Using 'stub' as default would break existing installations that stored files
under the default tenantId 'storage-single-tenant' (pre-TENANT_ID era).
After upgrading, storage-api would look for files under 'stub/...' prefix
instead of 'storage-single-tenant/...', making all existing files inaccessible.
- Update Kong to 3.9.1 with new awk-based entrypoint script (replaces fragile eval/echo)
- Add request-transformer plugin to all secure Kong routes for API key translation
- Fix hide_credentials: false on REST and GraphQL routes
- Add post-function plugin on storage route for S3 presigned URL compatibility
- Add opaque API key support (SUPABASE_PUBLISHABLE_KEY, SUPABASE_SECRET_KEY)
- Update Vector router to use contains() matching for Coolify container names
- Add auto-generated self-signed TLS cert for Supavisor (fixes Supabase CLI connectivity)
- Fix logs not queryable in Studio by separating public/private Logflare access tokens
- Update image versions: Kong 3.9.1, Studio 2026.03.16, PostgREST v14.6, Storage v1.44.2, Edge Runtime v1.71.2
- Fix IMGPROXY_ENABLE_WEBP_DETECTION -> IMGPROXY_AUTO_WEBP
- Add deno-cache volume for faster Edge Function cold starts
- Make POOLER_TENANT_ID configurable
- Add start_period to Realtime and Supavisor healthchecks
- Add KONG_PROXY_ACCESS_LOG configuration
- Update SQL init scripts to use $POSTGRES_USER instead of hardcoded supabase_admin
The pinned commit hashes (00bd9272, 33cef775) are from ~Nov 2025 and
incompatible with convex npm package >=1.30, causing deploy failures
with "missing field `functions`" errors.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
When upgrading to the latest image version, the database alteration command was missing, causing the application to fail due to schema mismatch. This change ensures the database is properly migrated to the latest version during startup.
Prevent null CA certificate access during database SSL certificate regeneration
across KeyDB, MariaDB, MongoDB, MySQL, PostgreSQL, and Redis components.
If no CA certificate exists, attempt to generate one and re-query; if still
missing, dispatch a clear error and stop regeneration gracefully.
Add `SslCertificateRegenerationTest` coverage for missing-CA and CA-query
scenarios to prevent regressions.
The releases published on 27/03/26 causes Clickhouse to incorrectly
initialize. This prevent the DB from restarting after the initial run.
This pin the version to the most recent version that was working
properly.
Do not replace self-referencing environment variables (e.g., DATABASE_URL: ${DATABASE_URL})
with saved DB values in the compose environment section. Keeping the reference intact allows
Docker Compose to resolve from .env at deploy time, preventing stale values from overriding
user updates that haven't been re-parsed.
Fixes#9136
The Directus service templates were missing CORS configuration, causing
preflight OPTIONS requests to fail when connecting from frontend apps.
Users had to manually edit the compose file to add CORS variables.
Add sensible CORS defaults (enabled with dynamic origin matching) to
both directus.yaml and directus-with-postgresql.yaml templates. All
values are user-overridable via the Coolify UI.
Fixes#5024
GF_SERVER_DOMAIN expects a bare hostname (e.g. grafana.example.com) but
was set to SERVICE_URL_GRAFANA which includes the protocol
(https://grafana.example.com). This mismatch can cause Grafana to fail
to load its application files when deployed behind Coolify's proxy.
Changed to SERVICE_FQDN_GRAFANA which provides just the hostname. Applied
the fix to both grafana.yaml and grafana-with-postgresql.yaml templates.
Fixes#5307
The Supabase template hardcoded GOTRUE_SITE_URL to the internal Supabase
Kong URL, which caused OAuth redirects to go to the Supabase API domain
instead of the user's frontend domain. This broke Google OAuth, magic
links, and other redirect-based auth flows.
Allow users to set GOTRUE_SITE_URL in the Coolify UI to their frontend
domain while keeping the Supabase URL as a sensible default.
Fixes#5581
When adding --project-directory to custom docker compose start commands,
use the application's host workdir if preserveRepository is true, otherwise
use the container workdir. Add tests for both scenarios and explicit paths.
Previously, the view checked $privateKeyId with ! operator, which
incorrectly treats 0 (localhost key) as falsy. Changed to explicit
is_null() checks to distinguish between null (no key) and 0 (localhost).
Added test coverage for both cases.
Introduce a new `UpdateSubscriptionQuantity` Stripe action to:
- preview prorated due-now and next-cycle recurring costs
- update subscription item quantity with proration invoicing
- revert quantity and void invoice when payment is not completed
Wire the flow into the Livewire subscription actions UI with a new adjust-limit modal,
price preview loading, and confirmation-based updates. Also refactor the subscription
management section layout and fix modal confirmation behavior for temporary 2FA bypass.
Add `Subscription::billingInterval()` helper and comprehensive Pest coverage for
quantity updates, preview calculations, failure/revert paths, and billing interval logic.
Support both the older PDO::PGSQL_ATTR_DISABLE_PREPARES and newer
Pdo\Pgsql::ATTR_DISABLE_PREPARES constant names to ensure compatibility
across different PHP versions.
The latest version of plane v1.2.2 have security fixed but our template is using v1.0.0 which is 5 months behind the current latest. New version v1.2.2 doesn't work with our existing template so disabling it for now to prevent users from deploying a vulnerable version of plane
The template is using latest version of pterodactyl and the issue is the db migration fails for new users but works fine for existing deployments. We cannot revert the template to previous version because the current latest version addresses few CVEs so it's better to disable this template for now
Add socket.io/php-socket dependency to support WebSocket functionality
in the development container. Also update package-lock.json to reflect
peer dependency configurations for Socket.IO packages.
