/**/*.tsx"
-    #   - "src/**/*.js"
-    #   - "src/**/*.jsx"
-
-jobs:
-  claude-review:
-    # Optional: Filter by PR author
-    # if: |
-    #   github.event.pull_request.user.login == 'external-contributor' ||
-    #   github.event.pull_request.user.login == 'new-developer' ||
-    #   github.event.pull_request.author_association == 'FIRST_TIME_CONTRIBUTOR'
-
-    runs-on: ubuntu-latest
-    permissions:
-      contents: read
-      pull-requests: read
-      issues: read
-      id-token: write
-
-    steps:
-      - name: Checkout repository
-        uses: actions/checkout@v4
-        with:
-          fetch-depth: 1
-
-      - name: Run Claude Code Review
-        id: claude-review
-        uses: anthropics/claude-code-action@v1
-        with:
-          claude_code_oauth_token: ${{ secrets.CLAUDE_CODE_OAUTH_TOKEN }}
-          plugin_marketplaces: 'https://github.com/anthropics/claude-code.git'
-          plugins: 'code-review@claude-code-plugins'
-          prompt: '/code-review:code-review ${{ github.repository }}/pull/${{ github.event.pull_request.number }}'
-          # See https://github.com/anthropics/claude-code-action/blob/main/docs/usage.md
-          # or https://code.claude.com/docs/en/cli-reference for available options
-

.github/workflows/claude.yml

@@ -1,50 +0,0 @@
-name: Claude Code
-
-on:
-  issue_comment:
-    types: [created]
-  pull_request_review_comment:
-    types: [created]
-  issues:
-    types: [opened, assigned]
-  pull_request_review:
-    types: [submitted]
-
-jobs:
-  claude:
-    if: |
-      (github.event_name == 'issue_comment' && contains(github.event.comment.body, '@claude')) ||
-      (github.event_name == 'pull_request_review_comment' && contains(github.event.comment.body, '@claude')) ||
-      (github.event_name == 'pull_request_review' && contains(github.event.review.body, '@claude')) ||
-      (github.event_name == 'issues' && (contains(github.event.issue.body, '@claude') || contains(github.event.issue.title, '@claude')))
-    runs-on: ubuntu-latest
-    permissions:
-      contents: read
-      pull-requests: read
-      issues: read
-      id-token: write
-      actions: read # Required for Claude to read CI results on PRs
-    steps:
-      - name: Checkout repository
-        uses: actions/checkout@v4
-        with:
-          fetch-depth: 1
-
-      - name: Run Claude Code
-        id: claude
-        uses: anthropics/claude-code-action@v1
-        with:
-          claude_code_oauth_token: ${{ secrets.CLAUDE_CODE_OAUTH_TOKEN }}
-
-          # This is an optional setting that allows Claude to read CI results on PRs
-          additional_permissions: |
-            actions: read
-
-          # Optional: Give a custom prompt to Claude. If this is not specified, Claude will perform the instructions specified in the comment that tagged it.
-          # prompt: 'Update the pull request description to include a summary of changes.'
-
-          # Optional: Add claude_args to customize behavior and configuration
-          # See https://github.com/anthropics/claude-code-action/blob/main/docs/usage.md
-          # or https://code.claude.com/docs/en/cli-reference for available options
-          # claude_args: '--allowed-tools Bash(gh pr:*)'
-

CHANGELOG.md

@@ -2,6 +2,25 @@
 
 ## [Unreleased]
 
+## [1.5.0] - 2026-05-17
+
+### Fixed
+- **cAdvisor** - Fix memory leak and uncontrolled CPU growth (up to ~3.5 GB RAM / 168% CPU on hosts with ~40+ containers) by pinning image to `v0.55.1`, adding resource limits (`mem_limit: 1g`, `cpus: "1.0"`), and tuning runtime flags (`--housekeeping_interval=10s`, `--docker_only=true`).
+- **NocoDB** - Fix `Missing process handler for job type job` errors in n8n queue caused by NocoDB sharing the default Bull queue `jobs` with n8n in Redis db0. NocoDB is now isolated to Redis db1 via `NC_REDIS_URL=redis://redis:6379/1`.
+- **Dify** - Fix install never starting (`could not translate host name "db_postgres"`) by activating Dify's bundled compose profiles (`postgresql`, `weaviate`) when starting the stack, and passing all Dify profiles when tearing it down so containers like `db_postgres` and `weaviate` get stopped cleanly (#61).
+- **n8n** - Namespace Bull queue (`QUEUE_BULL_PREFIX=n8n`) to prevent neighbour conflicts, raise task runner timeout to 300s, and disable runner auto-shutdown to fix `Missing process handler` and `Task request timed out` errors. Default `N8N_RUNNERS_MAX_CONCURRENCY` raised 5 → 10. All four values configurable via `.env`.
+
+## [1.4.3] - 2026-04-27
+
+### Fixed
+- **LightRAG** - Fix crash-loop (`TOKEN_SECRET must be explicitly set`) by generating `LIGHTRAG_TOKEN_SECRET` and passing it as `TOKEN_SECRET` to the container. Recent upstream releases require an explicit JWT signing secret whenever `AUTH_ACCOUNTS` is configured (#60).
+
+## [1.4.2] - 2026-03-28
+
+### Fixed
+- **n8n** - Make `N8N_PAYLOAD_SIZE_MAX` configurable via `.env` (was hardcoded to 256, ignoring user overrides)
+- **Uptime Kuma** - Fix healthcheck failure (`wget: not found`) by switching to Node.js-based check
+
 ## [1.4.1] - 2026-03-23
 
 ### Fixed

VERSION

@@ -1 +1 @@
-1.4.1
+1.5.0

docker-compose.yml

@@ -83,13 +83,14 @@ x-n8n: &service-n8n
     N8N_LOG_LEVEL: ${N8N_LOG_LEVEL:-info}
     N8N_LOG_OUTPUT: ${N8N_LOG_OUTPUT:-console}
     N8N_METRICS: true
-    N8N_PAYLOAD_SIZE_MAX: 256
+    N8N_PAYLOAD_SIZE_MAX: ${N8N_PAYLOAD_SIZE_MAX:-256}
     N8N_PERSONALIZATION_ENABLED: false
     N8N_RESTRICT_FILE_ACCESS_TO: /data/shared
     N8N_RUNNERS_AUTH_TOKEN: ${N8N_RUNNERS_AUTH_TOKEN}
     N8N_RUNNERS_BROKER_LISTEN_ADDRESS: 0.0.0.0
     N8N_RUNNERS_ENABLED: true
     N8N_RUNNERS_MODE: external
+    N8N_RUNNERS_TASK_REQUEST_TIMEOUT: ${N8N_RUNNERS_TASK_REQUEST_TIMEOUT:-300}
     OFFLOAD_MANUAL_EXECUTIONS_TO_WORKERS: ${OFFLOAD_MANUAL_EXECUTIONS_TO_WORKERS:-true}
     N8N_SMTP_HOST: ${N8N_SMTP_HOST:-}
     N8N_SMTP_OAUTH_PRIVATE_KEY: ${N8N_SMTP_OAUTH_PRIVATE_KEY:-}
@@ -104,6 +105,7 @@ x-n8n: &service-n8n
     N8N_USER_MANAGEMENT_JWT_SECRET: ${N8N_USER_MANAGEMENT_JWT_SECRET}
     NODE_ENV: production
     NODES_EXCLUDE: ${NODES_EXCLUDE:-[]}
+    QUEUE_BULL_PREFIX: ${QUEUE_BULL_PREFIX:-n8n}
     QUEUE_BULL_REDIS_HOST: ${REDIS_HOST:-redis}
     QUEUE_BULL_REDIS_PORT: ${REDIS_PORT:-6379}
     QUEUE_HEALTH_CHECK_ACTIVE: true
@@ -141,8 +143,8 @@ x-n8n-worker-runner: &service-n8n-worker-runner
     <<: *proxy-env
     GENERIC_TIMEZONE: ${GENERIC_TIMEZONE:-America/New_York}
     N8N_RUNNERS_AUTH_TOKEN: ${N8N_RUNNERS_AUTH_TOKEN}
-    N8N_RUNNERS_AUTO_SHUTDOWN_TIMEOUT: 15
-    N8N_RUNNERS_MAX_CONCURRENCY: ${N8N_RUNNERS_MAX_CONCURRENCY:-5}
+    N8N_RUNNERS_AUTO_SHUTDOWN_TIMEOUT: ${N8N_RUNNERS_AUTO_SHUTDOWN_TIMEOUT:-0}
+    N8N_RUNNERS_MAX_CONCURRENCY: ${N8N_RUNNERS_MAX_CONCURRENCY:-10}
     N8N_RUNNERS_TASK_BROKER_URI: http://127.0.0.1:5679
 
 services:
@@ -309,7 +311,7 @@ services:
       NC_AUTH_JWT_SECRET: ${NOCODB_JWT_SECRET}
       NC_DB: pg://postgres:5432?u=postgres&p=${POSTGRES_PASSWORD}&d=nocodb
       NC_PUBLIC_URL: https://${NOCODB_HOSTNAME}
-      NC_REDIS_URL: redis://redis:6379
+      NC_REDIS_URL: redis://redis:6379/1
     volumes:
       - nocodb_data:/usr/app/data
     healthcheck:
@@ -667,10 +669,16 @@ services:
       - 9100
 
   cadvisor:
-    image: gcr.io/cadvisor/cadvisor:latest
+    image: gcr.io/cadvisor/cadvisor:v0.55.1
     container_name: cadvisor
     profiles: ["monitoring"]
     restart: unless-stopped
+    mem_limit: 1g
+    mem_reservation: 256m
+    cpus: "1.0"
+    command:
+      - --housekeeping_interval=10s
+      - --docker_only=true
     volumes:
       - /:/rootfs:ro
       - /var/run:/var/run:rw
@@ -1184,6 +1192,7 @@ services:
       # Authentication (Built-in)
       AUTH_ACCOUNTS: ${LIGHTRAG_USERNAME}:${LIGHTRAG_PASSWORD}
       LIGHTRAG_API_KEY: ${LIGHTRAG_API_KEY}
+      TOKEN_SECRET: ${LIGHTRAG_TOKEN_SECRET}
       # LLM Configuration (Ollama)
       LLM_BINDING: ollama
       LLM_MODEL: qwen2.5:32b
@@ -1291,7 +1300,7 @@ services:
     volumes:
       - uptime_kuma_data:/app/data
     healthcheck:
-      test: ["CMD-SHELL", "http_proxy= https_proxy= HTTP_PROXY= HTTPS_PROXY= wget -qO- http://localhost:3001/ || exit 1"]
+      test: ["CMD-SHELL", "node -e \"const http=require('http');const r=http.get('http://localhost:3001',res=>{process.exit(res.statusCode<400?0:1)});r.on('error',()=>process.exit(1));r.setTimeout(5000,()=>{r.destroy();process.exit(1)})\""]
       interval: 30s
       timeout: 10s
       retries: 5

scripts/03_generate_secrets.sh

@@ -93,6 +93,7 @@ declare -A VARS_TO_GENERATE=(
     ["LETTA_SERVER_PASSWORD"]="password:32" # Added Letta server password
     ["LIGHTRAG_API_KEY"]="secret:48"
     ["LIGHTRAG_PASSWORD"]="password:32"
+    ["LIGHTRAG_TOKEN_SECRET"]="secret:64" # JWT signing secret (required when AUTH_ACCOUNTS is set)
     ["LOGFLARE_PRIVATE_ACCESS_TOKEN"]="fixed:not-in-use" # For supabase-vector, can't be empty
     ["LOGFLARE_PUBLIC_ACCESS_TOKEN"]="fixed:not-in-use" # For supabase-vector, can't be empty
     ["LT_PASSWORD"]="password:32" # Added LibreTranslate basic auth password

start_services.py

@@ -281,6 +281,8 @@ def stop_existing_containers():
     dify_compose_path = os.path.join("dify", "docker", "docker-compose.yaml")
     if os.path.exists(dify_compose_path):
         cmd.extend(["-f", dify_compose_path])
+        for profile in get_all_profiles(dify_compose_path):
+            cmd.extend(["--profile", profile])
 
     # Check if the n8n workers compose file exists. If so, include it in the 'down' command.
     n8n_workers_compose_path = "docker-compose.n8n-workers.yml"
@@ -312,7 +314,11 @@ def start_dify():
         return
     print("Starting Dify services...")
     run_command([
-        "docker", "compose", "-p", "localai", "-f", "dify/docker/docker-compose.yaml", "up", "-d"
+        "docker", "compose", "-p", "localai",
+        "--profile", "postgresql",
+        "--profile", "weaviate",
+        "-f", "dify/docker/docker-compose.yaml",
+        "up", "-d",
     ])
 
 def start_local_ai():