Self-hosted installations can now opt SafeFetch into private-network access after SSRF hardening. The default remains unchanged: private IP destinations are blocked unless the instance owner explicitly enables private-network requests with SAFE_FETCH_ALLOW_PRIVATE_NETWORK=true
This is a breaking change if you use latest tag and have evolution-api or similar deployed on coolify alongside chatwoot.
Add official Hermes Agent logo (256x256 PNG from upstream repo).
Mount hermes-agent-src volume as read-only in webui container per
upstream recommendation (since v0.51.84).
Adds OpenObserve as a one-click service template. OpenObserve is a
cloud-native observability platform for logs, metrics, traces, RUM and
session replays, positioned as a self-hosted alternative to Elasticsearch,
Splunk and Datadog.
- Uses the official open-source image (public.ecr.aws/zinclabs/openobserve)
- Wires admin password through Coolify's SERVICE_PASSWORD_* magic env
- Persists /data via a named volume
- Exposes port 5080 via SERVICE_URL_OPENOBSERVE_5080
- Opts out of telemetry by default (overridable via ZO_TELEMETRY)
- Adds /healthz healthcheck and the OpenObserve logo
Supersedes #6328, addressing the prior review feedback (drop the
deprecated version key, drop hardcoded container_name and restart
policy, switch to the magic password env, and use a named volume).
Two-container template: hermes-agent gateway plus the hermes-webui chat
UI. The WebUI is public-facing (gets the generated FQDN and password via
Coolify magic vars); the agent stays internal, sharing named volumes.
Hermes uses embedded SQLite, so no external database is needed.
Drop the unstable applications/dockercompose route and controller path now that
service creation is handled by POST /api/v1/services. Add coverage to ensure the
deprecated endpoint stays unregistered while the services endpoint remains
available.
Pulls latest service-templates JSON files from `next` so cloud's hourly
PullTemplatesFromCDN job picks up queued template fixes (Jitsi, Plane,
Cap, Beszel, Langfuse, Twenty, Cal.com, etc.).
`templates/**` is in `paths-ignore` of coolify-production-build.yml so
no image rebuild triggered.
Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
