-
-
Notifications
You must be signed in to change notification settings - Fork 3k
docs: align docker-compose env docs with #7907 (required credentials, TRUST_PROXY default)#7908
Open
JohnMcLear wants to merge 1 commit into
Open
docs: align docker-compose env docs with #7907 (required credentials, TRUST_PROXY default) #7908JohnMcLear wants to merge 1 commit into
JohnMcLear wants to merge 1 commit into
Conversation
...#7907 follow-up) ether#7907 made the production docker-compose require ADMIN_PASSWORD and the DB password (no insecure fallback) and defaulted TRUST_PROXY to false, but only changed docker-compose.yml. This brings the docs in line: - .env.default: document DOCKER_COMPOSE_APP_TRUST_PROXY (set true behind a trusted reverse proxy) and note ADMIN_PASSWORD is required (compose won't start while it's empty). - .env.dev.default: document the dev DOCKER_COMPOSE_APP_DEV_ENV_TRUST_PROXY. - README.md / doc/docker.md: update the embedded compose snippets to match the merged file (required ADMIN_PASSWORD/DB password, TRUST_PROXY default false). Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
Qodo reviews are paused for this user.
Troubleshooting steps vary by plan Learn more →
On a Teams plan?
Reviews resume once this user has a paid seat and their Git account is linked in Qodo.
Link Git account →
Using GitHub Enterprise Server, GitLab Self-Managed, or Bitbucket Data Center?
These require an Enterprise plan - Contact us
Contact us →
Code Review by Qodo
🐞 Bugs (1) 📘 Rule violations (0)
1. Missing final newline 🐞 Bug ⚙ Maintainability
Description
.env.dev.default still has no trailing newline, violating the repo’s EditorConfig and potentially causing formatting/lint noise or messy diffs on future edits.
Evidence
The repository’s EditorConfig requires a final newline, but .env.dev.default ends at the last variable assignment without one (also indicated by the PR diff’s No newline at end of file marker).
Agent prompt
The issue below was found during a code review. Follow the provided context and guidance below and implement a solution ### Issue description The file `.env.dev.default` does not end with a newline, which violates the repository’s `.editorconfig` setting `insert_final_newline = true`. ### Issue Context This PR modifies `.env.dev.default` but retains the missing final newline, which can trigger formatting checks and create awkward diffs. ### Fix Focus Areas - `.env.dev.default[22-22]`
i Copy this prompt and use it to remediate the issue with your preferred AI generation tools
Review Summary by Qodo
Document docker-compose credential and TRUST_PROXY changes from #7907
📝 Documentation
Walkthroughs
Description
• Document required credentials and TRUST_PROXY security settings • Update docker-compose snippets to reflect #7907 breaking changes • Add TRUST_PROXY configuration guidance for reverse proxy deployments • Clarify ADMIN_PASSWORD and database password requirements
Diagram
flowchart LR
A["#7907 Changes<br/>docker-compose.yml"] -->|"Require credentials<br/>Default TRUST_PROXY=false"| B["Documentation Updates"]
B --> C[".env.default<br/>Add TRUST_PROXY docs"]
B --> D[".env.dev.default<br/>Add dev TRUST_PROXY"]
B --> E["README.md & doc/docker.md<br/>Update compose snippets"]
C --> F["Security Guidance<br/>for Reverse Proxy"]
D --> F
E --> G["Reflect Breaking Changes<br/>in Examples"]
File Changes
1. .env.default
📝 Documentation +10/-0
Document required credentials and TRUST_PROXY settings
• Added comprehensive documentation for DOCKER_COMPOSE_APP_ADMIN_PASSWORD marking it as required with security warning • Added DOCKER_COMPOSE_APP_TRUST_PROXY variable with detailed guidance on reverse proxy configuration • Explained security implications of TRUST_PROXY setting for HTTPS detection and client-IP handling
2. .env.dev.default
📝 Documentation +4/-0
Add dev environment TRUST_PROXY configuration
• Added DOCKER_COMPOSE_APP_DEV_ENV_TRUST_PROXY variable with default value true • Documented that dev environment defaults differ from production for convenience • Provided guidance for disabling when not behind reverse proxy
3. README.md
📝 Documentation +4/-4
Update compose snippet to reflect breaking changes
• Updated ADMIN_PASSWORD from optional with :-admin fallback to required with error message • Updated DB_PASS from optional with :-admin fallback to required with error message • Changed TRUST_PROXY default from true to false to match #7907 changes • Updated postgres service POSTGRES_PASSWORD to required with error message
(追記) View more (1) (追記ここまで)
4. doc/docker.md
📝 Documentation +4/-4
Update compose snippet to reflect breaking changes
• Updated ADMIN_PASSWORD from optional with :-admin fallback to required with error message • Updated DB_PASS from optional with :-admin fallback to required with error message • Changed TRUST_PROXY default from true to false to match #7907 changes • Updated postgres service POSTGRES_PASSWORD to required with error message
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Follow-up to #7907 (merged), which changed
docker-compose.ymlto requireADMIN_PASSWORDand the database password and to defaultTRUST_PROXYtofalse— but didn't touch the docs/templates. This brings them in line.Changes
.env.default— documentDOCKER_COMPOSE_APP_TRUST_PROXY(settrueonly behind a trusted reverse proxy; otherwise HTTPS detection / secure cookies and client-IP handling are wrong), and note thatDOCKER_COMPOSE_APP_ADMIN_PASSWORDis now required (compose won't start while it's empty)..env.dev.default— document the dev equivalentDOCKER_COMPOSE_APP_DEV_ENV_TRUST_PROXY(defaultstrueindocker-compose.dev.yml).README.md/doc/docker.md— refresh the embedded compose snippets, which still showed the old:-admin/TRUST_PROXY:-truedefaults.Notes
docker compose upnow fails untilADMIN_PASSWORD/DB password are set, and anyone running behind a reverse proxy must now setDOCKER_COMPOSE_APP_TRUST_PROXY=true(previously the compose defaulted it totrue). Worth a release-note line..env.defaultstill ships an emptyDOCKER_COMPOSE_APP_ADMIN_PASSWORD=, so copying it and running now hard-fails by design. If that first-run friction is unwanted, softening the compose:?to a warning would be a follow-up to docker-compose: harden default credentials and proxy trust (draft, under discussion) #7907 (code, not docs) — left out of this PR intentionally.🤖 Generated with Claude Code