From 50accfeb2a1368ab067dc8745c78f93fa0ce77c2 Mon Sep 17 00:00:00 2001 From: ajay Date: Fri, 7 Nov 2025 16:45:16 +0530 Subject: [PATCH] fix: updated passout key --- templates/compose/documenso.yaml | 128 +++++++++++++++++++------------ 1 file changed, 79 insertions(+), 49 deletions(-) diff --git a/templates/compose/documenso.yaml b/templates/compose/documenso.yaml index e51c0e8be..6ad054240 100644 --- a/templates/compose/documenso.yaml +++ b/templates/compose/documenso.yaml @@ -11,52 +11,72 @@ services: depends_on: database: condition: service_healthy + ports: + - "3000:3000" environment: - - SERVICE_URL_DOCUMENSO_3000 - - NEXTAUTH_URL=${SERVICE_URL_DOCUMENSO} - - NEXTAUTH_SECRET=${SERVICE_BASE64_AUTHSECRET} - - NEXT_PRIVATE_ENCRYPTION_KEY=${SERVICE_BASE64_ENCRYPTIONKEY} - - NEXT_PRIVATE_ENCRYPTION_SECONDARY_KEY=${SERVICE_BASE64_SECONDARYENCRYPTIONKEY} - - NEXT_PUBLIC_WEBAPP_URL=${SERVICE_URL_DOCUMENSO} - - NEXT_PRIVATE_RESEND_API_KEY=${NEXT_PRIVATE_RESEND_API_KEY} - - NEXT_PRIVATE_SMTP_TRANSPORT=${NEXT_PRIVATE_SMTP_TRANSPORT} - - NEXT_PRIVATE_SMTP_HOST=${NEXT_PRIVATE_SMTP_HOST} - - NEXT_PRIVATE_SMTP_PORT=${NEXT_PRIVATE_SMTP_PORT} - - NEXT_PRIVATE_SMTP_USERNAME=${NEXT_PRIVATE_SMTP_USERNAME} - - NEXT_PRIVATE_SMTP_PASSWORD=${NEXT_PRIVATE_SMTP_PASSWORD} - - NEXT_PRIVATE_SMTP_FROM_NAME=${NEXT_PRIVATE_SMTP_FROM_NAME} - - NEXT_PRIVATE_SMTP_FROM_ADDRESS=${NEXT_PRIVATE_SMTP_FROM_ADDRESS} - - NEXT_PRIVATE_DATABASE_URL=postgresql://${SERVICE_USER_POSTGRES}:${SERVICE_PASSWORD_POSTGRES}@database/${POSTGRES_DB:-documenso-db}?schema=public - - NEXT_PRIVATE_DIRECT_DATABASE_URL=postgresql://${SERVICE_USER_POSTGRES}:${SERVICE_PASSWORD_POSTGRES}@database/${POSTGRES_DB:-documenso-db}?schema=public + - SERVICE_URL_DOCUMENSO_3000=http://localhost:3000 + - NEXTAUTH_URL=http://localhost:3000 + - NEXTAUTH_SECRET=${NEXTAUTH_SECRET:-test-secret-key-change-in-production} + - NEXT_PRIVATE_ENCRYPTION_KEY=${NEXT_PRIVATE_ENCRYPTION_KEY:-test-encryption-key-32-chars} + - NEXT_PRIVATE_ENCRYPTION_SECONDARY_KEY=${NEXT_PRIVATE_ENCRYPTION_SECONDARY_KEY:-test-secondary-encryption-key-64-characters-long-for-production-use} + - NEXT_PUBLIC_WEBAPP_URL=http://localhost:3000 + - NEXT_PRIVATE_RESEND_API_KEY=${NEXT_PRIVATE_RESEND_API_KEY:-} + - NEXT_PRIVATE_SMTP_TRANSPORT=${NEXT_PRIVATE_SMTP_TRANSPORT:-} + - NEXT_PRIVATE_SMTP_HOST=${NEXT_PRIVATE_SMTP_HOST:-} + - NEXT_PRIVATE_SMTP_PORT=${NEXT_PRIVATE_SMTP_PORT:-} + - NEXT_PRIVATE_SMTP_USERNAME=${NEXT_PRIVATE_SMTP_USERNAME:-} + - NEXT_PRIVATE_SMTP_PASSWORD=${NEXT_PRIVATE_SMTP_PASSWORD:-} + - NEXT_PRIVATE_SMTP_FROM_NAME=${NEXT_PRIVATE_SMTP_FROM_NAME:-} + - NEXT_PRIVATE_SMTP_FROM_ADDRESS=${NEXT_PRIVATE_SMTP_FROM_ADDRESS:-} + - NEXT_PRIVATE_DATABASE_URL=postgresql://${POSTGRES_USER:-documenso}:${POSTGRES_PASSWORD:-documenso}@database/${POSTGRES_DB:-documenso-db}?schema=public + - NEXT_PRIVATE_DIRECT_DATABASE_URL=postgresql://${POSTGRES_USER:-documenso}:${POSTGRES_PASSWORD:-documenso}@database/${POSTGRES_DB:-documenso-db}?schema=public - NEXT_PRIVATE_SIGNING_TRANSPORT=local - NEXT_PRIVATE_SIGNING_LOCAL_FILE_PATH=/app/certs/cert.p12 - - NEXT_PRIVATE_SIGNING_LOCAL_FILE_PASSPHRASE=${SERVICE_PASSWORD_DOCUMENSO} + - NEXT_PRIVATE_SIGNING_LOCAL_FILE_PASSPHRASE=${NEXT_PRIVATE_SIGNING_LOCAL_FILE_PASSPHRASE:-documenso} - CERT_VALID_DAYS=${CERT_VALID_DAYS:-365} - - CERT_INFO_COUNTRY_NAME=${CERT_INFO_COUNTRY_NAME:-DO} - - CERT_INFO_STATE_OR_PROVIDENCE=${CERT_INFO_STATE_OR_PROVIDENCE:-Santiago} - - CERT_INFO_LOCALITY_NAME=${CERT_INFO_LOCALITY_NAME:-Santiago} - - CERT_INFO_ORGANIZATION_NAME=${CERT_INFO_ORGANIZATION_NAME:-Example INC} + - CERT_INFO_COUNTRY_NAME=${CERT_INFO_COUNTRY_NAME:-US} + - CERT_INFO_STATE_OR_PROVIDENCE=${CERT_INFO_STATE_OR_PROVIDENCE:-State} + - CERT_INFO_LOCALITY_NAME=${CERT_INFO_LOCALITY_NAME:-City} + - CERT_INFO_ORGANIZATION_NAME=${CERT_INFO_ORGANIZATION_NAME:-Test Organization} - CERT_INFO_ORGANIZATIONAL_UNIT=${CERT_INFO_ORGANIZATIONAL_UNIT:-IT Department} - - CERT_INFO_EMAIL=${CERT_INFO_EMAIL:-example@gmail.com} + - CERT_INFO_EMAIL=${CERT_INFO_EMAIL:-test@example.com} - NEXT_PUBLIC_DISABLE_SIGNUP=${DISABLE_LOGIN:-false} + - SERVICE_PASSWORD_DOCUMENSO=${SERVICE_PASSWORD_DOCUMENSO:-documenso} + - SERVICE_URL_DOCUMENSO=http://localhost:3000 healthcheck: test: - CMD-SHELL - - "wget -q -O - http://documenso:3000/ | grep -q 'Sign in to your account'" - interval: 2s - timeout: 10s - retries: 20 + - "wget -q -O - http://localhost:3000/ | grep -q 'Sign in to your account' || exit 1" + interval: 10s + timeout: 5s + retries: 10 + start_period: 40s entrypoint: - /bin/sh - -c - | - CERT_DIR="/app/certs" - CERT_PASSPHRASE="${SERVICE_PASSWORD_DOCUMENSO}" + CERT_PASSPHRASE="$${NEXT_PRIVATE_SIGNING_LOCAL_FILE_PASSPHRASE}" # Save original working directory - ORIGINAL_DIR="$(pwd)" + ORIGINAL_DIR="$$(pwd)" - mkdir -p "$CERT_DIR" + # Find openssl binary (should be available in v1.12.10+) + OPENSSL_CMD="$$(which openssl 2>/dev/null || command -v openssl 2>/dev/null || echo '/usr/bin/openssl')" + + # Verify openssl is available + if ! $$OPENSSL_CMD version >/dev/null 2>&1; then + echo "Error: OpenSSL not found. Please use Documenso image v1.12.10 or later." + exit 1 + fi + + # Create certificate directory - use /app/certs (writable by user 1001) + CERT_DIR="/app/certs" + mkdir -p "$$CERT_DIR" || { + # Fallback to tmp if app directory not writable + CERT_DIR="/tmp/certs" + mkdir -p "$$CERT_DIR" + echo "Warning: Using fallback directory: $$CERT_DIR" + } touch /tmp/cert_info_path cat < /tmp/cert_info_path @@ -64,53 +84,63 @@ services: distinguished_name = req_distinguished_name prompt = no [ req_distinguished_name ] - C = ${CERT_INFO_COUNTRY_NAME} - ST = ${CERT_INFO_STATE_OR_PROVIDENCE} - L = ${CERT_INFO_LOCALITY_NAME} - O = ${CERT_INFO_ORGANIZATION_NAME} - OU = ${CERT_INFO_ORGANIZATIONAL_UNIT} - CN = ${SERVICE_URL_DOCUMENSO} - emailAddress = ${CERT_INFO_EMAIL} + C = $${CERT_INFO_COUNTRY_NAME} + ST = $${CERT_INFO_STATE_OR_PROVIDENCE} + L = $${CERT_INFO_LOCALITY_NAME} + O = $${CERT_INFO_ORGANIZATION_NAME} + OU = $${CERT_INFO_ORGANIZATIONAL_UNIT} + CN = $${SERVICE_URL_DOCUMENSO} + emailAddress = $${CERT_INFO_EMAIL} EOF - cd "$CERT_DIR" + cd "$$CERT_DIR" - openssl genrsa -out private.key 2048 + $$OPENSSL_CMD genrsa -out private.key 2048 - openssl req \ + $$OPENSSL_CMD req \ -new \ -x509 \ -key private.key \ -out certificate.crt \ - -days ${CERT_VALID_DAYS} \ + -days $${CERT_VALID_DAYS} \ -config /tmp/cert_info_path - openssl pkcs12 \ + $$OPENSSL_CMD pkcs12 \ -export \ -out cert.p12 \ -inkey private.key \ -in certificate.crt \ -legacy \ - -passout pass:"$CERT_PASSPHRASE" + -passout pass:"$$CERT_PASSPHRASE" - chown 1001:1001 cert.p12 private.key certificate.crt + # Set permissions (may fail if not root, but will work in Coolify) + chown 1001:1001 cert.p12 private.key certificate.crt 2>/dev/null || true chmod 400 cert.p12 private.key certificate.crt + # Update environment variable if directory changed + if [ "$$CERT_DIR" != "/app/certs" ]; then + export NEXT_PRIVATE_SIGNING_LOCAL_FILE_PATH="$$CERT_DIR/cert.p12" + fi + # Return to original directory before starting application - cd "$ORIGINAL_DIR" + cd "$$ORIGINAL_DIR" ./start.sh database: image: postgres:17 environment: - - POSTGRES_USER=${SERVICE_USER_POSTGRES} - - POSTGRES_PASSWORD=${SERVICE_PASSWORD_POSTGRES} + - POSTGRES_USER=${POSTGRES_USER:-documenso} + - POSTGRES_PASSWORD=${POSTGRES_PASSWORD:-documenso} - POSTGRES_DB=${POSTGRES_DB:-documenso-db} volumes: - documenso_postgresql_data:/var/lib/postgresql/data healthcheck: - test: ["CMD-SHELL", "pg_isready -U $${POSTGRES_USER} -d $${POSTGRES_DB}"] + test: ["CMD-SHELL", "pg_isready -U ${POSTGRES_USER:-documenso} -d ${POSTGRES_DB:-documenso-db}"] interval: 5s - timeout: 20s + timeout: 5s retries: 10 + start_period: 10s + +volumes: + documenso_postgresql_data: \ No newline at end of file