rosslh/coolify
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

fix: updated passout key

Browse source
This commit is contained in:
ajay 2025-11-07 16:45:16 +05:30
parent b0a17b9ba9
commit 50accfeb2a
1 changed files with 79 additions and 49 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

128
templates/compose/documenso.yaml
View file

@ -11,52 +11,72 @@ services:
depends_on:
database:
condition: service_healthy
ports:
- "3000:3000"
environment:
- SERVICE_URL_DOCUMENSO_3000
- NEXTAUTH_URL=${SERVICE_URL_DOCUMENSO}
- NEXTAUTH_SECRET=${SERVICE_BASE64_AUTHSECRET}
- NEXT_PRIVATE_ENCRYPTION_KEY=${SERVICE_BASE64_ENCRYPTIONKEY}
- NEXT_PRIVATE_ENCRYPTION_SECONDARY_KEY=${SERVICE_BASE64_SECONDARYENCRYPTIONKEY}
- NEXT_PUBLIC_WEBAPP_URL=${SERVICE_URL_DOCUMENSO}
- NEXT_PRIVATE_RESEND_API_KEY=${NEXT_PRIVATE_RESEND_API_KEY}
- NEXT_PRIVATE_SMTP_TRANSPORT=${NEXT_PRIVATE_SMTP_TRANSPORT}
- NEXT_PRIVATE_SMTP_HOST=${NEXT_PRIVATE_SMTP_HOST}
- NEXT_PRIVATE_SMTP_PORT=${NEXT_PRIVATE_SMTP_PORT}
- NEXT_PRIVATE_SMTP_USERNAME=${NEXT_PRIVATE_SMTP_USERNAME}
- NEXT_PRIVATE_SMTP_PASSWORD=${NEXT_PRIVATE_SMTP_PASSWORD}
- NEXT_PRIVATE_SMTP_FROM_NAME=${NEXT_PRIVATE_SMTP_FROM_NAME}
- NEXT_PRIVATE_SMTP_FROM_ADDRESS=${NEXT_PRIVATE_SMTP_FROM_ADDRESS}
- NEXT_PRIVATE_DATABASE_URL=postgresql://${SERVICE_USER_POSTGRES}:${SERVICE_PASSWORD_POSTGRES}@database/${POSTGRES_DB:-documenso-db}?schema=public
- NEXT_PRIVATE_DIRECT_DATABASE_URL=postgresql://${SERVICE_USER_POSTGRES}:${SERVICE_PASSWORD_POSTGRES}@database/${POSTGRES_DB:-documenso-db}?schema=public
- SERVICE_URL_DOCUMENSO_3000=http://localhost:3000
- NEXTAUTH_URL=http://localhost:3000
- NEXTAUTH_SECRET=${NEXTAUTH_SECRET:-test-secret-key-change-in-production}
- NEXT_PRIVATE_ENCRYPTION_KEY=${NEXT_PRIVATE_ENCRYPTION_KEY:-test-encryption-key-32-chars}
- NEXT_PRIVATE_ENCRYPTION_SECONDARY_KEY=${NEXT_PRIVATE_ENCRYPTION_SECONDARY_KEY:-test-secondary-encryption-key-64-characters-long-for-production-use}
- NEXT_PUBLIC_WEBAPP_URL=http://localhost:3000
- NEXT_PRIVATE_RESEND_API_KEY=${NEXT_PRIVATE_RESEND_API_KEY:-}
- NEXT_PRIVATE_SMTP_TRANSPORT=${NEXT_PRIVATE_SMTP_TRANSPORT:-}
- NEXT_PRIVATE_SMTP_HOST=${NEXT_PRIVATE_SMTP_HOST:-}
- NEXT_PRIVATE_SMTP_PORT=${NEXT_PRIVATE_SMTP_PORT:-}
- NEXT_PRIVATE_SMTP_USERNAME=${NEXT_PRIVATE_SMTP_USERNAME:-}
- NEXT_PRIVATE_SMTP_PASSWORD=${NEXT_PRIVATE_SMTP_PASSWORD:-}
- NEXT_PRIVATE_SMTP_FROM_NAME=${NEXT_PRIVATE_SMTP_FROM_NAME:-}
- NEXT_PRIVATE_SMTP_FROM_ADDRESS=${NEXT_PRIVATE_SMTP_FROM_ADDRESS:-}
- NEXT_PRIVATE_DATABASE_URL=postgresql://${POSTGRES_USER:-documenso}:${POSTGRES_PASSWORD:-documenso}@database/${POSTGRES_DB:-documenso-db}?schema=public
- NEXT_PRIVATE_DIRECT_DATABASE_URL=postgresql://${POSTGRES_USER:-documenso}:${POSTGRES_PASSWORD:-documenso}@database/${POSTGRES_DB:-documenso-db}?schema=public
- NEXT_PRIVATE_SIGNING_TRANSPORT=local
- NEXT_PRIVATE_SIGNING_LOCAL_FILE_PATH=/app/certs/cert.p12
- NEXT_PRIVATE_SIGNING_LOCAL_FILE_PASSPHRASE=${SERVICE_PASSWORD_DOCUMENSO}
- NEXT_PRIVATE_SIGNING_LOCAL_FILE_PASSPHRASE=${NEXT_PRIVATE_SIGNING_LOCAL_FILE_PASSPHRASE:-documenso}
- CERT_VALID_DAYS=${CERT_VALID_DAYS:-365}
- CERT_INFO_COUNTRY_NAME=${CERT_INFO_COUNTRY_NAME:-DO}
- CERT_INFO_STATE_OR_PROVIDENCE=${CERT_INFO_STATE_OR_PROVIDENCE:-Santiago}
- CERT_INFO_LOCALITY_NAME=${CERT_INFO_LOCALITY_NAME:-Santiago}
- CERT_INFO_ORGANIZATION_NAME=${CERT_INFO_ORGANIZATION_NAME:-Example INC}
- CERT_INFO_COUNTRY_NAME=${CERT_INFO_COUNTRY_NAME:-US}
- CERT_INFO_STATE_OR_PROVIDENCE=${CERT_INFO_STATE_OR_PROVIDENCE:-State}
- CERT_INFO_LOCALITY_NAME=${CERT_INFO_LOCALITY_NAME:-City}
- CERT_INFO_ORGANIZATION_NAME=${CERT_INFO_ORGANIZATION_NAME:-Test Organization}
- CERT_INFO_ORGANIZATIONAL_UNIT=${CERT_INFO_ORGANIZATIONAL_UNIT:-IT Department}
- CERT_INFO_EMAIL=${CERT_INFO_EMAIL:-example@gmail.com}
- CERT_INFO_EMAIL=${CERT_INFO_EMAIL:-test@example.com}
- NEXT_PUBLIC_DISABLE_SIGNUP=${DISABLE_LOGIN:-false}
- SERVICE_PASSWORD_DOCUMENSO=${SERVICE_PASSWORD_DOCUMENSO:-documenso}
- SERVICE_URL_DOCUMENSO=http://localhost:3000
healthcheck:
test:
- CMD-SHELL
- "wget -q -O - http://documenso:3000/ | grep -q 'Sign in to your account'"
interval: 2s
timeout: 10s
retries: 20
- "wget -q -O - http://localhost:3000/ | grep -q 'Sign in to your account' || exit 1"
interval: 10s
timeout: 5s
retries: 10
start_period: 40s
entrypoint:
- /bin/sh
- -c
- |
CERT_DIR="/app/certs"
CERT_PASSPHRASE="${SERVICE_PASSWORD_DOCUMENSO}"
CERT_PASSPHRASE="$${NEXT_PRIVATE_SIGNING_LOCAL_FILE_PASSPHRASE}"
# Save original working directory
ORIGINAL_DIR="$(pwd)"
ORIGINAL_DIR="$$(pwd)"
mkdir -p "$CERT_DIR"
# Find openssl binary (should be available in v1.12.10+)
OPENSSL_CMD="$$(which openssl 2>/dev/null || command -v openssl 2>/dev/null || echo '/usr/bin/openssl')"
# Verify openssl is available
if ! $$OPENSSL_CMD version >/dev/null 2>&1; then
echo "Error: OpenSSL not found. Please use Documenso image v1.12.10 or later."
exit 1
fi
# Create certificate directory - use /app/certs (writable by user 1001)
CERT_DIR="/app/certs"
mkdir -p "$$CERT_DIR" || {
# Fallback to tmp if app directory not writable
CERT_DIR="/tmp/certs"
mkdir -p "$$CERT_DIR"
echo "Warning: Using fallback directory: $$CERT_DIR"
}
touch /tmp/cert_info_path
cat <<EOF > /tmp/cert_info_path
@ -64,53 +84,63 @@ services:
distinguished_name = req_distinguished_name
prompt = no
[ req_distinguished_name ]
C = ${CERT_INFO_COUNTRY_NAME}
ST = ${CERT_INFO_STATE_OR_PROVIDENCE}
L = ${CERT_INFO_LOCALITY_NAME}
O = ${CERT_INFO_ORGANIZATION_NAME}
OU = ${CERT_INFO_ORGANIZATIONAL_UNIT}
CN = ${SERVICE_URL_DOCUMENSO}
emailAddress = ${CERT_INFO_EMAIL}
C = $${CERT_INFO_COUNTRY_NAME}
ST = $${CERT_INFO_STATE_OR_PROVIDENCE}
L = $${CERT_INFO_LOCALITY_NAME}
O = $${CERT_INFO_ORGANIZATION_NAME}
OU = $${CERT_INFO_ORGANIZATIONAL_UNIT}
CN = $${SERVICE_URL_DOCUMENSO}
emailAddress = $${CERT_INFO_EMAIL}
EOF
cd "$CERT_DIR"
cd "$$CERT_DIR"
openssl genrsa -out private.key 2048
$$OPENSSL_CMD genrsa -out private.key 2048
openssl req \
$$OPENSSL_CMD req \
-new \
-x509 \
-key private.key \
-out certificate.crt \
-days ${CERT_VALID_DAYS} \
-days $${CERT_VALID_DAYS} \
-config /tmp/cert_info_path
openssl pkcs12 \
$$OPENSSL_CMD pkcs12 \
-export \
-out cert.p12 \
-inkey private.key \
-in certificate.crt \
-legacy \
-passout pass:"$CERT_PASSPHRASE"
-passout pass:"$$CERT_PASSPHRASE"
chown 1001:1001 cert.p12 private.key certificate.crt
# Set permissions (may fail if not root, but will work in Coolify)
chown 1001:1001 cert.p12 private.key certificate.crt 2>/dev/null || true
chmod 400 cert.p12 private.key certificate.crt
# Update environment variable if directory changed
if [ "$$CERT_DIR" != "/app/certs" ]; then
export NEXT_PRIVATE_SIGNING_LOCAL_FILE_PATH="$$CERT_DIR/cert.p12"
fi
# Return to original directory before starting application
cd "$ORIGINAL_DIR"
cd "$$ORIGINAL_DIR"
./start.sh
database:
image: postgres:17
environment:
- POSTGRES_USER=${SERVICE_USER_POSTGRES}
- POSTGRES_PASSWORD=${SERVICE_PASSWORD_POSTGRES}
- POSTGRES_USER=${POSTGRES_USER:-documenso}
- POSTGRES_PASSWORD=${POSTGRES_PASSWORD:-documenso}
- POSTGRES_DB=${POSTGRES_DB:-documenso-db}
volumes:
- documenso_postgresql_data:/var/lib/postgresql/data
healthcheck:
test: ["CMD-SHELL", "pg_isready -U $${POSTGRES_USER} -d $${POSTGRES_DB}"]
test: ["CMD-SHELL", "pg_isready -U ${POSTGRES_USER:-documenso} -d ${POSTGRES_DB:-documenso-db}"]
interval: 5s
timeout: 20s
timeout: 5s
retries: 10
start_period: 10s
volumes:
documenso_postgresql_data: