manohar/ignis
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

fix: use nobbe/ignis:latest image; fix BASIC_AUTH_USERS $ escaping

Browse source 
- Switch from build:. to image: nobbe/ignis:latest — the Dockerfile
  lives at apps/ignis-server/, not the repo root, so the build was
  failing with "no such file or directory". Using the official image
  is simpler and avoids a lengthy source build on every deploy.

- Document that BASIC_AUTH_USERS must use $$ for every $ in the bcrypt
  hash, so Docker Compose doesn't expand $2y$05$... as variable refs.

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
This commit is contained in:
Manohar Gupta 2026-06-07 10:02:14 +05:30
parent 32086b7122
commit dd0eaf49ea
1 changed files with 9 additions and 7 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

16
docker-compose.dokploy.yml
View file

@ -7,9 +7,10 @@
# ============================================================================= # =============================================================================
services: services:
ignis: ignis:
# Build from source — Ignis is NOT on any registry. Context "." is the repo # Official image from Docker Hub. Dockerfile lives at apps/ignis-server/ in
# root, which contains upstream's Dockerfile (downloads Obsidian on 1st run). # the source repo but there's no reason to build — nobbe/ignis:latest is the
build: . # canonical published image and avoids a long source build on every deploy.
image: nobbe/ignis:latest
container_name: obsidian-ignis container_name: obsidian-ignis
restart: unless-stopped restart: unless-stopped
@ -50,12 +51,13 @@ services:
- traefik.http.routers.obsidian-notes.tls=true - traefik.http.routers.obsidian-notes.tls=true
- traefik.http.routers.obsidian-notes.tls.certresolver=letsencrypt - traefik.http.routers.obsidian-notes.tls.certresolver=letsencrypt
- traefik.http.routers.obsidian-notes.middlewares=obsidian-auth - traefik.http.routers.obsidian-notes.middlewares=obsidian-auth
# --- basicAuth middleware. The user:hash is injected from Dokploy's # --- basicAuth middleware. The user:bcrypt hash is injected from Dokploy's
# Environment tab (key BASIC_AUTH_USERS) so it never lands in git. # Environment tab (key BASIC_AUTH_USERS) so it never lands in git.
# Set BASIC_AUTH_USERS to the RAW htpasswd output with SINGLE $ signs # IMPORTANT: bcrypt hashes contain $ signs. In the Dokploy env tab you
# (do NOT double them — compose does not re-escape an injected value): # MUST double every $ so compose doesn't try to expand them as variables:
# htpasswd -nbB manohar 'YOUR_PASSWORD' # htpasswd -nbB manohar 'YOUR_PASSWORD'
# e.g. BASIC_AUTH_USERS=manohar:$2y$05$abc... # Take the output e.g. manohar:$2y$05$abc... and replace every $ with $$:
# BASIC_AUTH_USERS=manohar:$$2y$$05$$abc...
- traefik.http.middlewares.obsidian-auth.basicauth.users=${BASIC_AUTH_USERS} - traefik.http.middlewares.obsidian-auth.basicauth.users=${BASIC_AUTH_USERS}
# --- Service: Ignis listens on 8080 --- # --- Service: Ignis listens on 8080 ---
- traefik.http.services.obsidian-notes.loadbalancer.server.port=8080 - traefik.http.services.obsidian-notes.loadbalancer.server.port=8080