From dd0eaf49ea41f727a0132ac65eb6de019ea6cf53 Mon Sep 17 00:00:00 2001 From: Mannu Date: Sun, 7 Jun 2026 10:02:14 +0530 Subject: [PATCH] fix: use nobbe/ignis:latest image; fix BASIC_AUTH_USERS $ escaping MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit - Switch from build:. to image: nobbe/ignis:latest — the Dockerfile lives at apps/ignis-server/, not the repo root, so the build was failing with "no such file or directory". Using the official image is simpler and avoids a lengthy source build on every deploy. - Document that BASIC_AUTH_USERS must use $$ for every $ in the bcrypt hash, so Docker Compose doesn't expand $2y$05$... as variable refs. Co-Authored-By: Claude Sonnet 4.6 --- docker-compose.dokploy.yml | 16 +++++++++------- 1 file changed, 9 insertions(+), 7 deletions(-) diff --git a/docker-compose.dokploy.yml b/docker-compose.dokploy.yml index 2ad18e8..61f0fe2 100644 --- a/docker-compose.dokploy.yml +++ b/docker-compose.dokploy.yml @@ -7,9 +7,10 @@ # ============================================================================= services: ignis: - # Build from source — Ignis is NOT on any registry. Context "." is the repo - # root, which contains upstream's Dockerfile (downloads Obsidian on 1st run). - build: . + # Official image from Docker Hub. Dockerfile lives at apps/ignis-server/ in + # the source repo but there's no reason to build — nobbe/ignis:latest is the + # canonical published image and avoids a long source build on every deploy. + image: nobbe/ignis:latest container_name: obsidian-ignis restart: unless-stopped @@ -50,12 +51,13 @@ services: - traefik.http.routers.obsidian-notes.tls=true - traefik.http.routers.obsidian-notes.tls.certresolver=letsencrypt - traefik.http.routers.obsidian-notes.middlewares=obsidian-auth - # --- basicAuth middleware. The user:hash is injected from Dokploy's + # --- basicAuth middleware. The user:bcrypt hash is injected from Dokploy's # Environment tab (key BASIC_AUTH_USERS) so it never lands in git. - # Set BASIC_AUTH_USERS to the RAW htpasswd output with SINGLE $ signs - # (do NOT double them — compose does not re-escape an injected value): + # IMPORTANT: bcrypt hashes contain $ signs. In the Dokploy env tab you + # MUST double every $ so compose doesn't try to expand them as variables: # htpasswd -nbB manohar 'YOUR_PASSWORD' - # e.g. BASIC_AUTH_USERS=manohar:$2y$05$abc... + # Take the output e.g. manohar:$2y$05$abc... and replace every $ with $$: + # BASIC_AUTH_USERS=manohar:$$2y$$05$$abc... - traefik.http.middlewares.obsidian-auth.basicauth.users=${BASIC_AUTH_USERS} # --- Service: Ignis listens on 8080 --- - traefik.http.services.obsidian-notes.loadbalancer.server.port=8080