From 6688c52c2cfd97350caa5dda932c3d610e3244fb Mon Sep 17 00:00:00 2001 From: Maik Hummel <6891349+beevelop@users.noreply.github.com> Date: Wed, 24 Jun 2026 14:53:22 +0200 Subject: [PATCH 1/2] Services: Update all stacks to latest stable versions Bump every service's images to the latest stable releases, apply the config migrations required by major upgrades, and sync all READMEs, docs and .env files to match. Notable major bumps & migrations: - GitLab 18.9.2 -> 19.1.0: switch DB to kkimurak/sameersbn-postgresql:17 (PG17 required), DB_EXTENSION pg_trgm,btree_gist, add required ActiveRecord encryption secrets. - Confluence 9.4.1 -> 10.2.13, Crowd 7.1.5 -> 7.2.1, Jira 11.3.3 -> 11.3.7 (Java 21 / UBI9). - Keycloak 26.5.5 -> 26.6.3: replace removed KC_PROXY with KC_PROXY_HEADERS. - Directus 11.16.1 -> 12.0.2: /server/ping healthcheck, IP_TRUST_PROXY, ACCEPT_TERMS. - n8n 2.12.3 -> 2.28.1: enable task runners. - Graylog 6.2 -> 6.3: explicit GRAYLOG_ELASTICSEARCH_HOSTS. - Weblate 5.16 -> 2026.6, Zabbix 7.2 -> 7.4 (MariaDB 12.2 compatible), SonarQube 26.3 -> 26.6, Metabase v0.59 -> v0.62, Sentry stack -> 26.6.0. - MySQL 8.0 (EOL) -> 8.4 LTS for mysql/directus/monica. Minor bumps: Vaultwarden 1.36.0, cloudflared 2026.6.1, dependency-track 4.14.2, nexus 3.93.1, registry 3.1.1, rundeck 5.20.1, tusd v2.10.0, traefik v3.7, duckling 0.2.0.2-r4. Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com> --- docs/DEPENDENCIES.md | 14 +++++++------- services/bitwarden/docker-compose.yml | 2 +- services/cloudflared/README.md | 2 +- services/cloudflared/docker-compose.yml | 2 +- services/confluence/docker-compose.yml | 2 +- services/crowd/docker-compose.yml | 2 +- services/dependency-track/docker-compose.yml | 2 +- services/directus/README.md | 4 ++-- services/directus/docker-compose.yml | 8 +++++--- services/duckling/docker-compose.yml | 2 +- services/gitlab/.env.example | 7 +++++++ services/gitlab/README.md | 15 ++++++++++++--- services/gitlab/docker-compose.yml | 9 ++++++--- services/graylog/README.md | 4 ++-- services/graylog/docker-compose.yml | 3 ++- services/jira/README.md | 2 +- services/jira/docker-compose.yml | 2 +- services/keycloak/README.md | 2 +- services/keycloak/docker-compose.yml | 4 ++-- services/metabase/README.md | 2 +- services/metabase/docker-compose.yml | 2 +- services/monica/README.md | 4 ++-- services/monica/docker-compose.yml | 2 +- services/mysql/README.md | 8 ++++---- services/mysql/docker-compose.yml | 2 +- services/n8n/README.md | 2 +- services/n8n/docker-compose.yml | 3 ++- services/nexus/README.md | 8 ++++---- services/nexus/docker-compose.yml | 2 +- services/redash/README.md | 6 +++--- services/registry/README.md | 8 ++++---- services/registry/docker-compose.yml | 2 +- services/rundeck/README.md | 4 ++-- services/rundeck/docker-compose.yml | 2 +- services/sentry/.env | 18 +++++++++--------- services/sentry/docker-compose.yml | 14 +++++++------- services/sonarqube/README.md | 4 ++-- services/sonarqube/docker-compose.yml | 2 +- services/traefik-tunnel/README.md | 2 +- services/traefik-tunnel/docker-compose.yml | 2 +- services/traefik/README.md | 6 +++--- services/traefik/docker-compose.yml | 2 +- services/tus/README.md | 2 +- services/tus/docker-compose.yml | 2 +- services/weblate/README.md | 2 +- services/weblate/docker-compose.yml | 2 +- services/zabbix/README.md | 6 +++--- services/zabbix/docker-compose.yml | 4 ++-- 48 files changed, 118 insertions(+), 95 deletions(-) diff --git a/docs/DEPENDENCIES.md b/docs/DEPENDENCIES.md index bd904eb..e6d08bf 100644 --- a/docs/DEPENDENCIES.md +++ b/docs/DEPENDENCIES.md @@ -33,11 +33,11 @@ This document maps dependencies between BeeCompose services and their backing st | cabot | postgres | 17-alpine | | confluence | postgresql | 17-alpine | | crowd | postgresql | 17-alpine | -| gitlab | database | sameersbn/postgresql:15-20230628 | +| gitlab | database | kkimurak/sameersbn-postgresql:17 | | huginn | postgres | 17-alpine | | jira | postgresql | 17-alpine | | keycloak | postgres | 17 | -| metabase | database | 17-alpine | +| metabase | database | 15-alpine | | redash | postgres | 17-alpine | | sentry | postgres | 17-alpine | | sonarqube | database | 17-alpine | @@ -48,11 +48,11 @@ This document maps dependencies between BeeCompose services and their backing st | Service | Container Name | Version | |---------|---------------|---------| -| directus | mysql | 8.0 | -| monica | mysql | 8.0 | -| mysql | mysql | 8.0 | +| directus | mysql | 8.4 | +| monica | mysql | 8.4 | +| mysql | mysql | 8.4 | | rundeck | (embedded) | - | -| zabbix | database | mariadb:11.7 | +| zabbix | database | mariadb:12.2 | ### Redis Services @@ -69,7 +69,7 @@ This document maps dependencies between BeeCompose services and their backing st | Service | Database | Container Name | Version | |---------|----------|---------------|---------| | graylog | MongoDB | mongodb | 8.0 | -| graylog | Elasticsearch | elasticsearch | 7.17.27 | +| graylog | Elasticsearch | elasticsearch | 7.17.29 | ### Cache Services diff --git a/services/bitwarden/docker-compose.yml b/services/bitwarden/docker-compose.yml index 1bdf20d..0031dcc 100644 --- a/services/bitwarden/docker-compose.yml +++ b/services/bitwarden/docker-compose.yml @@ -1,7 +1,7 @@ name: bitwarden services: bitwarden: - image: vaultwarden/server:${VAULTWARDEN_VERSION:-1.35.4} + image: vaultwarden/server:${VAULTWARDEN_VERSION:-1.36.0} container_name: bitwarden volumes: - bitwarden_data:/data/ diff --git a/services/cloudflared/README.md b/services/cloudflared/README.md index ceded97..651d902 100644 --- a/services/cloudflared/README.md +++ b/services/cloudflared/README.md @@ -144,7 +144,7 @@ docker compose -f docker-compose.yml -f docker-compose.tunnel.yml up -d | Variable | Description | Default | |----------|-------------|---------| | `COMPOSE_PROJECT_NAME` | Docker Compose project name | `cloudflared` | -| `CLOUDFLARED_VERSION` | cloudflared image version | `2025.1.0` | +| `CLOUDFLARED_VERSION` | cloudflared image version | `2026.6.1` | ## Deployment Modes diff --git a/services/cloudflared/docker-compose.yml b/services/cloudflared/docker-compose.yml index a215617..1343452 100644 --- a/services/cloudflared/docker-compose.yml +++ b/services/cloudflared/docker-compose.yml @@ -2,7 +2,7 @@ name: cloudflared services: cloudflared: - image: cloudflare/cloudflared:${CLOUDFLARED_VERSION:-2026.3.0} + image: cloudflare/cloudflared:${CLOUDFLARED_VERSION:-2026.6.1} container_name: cloudflared environment: - TUNNEL_TOKEN=${CF_TUNNEL_TOKEN} diff --git a/services/confluence/docker-compose.yml b/services/confluence/docker-compose.yml index d697c1b..b0556a3 100644 --- a/services/confluence/docker-compose.yml +++ b/services/confluence/docker-compose.yml @@ -1,7 +1,7 @@ name: confluence services: confluence: - image: atlassian/confluence:${CONFLUENCE_VERSION:-9.4.1-ubi9-jdk21} + image: atlassian/confluence:${CONFLUENCE_VERSION:-10.2.13-ubi9-jdk21} container_name: confluence depends_on: - postgresql diff --git a/services/crowd/docker-compose.yml b/services/crowd/docker-compose.yml index 7078482..e26352b 100644 --- a/services/crowd/docker-compose.yml +++ b/services/crowd/docker-compose.yml @@ -1,7 +1,7 @@ name: crowd services: crowd: - image: atlassian/crowd:${CROWD_VERSION:-7.1.5-ubi9-jdk21} + image: atlassian/crowd:${CROWD_VERSION:-7.2.1-ubi9-jdk21} container_name: crowd depends_on: - postgresql diff --git a/services/dependency-track/docker-compose.yml b/services/dependency-track/docker-compose.yml index a094bfe..0e57792 100644 --- a/services/dependency-track/docker-compose.yml +++ b/services/dependency-track/docker-compose.yml @@ -1,7 +1,7 @@ name: dependency-track services: dtrack: - image: dependencytrack/bundled:${DEPENDENCY_TRACK_VERSION:-4.14.0} + image: dependencytrack/bundled:${DEPENDENCY_TRACK_VERSION:-4.14.2} container_name: dtrack volumes: - dtrack_data:/data diff --git a/services/directus/README.md b/services/directus/README.md index 99e8702..32cdbce 100644 --- a/services/directus/README.md +++ b/services/directus/README.md @@ -72,8 +72,8 @@ See [Service Dependency Graph](../../docs/DEPENDENCIES.md) for details. | Container | Image | Purpose | |-----------|-------|---------| -| directus | directus/directus:11.14.1 | Headless CMS / Data Platform | -| directus-mysql | mysql:8.0 | MySQL database backend | +| directus | directus/directus:12.0.2 | Headless CMS / Data Platform | +| directus-mysql | mysql:8.4 | MySQL database backend | ## Environment Variables diff --git a/services/directus/docker-compose.yml b/services/directus/docker-compose.yml index ed9ee61..b61e8ed 100644 --- a/services/directus/docker-compose.yml +++ b/services/directus/docker-compose.yml @@ -1,7 +1,7 @@ name: directus services: directus: - image: directus/directus:${DIRECTUS_VERSION:-11.16.1} + image: directus/directus:${DIRECTUS_VERSION:-12.0.2} container_name: directus depends_on: - mysql @@ -18,12 +18,14 @@ services: DB_USER: ${DB_USER:-directus} DB_PASSWORD: ${DB_PASS:-Swordfish} PUBLIC_URL: https://${SERVICE_DOMAIN:-example.com} + IP_TRUST_PROXY: "true" + ACCEPT_TERMS: "true" networks: - directus - traefik restart: unless-stopped healthcheck: - test: [ "CMD", "wget", "-q", "--spider", "http://localhost:8055/server/health" ] + test: [ "CMD", "wget", "-q", "--spider", "http://localhost:8055/server/ping" ] interval: 30s timeout: 10s retries: 3 @@ -41,7 +43,7 @@ services: - "traefik.docker.network=traefik_default" mysql: - image: mysql:${MYSQL_TAG:-8.0} + image: mysql:${MYSQL_TAG:-8.4} container_name: directus-mysql volumes: - mysql_data:/var/lib/mysql diff --git a/services/duckling/docker-compose.yml b/services/duckling/docker-compose.yml index 1714d03..85762f4 100644 --- a/services/duckling/docker-compose.yml +++ b/services/duckling/docker-compose.yml @@ -1,7 +1,7 @@ name: duckling services: duckling: - image: rasa/duckling:${DUCKLING_VERSION:-0.2.0.2-r3} + image: rasa/duckling:${DUCKLING_VERSION:-0.2.0.2-r4} container_name: duckling networks: - traefik diff --git a/services/gitlab/.env.example b/services/gitlab/.env.example index 8acfd94..31cc0b8 100644 --- a/services/gitlab/.env.example +++ b/services/gitlab/.env.example @@ -19,6 +19,13 @@ GITLAB_SECRETS_DB_KEY_BASE=1234567890abcdef1234567890abcdef1234567890abcdef12345 GITLAB_SECRETS_SECRET_KEY_BASE=1234567890abcdef1234567890abcdef1234567890abcdef1234567890abcdef GITLAB_SECRETS_OTP_KEY_BASE=1234567890abcdef1234567890abcdef1234567890abcdef1234567890abcdef +# ActiveRecord encryption secrets (required since GitLab 17 / mandatory for GitLab 19) +# PRIMARY_KEY and DETERMINISTIC_KEY must be JSON arrays of strings; SALT is a plain string. +# Generate each value with: openssl rand -hex 16 +GITLAB_SECRETS_ACTIVE_RECORD_ENCRYPTION_PRIMARY_KEY=["1234567890abcdef1234567890abcdef"] +GITLAB_SECRETS_ACTIVE_RECORD_ENCRYPTION_DETERMINISTIC_KEY=["abcdef1234567890abcdef1234567890"] +GITLAB_SECRETS_ACTIVE_RECORD_ENCRYPTION_KEY_DERIVATION_SALT=fedcba0987654321fedcba0987654321 + # GitLab settings GITLAB_TIMEZONE=Berlin GITLAB_EMAIL=gitlab@example.com diff --git a/services/gitlab/README.md b/services/gitlab/README.md index 6b4db39..0ab68f3 100644 --- a/services/gitlab/README.md +++ b/services/gitlab/README.md @@ -22,6 +22,9 @@ GITLAB_ROOT_PASSWORD=Swordfish GITLAB_SECRETS_DB_KEY_BASE=1234567890abcdef1234567890abcdef1234567890abcdef1234567890abcdef GITLAB_SECRETS_SECRET_KEY_BASE=1234567890abcdef1234567890abcdef1234567890abcdef1234567890abcdef GITLAB_SECRETS_OTP_KEY_BASE=1234567890abcdef1234567890abcdef1234567890abcdef1234567890abcdef +GITLAB_SECRETS_ACTIVE_RECORD_ENCRYPTION_PRIMARY_KEY=["1234567890abcdef1234567890abcdef"] +GITLAB_SECRETS_ACTIVE_RECORD_ENCRYPTION_DETERMINISTIC_KEY=["abcdef1234567890abcdef1234567890"] +GITLAB_SECRETS_ACTIVE_RECORD_ENCRYPTION_KEY_DERIVATION_SALT=fedcba0987654321fedcba0987654321 EOF # 2. Deploy @@ -45,6 +48,9 @@ GITLAB_ROOT_PASSWORD=Swordfish GITLAB_SECRETS_DB_KEY_BASE=1234567890abcdef1234567890abcdef1234567890abcdef1234567890abcdef GITLAB_SECRETS_SECRET_KEY_BASE=1234567890abcdef1234567890abcdef1234567890abcdef1234567890abcdef GITLAB_SECRETS_OTP_KEY_BASE=1234567890abcdef1234567890abcdef1234567890abcdef1234567890abcdef +GITLAB_SECRETS_ACTIVE_RECORD_ENCRYPTION_PRIMARY_KEY=["1234567890abcdef1234567890abcdef"] +GITLAB_SECRETS_ACTIVE_RECORD_ENCRYPTION_DETERMINISTIC_KEY=["abcdef1234567890abcdef1234567890"] +GITLAB_SECRETS_ACTIVE_RECORD_ENCRYPTION_KEY_DERIVATION_SALT=fedcba0987654321fedcba0987654321 EOF # 2. Deploy from GHCR @@ -67,7 +73,7 @@ This service includes all required backing stores: | Dependency | Container | Purpose | |------------|-----------|---------| -| PostgreSQL | gitlab-postgres | Primary database (sameersbn/postgresql) | +| PostgreSQL | gitlab-postgres | Primary database (kkimurak/sameersbn-postgresql) | | Redis | gitlab-redis | Cache and session store | See [Service Dependency Graph](../../docs/DEPENDENCIES.md) for details. @@ -76,8 +82,8 @@ See [Service Dependency Graph](../../docs/DEPENDENCIES.md) for details. | Container | Image | Purpose | |-----------|-------|---------| -| gitlab | sameersbn/gitlab:18.8.0 | GitLab application server | -| gitlab-postgres | sameersbn/postgresql:15-20230628 | PostgreSQL database | +| gitlab | sameersbn/gitlab:19.1.0 | GitLab application server | +| gitlab-postgres | kkimurak/sameersbn-postgresql:17 | PostgreSQL database | | gitlab-redis | redis:7-alpine | Redis cache and session store | ## Environment Variables @@ -92,6 +98,9 @@ See [Service Dependency Graph](../../docs/DEPENDENCIES.md) for details. | `GITLAB_SECRETS_DB_KEY_BASE` | 64-char hex key for database encryption | Generate with `openssl rand -hex 64` | | `GITLAB_SECRETS_SECRET_KEY_BASE` | 64-char hex key for session secrets | Generate with `openssl rand -hex 64` | | `GITLAB_SECRETS_OTP_KEY_BASE` | 64-char hex key for OTP encryption | Generate with `openssl rand -hex 64` | +| `GITLAB_SECRETS_ACTIVE_RECORD_ENCRYPTION_PRIMARY_KEY` | JSON array of key(s) for ActiveRecord encryption (GitLab 19+) | `["<32-char-key>"]` (generate with `openssl rand -hex 16`) | +| `GITLAB_SECRETS_ACTIVE_RECORD_ENCRYPTION_DETERMINISTIC_KEY` | JSON array of key(s) for deterministic encryption (GitLab 19+) | `["<32-char-key>"]` (generate with `openssl rand -hex 16`) | +| `GITLAB_SECRETS_ACTIVE_RECORD_ENCRYPTION_KEY_DERIVATION_SALT` | Salt string for key derivation (GitLab 19+) | `<32-char-salt>` (generate with `openssl rand -hex 16`) | ### Optional diff --git a/services/gitlab/docker-compose.yml b/services/gitlab/docker-compose.yml index 99c59e3..3145245 100644 --- a/services/gitlab/docker-compose.yml +++ b/services/gitlab/docker-compose.yml @@ -1,7 +1,7 @@ name: gitlab services: database: - image: sameersbn/postgresql:${POSTGRES_TAG:-15-20230628} + image: kkimurak/sameersbn-postgresql:${POSTGRES_TAG:-17} container_name: gitlab-postgres volumes: - postgres_data:/var/lib/postgresql @@ -9,7 +9,7 @@ services: DB_NAME: ${DB_NAME:-gitlabhq_production} DB_USER: ${DB_USER:-gitlab} DB_PASS: ${DB_PASS:-Swordfish} - DB_EXTENSION: pg_trgm + DB_EXTENSION: pg_trgm,btree_gist networks: - gitlab restart: unless-stopped @@ -26,7 +26,7 @@ services: max-file: "50" gitlab: - image: sameersbn/gitlab:${GITLAB_VERSION:-18.9.2} + image: sameersbn/gitlab:${GITLAB_VERSION:-19.1.0} container_name: gitlab depends_on: - database @@ -57,6 +57,9 @@ services: GITLAB_SECRETS_DB_KEY_BASE: ${GITLAB_SECRETS_DB_KEY_BASE:-changeme64chars0000000000000000000000000000000000000000000000000} GITLAB_SECRETS_SECRET_KEY_BASE: ${GITLAB_SECRETS_SECRET_KEY_BASE:-changeme64chars0000000000000000000000000000000000000000000000000} GITLAB_SECRETS_OTP_KEY_BASE: ${GITLAB_SECRETS_OTP_KEY_BASE:-changeme64chars0000000000000000000000000000000000000000000000000} + GITLAB_SECRETS_ACTIVE_RECORD_ENCRYPTION_PRIMARY_KEY: '${GITLAB_SECRETS_ACTIVE_RECORD_ENCRYPTION_PRIMARY_KEY:-["changeme32charsprimarykey000001"]}' + GITLAB_SECRETS_ACTIVE_RECORD_ENCRYPTION_DETERMINISTIC_KEY: '${GITLAB_SECRETS_ACTIVE_RECORD_ENCRYPTION_DETERMINISTIC_KEY:-["changeme32charsdeterministic0002"]}' + GITLAB_SECRETS_ACTIVE_RECORD_ENCRYPTION_KEY_DERIVATION_SALT: ${GITLAB_SECRETS_ACTIVE_RECORD_ENCRYPTION_KEY_DERIVATION_SALT:-changeme32charsderivationsalt0003} # Features GITLAB_NOTIFY_ON_BROKEN_BUILDS: ${GITLAB_NOTIFY_ON_BROKEN_BUILDS:-true} GITLAB_PROJECTS_SNIPPETS: ${GITLAB_PROJECTS_SNIPPETS:-true} diff --git a/services/graylog/README.md b/services/graylog/README.md index 0a5881b..4db160f 100644 --- a/services/graylog/README.md +++ b/services/graylog/README.md @@ -80,8 +80,8 @@ See [Service Dependency Graph](../../docs/DEPENDENCIES.md) for details. | Container | Image | Purpose | |-----------|-------|---------| -| graylog | graylog/graylog:6.2 | Log management web interface and API | -| graylog-elasticsearch | elasticsearch:7.17.27 | Search and indexing engine | +| graylog | graylog/graylog:6.3 | Log management web interface and API | +| graylog-elasticsearch | elasticsearch:7.17.29 | Search and indexing engine | | graylog-mongodb | mongo:8.0 | Configuration and metadata storage | ## Environment Variables diff --git a/services/graylog/docker-compose.yml b/services/graylog/docker-compose.yml index 59479dc..f296804 100644 --- a/services/graylog/docker-compose.yml +++ b/services/graylog/docker-compose.yml @@ -32,7 +32,7 @@ services: hard: -1 graylog: - image: graylog/graylog:${GRAYLOG_VERSION:-6.2} + image: graylog/graylog:${GRAYLOG_VERSION:-6.3} container_name: graylog depends_on: - elasticsearch @@ -45,6 +45,7 @@ services: - GRAYLOG_HTTP_BIND_ADDRESS=0.0.0.0:9000 - GRAYLOG_HTTP_PUBLISH_URI=https://${SERVICE_DOMAIN:-example.com} - GRAYLOG_HTTP_EXTERNAL_URI=https://${SERVICE_DOMAIN:-example.com}/ + - GRAYLOG_ELASTICSEARCH_HOSTS=http://elasticsearch:9200 - GRAYLOG_TRANSPORT_EMAIL_ENABLED=${GRAYLOG_TRANSPORT_EMAIL_ENABLED:-false} - GRAYLOG_TRANSPORT_EMAIL_HOSTNAME=${GRAYLOG_TRANSPORT_EMAIL_HOSTNAME:-} - GRAYLOG_TRANSPORT_EMAIL_PORT=25 diff --git a/services/jira/README.md b/services/jira/README.md index 6cb56c0..95dc6df 100644 --- a/services/jira/README.md +++ b/services/jira/README.md @@ -88,7 +88,7 @@ See [Service Dependency Graph](../../docs/DEPENDENCIES.md) for details. | `POSTGRES_DB` | PostgreSQL database name | `jira` | | `JVM_MINIMUM_MEMORY` | JVM minimum heap size | `1024m` | | `JVM_MAXIMUM_MEMORY` | JVM maximum heap size | `2048m` | -| `JIRA_VERSION` | Jira Software image tag | `10.6.1-ubi9-jdk17` | +| `JIRA_VERSION` | Jira Software image tag | `11.3.7-ubi9-jdk21` | | `POSTGRES_TAG` | PostgreSQL image tag | `17-alpine` | ## Volumes diff --git a/services/jira/docker-compose.yml b/services/jira/docker-compose.yml index 7c75dec..2a99c19 100644 --- a/services/jira/docker-compose.yml +++ b/services/jira/docker-compose.yml @@ -1,7 +1,7 @@ name: jira services: jira: - image: atlassian/jira-software:${JIRA_VERSION:-11.3.3-ubi9-jdk21} + image: atlassian/jira-software:${JIRA_VERSION:-11.3.7-ubi9-jdk21} container_name: jira depends_on: - postgresql diff --git a/services/keycloak/README.md b/services/keycloak/README.md index 0cbc606..846ae5a 100644 --- a/services/keycloak/README.md +++ b/services/keycloak/README.md @@ -91,7 +91,7 @@ See [Service Dependency Graph](../../docs/DEPENDENCIES.md) for details. | `COMPOSE_PROJECT_NAME` | Docker Compose project name | `keycloak` | | `POSTGRES_DB` | PostgreSQL database name | `keycloak` | | `POSTGRES_USER` | PostgreSQL username | `keycloak` | -| `KEYCLOAK_VERSION` | Keycloak image tag | `26.2` | +| `KEYCLOAK_VERSION` | Keycloak image tag | `26.6.3` | | `POSTGRES_VERSION` | PostgreSQL image tag | `17` | ## Volumes diff --git a/services/keycloak/docker-compose.yml b/services/keycloak/docker-compose.yml index ee3c803..cd2f792 100644 --- a/services/keycloak/docker-compose.yml +++ b/services/keycloak/docker-compose.yml @@ -1,7 +1,7 @@ name: keycloak services: keycloak: - image: quay.io/keycloak/keycloak:${KEYCLOAK_VERSION:-26.5.5} + image: quay.io/keycloak/keycloak:${KEYCLOAK_VERSION:-26.6.3} container_name: keycloak depends_on: - postgres @@ -12,7 +12,7 @@ services: KC_DB_PASSWORD: ${POSTGRES_PASS:-Swordfish} KEYCLOAK_ADMIN: ${KEYCLOAK_USER:-admin} KEYCLOAK_ADMIN_PASSWORD: ${KEYCLOAK_PASSWORD:-Swordfish} - KC_PROXY: edge + KC_PROXY_HEADERS: xforwarded KC_HOSTNAME: ${SERVICE_DOMAIN:-example.com} KC_HTTP_ENABLED: "true" KC_HEALTH_ENABLED: "true" diff --git a/services/metabase/README.md b/services/metabase/README.md index 9864b8e..5aa9fb7 100644 --- a/services/metabase/README.md +++ b/services/metabase/README.md @@ -85,7 +85,7 @@ See [Service Dependency Graph](../../docs/DEPENDENCIES.md) for details. | `COMPOSE_PROJECT_NAME` | Docker Compose project name | `metabase` | | `DB_USER` | PostgreSQL username | `metabase` | | `DB_NAME` | PostgreSQL database name | `metabase` | -| `METABASE_VERSION` | Metabase image tag | `latest` | +| `METABASE_VERSION` | Metabase image tag | `v0.62.3.2` | | `POSTGRES_TAG` | PostgreSQL image tag | `15-alpine` | ## Volumes diff --git a/services/metabase/docker-compose.yml b/services/metabase/docker-compose.yml index 89d3a2a..b0109b3 100644 --- a/services/metabase/docker-compose.yml +++ b/services/metabase/docker-compose.yml @@ -25,7 +25,7 @@ services: max-file: "50" metabase: - image: metabase/metabase:${METABASE_VERSION:-v0.59.3.2} + image: metabase/metabase:${METABASE_VERSION:-v0.62.3.2} container_name: metabase depends_on: - database diff --git a/services/monica/README.md b/services/monica/README.md index f1ff207..bc49c38 100644 --- a/services/monica/README.md +++ b/services/monica/README.md @@ -119,7 +119,7 @@ See [Service Dependency Graph](../../docs/DEPENDENCIES.md) for details. | Container | Image | Purpose | |-----------|-------|---------| | monica | monica:5.0.0-beta.5-apache | Monica PRM application | -| monica-mysql | mysql:8.0 | MySQL database | +| monica-mysql | mysql:8.4 | MySQL database | ## Environment Variables @@ -139,7 +139,7 @@ See [Service Dependency Graph](../../docs/DEPENDENCIES.md) for details. | `DB_USER` | MySQL username | `monica` | | `DB_NAME` | MySQL database name | `monica` | | `MONICA_VERSION` | Monica image tag | `5.0.0-beta.5-apache` | -| `MYSQL_TAG` | MySQL image tag | `8.0` | +| `MYSQL_TAG` | MySQL image tag | `8.4` | ### Application Settings (monica.env) diff --git a/services/monica/docker-compose.yml b/services/monica/docker-compose.yml index 647f551..f1df290 100644 --- a/services/monica/docker-compose.yml +++ b/services/monica/docker-compose.yml @@ -35,7 +35,7 @@ services: - "traefik.docker.network=traefik_default" mysql: - image: mysql:${MYSQL_TAG:-8.0} + image: mysql:${MYSQL_TAG:-8.4} container_name: monica-mysql volumes: - mysql_data:/var/lib/mysql diff --git a/services/mysql/README.md b/services/mysql/README.md index f68c820..b28740e 100644 --- a/services/mysql/README.md +++ b/services/mysql/README.md @@ -16,7 +16,7 @@ This is a **Docker Compose OCI artifact**, not a traditional Docker image. It co # 1. Create environment file cat > .env.mysql << 'EOF' COMPOSE_PROJECT_NAME=mysql -MYSQL_VERSION=8.0 +MYSQL_VERSION=8.4 MYSQL_ROOT_PASSWORD=Swordfish EOF @@ -35,7 +35,7 @@ bc mysql ps # 1. Create environment file cat > .env.mysql << 'EOF' COMPOSE_PROJECT_NAME=mysql -MYSQL_VERSION=8.0 +MYSQL_VERSION=8.4 MYSQL_ROOT_PASSWORD=Swordfish EOF @@ -55,7 +55,7 @@ docker compose -f oci://ghcr.io/beevelop/mysql:latest --env-file .env.mysql ps | Container | Image | Purpose | |-----------|-------|---------| -| mysql | mysql:8.0 | MySQL database server | +| mysql | mysql:8.4 | MySQL database server | ## Environment Variables @@ -70,7 +70,7 @@ docker compose -f oci://ghcr.io/beevelop/mysql:latest --env-file .env.mysql ps | Variable | Description | Default | |----------|-------------|---------| | `COMPOSE_PROJECT_NAME` | Docker Compose project name | `mysql` | -| `MYSQL_VERSION` | MySQL image version | `8.0` | +| `MYSQL_VERSION` | MySQL image version | `8.4` | ## Volumes diff --git a/services/mysql/docker-compose.yml b/services/mysql/docker-compose.yml index 2b601ad..0c8f91a 100644 --- a/services/mysql/docker-compose.yml +++ b/services/mysql/docker-compose.yml @@ -1,7 +1,7 @@ name: mysql services: mysql: - image: mysql:${MYSQL_VERSION:-8.0} + image: mysql:${MYSQL_VERSION:-8.4} container_name: mysql volumes: - mysql_data:/var/lib/mysql diff --git a/services/n8n/README.md b/services/n8n/README.md index adfe656..8472d1d 100644 --- a/services/n8n/README.md +++ b/services/n8n/README.md @@ -96,7 +96,7 @@ See [Service Dependency Graph](../../docs/DEPENDENCIES.md) for details. | `COMPOSE_PROJECT_NAME` | Docker Compose project name | `n8n` | | `DB_USER` | PostgreSQL username | `n8n` | | `DB_NAME` | PostgreSQL database name | `n8n` | -| `N8N_VERSION` | n8n image tag | `1.76.1` | +| `N8N_VERSION` | n8n image tag | `2.28.1` | | `POSTGRES_VERSION` | PostgreSQL image tag | `16-alpine` | | `TZ` | Timezone for workflow scheduling (IANA format) | `UTC` | diff --git a/services/n8n/docker-compose.yml b/services/n8n/docker-compose.yml index bcca46b..4cef532 100644 --- a/services/n8n/docker-compose.yml +++ b/services/n8n/docker-compose.yml @@ -1,7 +1,7 @@ name: n8n services: n8n: - image: n8nio/n8n:${N8N_VERSION:-2.12.3} + image: n8nio/n8n:${N8N_VERSION:-2.28.1} container_name: n8n depends_on: postgres: @@ -20,6 +20,7 @@ services: N8N_PORT: 5678 N8N_PROTOCOL: https N8N_ENFORCE_SETTINGS_FILE_PERMISSIONS: "true" + N8N_RUNNERS_ENABLED: "true" NODE_ENV: production WEBHOOK_URL: https://${SERVICE_DOMAIN:-n8n.example.com}/ GENERIC_TIMEZONE: ${TZ:-UTC} diff --git a/services/nexus/README.md b/services/nexus/README.md index 5f4a3ef..244e685 100644 --- a/services/nexus/README.md +++ b/services/nexus/README.md @@ -17,7 +17,7 @@ This is a **Docker Compose OCI artifact**, not a traditional Docker image. It co cat > .env.nexus << 'EOF' COMPOSE_PROJECT_NAME=nexus SERVICE_DOMAIN=nexus.example.com -NEXUS_VERSION=3.88.0-alpine +NEXUS_VERSION=3.93.1-alpine EOF # 2. Deploy @@ -36,7 +36,7 @@ bc nexus ps cat > .env.nexus << 'EOF' COMPOSE_PROJECT_NAME=nexus SERVICE_DOMAIN=nexus.example.com -NEXUS_VERSION=3.88.0-alpine +NEXUS_VERSION=3.93.1-alpine EOF # 2. Deploy from GHCR @@ -56,7 +56,7 @@ docker compose -f oci://ghcr.io/beevelop/nexus:latest --env-file .env.nexus ps | Container | Image | Purpose | |-----------|-------|---------| -| nexus | sonatype/nexus3:3.88.0-alpine | Nexus Repository Manager | +| nexus | sonatype/nexus3:3.93.1-alpine | Nexus Repository Manager | ## Environment Variables @@ -71,7 +71,7 @@ docker compose -f oci://ghcr.io/beevelop/nexus:latest --env-file .env.nexus ps | Variable | Description | Default | |----------|-------------|---------| | `COMPOSE_PROJECT_NAME` | Docker Compose project name | `nexus` | -| `NEXUS_VERSION` | Nexus image version | `3.88.0-alpine` | +| `NEXUS_VERSION` | Nexus image version | `3.93.1-alpine` | ## Volumes diff --git a/services/nexus/docker-compose.yml b/services/nexus/docker-compose.yml index e57492a..5df271f 100644 --- a/services/nexus/docker-compose.yml +++ b/services/nexus/docker-compose.yml @@ -1,7 +1,7 @@ name: nexus services: nexus: - image: sonatype/nexus3:${NEXUS_VERSION:-3.90.1-alpine} + image: sonatype/nexus3:${NEXUS_VERSION:-3.93.1-alpine} container_name: nexus volumes: - nexus_data:/nexus-data diff --git a/services/redash/README.md b/services/redash/README.md index e1f6709..1a42341 100644 --- a/services/redash/README.md +++ b/services/redash/README.md @@ -75,8 +75,8 @@ See [Service Dependency Graph](../../docs/DEPENDENCIES.md) for details. | Container | Image | Purpose | |-----------|-------|---------| | redash-nginx | redash/nginx:latest | Nginx reverse proxy | -| redash-server | redash/redash:25.1.0 | Redash web server | -| redash-worker | redash/redash:25.1.0 | Background job scheduler | +| redash-server | redash/redash:26.3.0 | Redash web server | +| redash-worker | redash/redash:26.3.0 | Background job scheduler | | redash-postgres | postgres:17-alpine | PostgreSQL database | | redash-redis | redis:7-alpine | Redis cache and queue | @@ -94,7 +94,7 @@ See [Service Dependency Graph](../../docs/DEPENDENCIES.md) for details. | Variable | Description | Default | |----------|-------------|---------| | `COMPOSE_PROJECT_NAME` | Docker Compose project name | `redash` | -| `REDASH_VERSION` | Redash image version | `25.1.0` | +| `REDASH_VERSION` | Redash image version | `26.3.0` | | `REDASH_NGINX_VERSION` | Nginx image version | `latest` | | `REDIS_TAG` | Redis image tag | `7-alpine` | | `POSTGRES_TAG` | PostgreSQL image tag | `17-alpine` | diff --git a/services/registry/README.md b/services/registry/README.md index e803e86..d619f0f 100644 --- a/services/registry/README.md +++ b/services/registry/README.md @@ -17,7 +17,7 @@ This is a **Docker Compose OCI artifact**, not a traditional Docker image. It co cat > .env.registry << 'EOF' COMPOSE_PROJECT_NAME=registry SERVICE_DOMAIN=registry.example.com -REGISTRY_VERSION=3.0.0 +REGISTRY_VERSION=3.1.1 EOF # 2. Deploy @@ -36,7 +36,7 @@ bc registry ps cat > .env.registry << 'EOF' COMPOSE_PROJECT_NAME=registry SERVICE_DOMAIN=registry.example.com -REGISTRY_VERSION=3.0.0 +REGISTRY_VERSION=3.1.1 EOF # 2. Deploy from GHCR @@ -56,7 +56,7 @@ docker compose -f oci://ghcr.io/beevelop/registry:latest --env-file .env.registr | Container | Image | Purpose | |-----------|-------|---------| -| registry | registry:3.0.0 | Docker Registry v2 API server | +| registry | registry:3.1.1 | Docker Registry v2 API server | ## Environment Variables @@ -71,7 +71,7 @@ docker compose -f oci://ghcr.io/beevelop/registry:latest --env-file .env.registr | Variable | Description | Default | |----------|-------------|---------| | `COMPOSE_PROJECT_NAME` | Docker Compose project name | `registry` | -| `REGISTRY_VERSION` | Registry image version | `3.0.0` | +| `REGISTRY_VERSION` | Registry image version | `3.1.1` | ## Volumes diff --git a/services/registry/docker-compose.yml b/services/registry/docker-compose.yml index 16b2a63..bd316a1 100644 --- a/services/registry/docker-compose.yml +++ b/services/registry/docker-compose.yml @@ -1,7 +1,7 @@ name: registry services: registry: - image: registry:${REGISTRY_VERSION:-3.0.0} + image: registry:${REGISTRY_VERSION:-3.1.1} container_name: registry volumes: - registry_data:/var/lib/registry diff --git a/services/rundeck/README.md b/services/rundeck/README.md index 88f53a1..76738dc 100644 --- a/services/rundeck/README.md +++ b/services/rundeck/README.md @@ -56,7 +56,7 @@ docker compose -f oci://ghcr.io/beevelop/rundeck:latest --env-file .env.rundeck | Container | Image | Purpose | |-----------|-------|---------| -| rundeck | jordan/rundeck:5.18.0 | Rundeck server with embedded MySQL | +| rundeck | jordan/rundeck:5.20.1 | Rundeck server with embedded MySQL | ## Environment Variables @@ -72,7 +72,7 @@ docker compose -f oci://ghcr.io/beevelop/rundeck:latest --env-file .env.rundeck | Variable | Description | Default | |----------|-------------|---------| | `COMPOSE_PROJECT_NAME` | Docker Compose project name | `rundeck` | -| `RUNDECK_VERSION` | Rundeck image version | `5.18.0` | +| `RUNDECK_VERSION` | Rundeck image version | `5.20.1` | ## Volumes diff --git a/services/rundeck/docker-compose.yml b/services/rundeck/docker-compose.yml index a55daaa..5f05ef3 100644 --- a/services/rundeck/docker-compose.yml +++ b/services/rundeck/docker-compose.yml @@ -1,7 +1,7 @@ name: rundeck services: rundeck: - image: jordan/rundeck:${RUNDECK_VERSION:-5.19.0} + image: jordan/rundeck:${RUNDECK_VERSION:-5.20.1} container_name: rundeck volumes: - rundeck_config:/etc/rundeck diff --git a/services/sentry/.env b/services/sentry/.env index 0c54815..33ab22e 100644 --- a/services/sentry/.env +++ b/services/sentry/.env @@ -1,17 +1,17 @@ # Sentry application images -SENTRY_IMAGE=ghcr.io/getsentry/sentry:26.3.1 -SNUBA_IMAGE=ghcr.io/getsentry/snuba:26.3.1 -RELAY_IMAGE=ghcr.io/getsentry/relay:26.3.1 -SYMBOLICATOR_IMAGE=ghcr.io/getsentry/symbolicator:26.3.1 -TASKBROKER_IMAGE=ghcr.io/getsentry/taskbroker:26.3.1 -VROOM_IMAGE=ghcr.io/getsentry/vroom:26.3.1 -UPTIME_CHECKER_IMAGE=ghcr.io/getsentry/uptime-checker:26.3.1 +SENTRY_IMAGE=ghcr.io/getsentry/sentry:26.6.0 +SNUBA_IMAGE=ghcr.io/getsentry/snuba:26.6.0 +RELAY_IMAGE=ghcr.io/getsentry/relay:26.6.0 +SYMBOLICATOR_IMAGE=ghcr.io/getsentry/symbolicator:26.6.0 +TASKBROKER_IMAGE=ghcr.io/getsentry/taskbroker:26.6.0 +VROOM_IMAGE=ghcr.io/getsentry/vroom:26.6.0 +UPTIME_CHECKER_IMAGE=ghcr.io/getsentry/uptime-checker:26.6.0 # Infrastructure images -POSTGRES_TAG=14.19-bookworm +POSTGRES_TAG=14.23-bookworm REDIS_TAG=6.2.20-alpine MEMCACHED_TAG=1.6.26-alpine KAFKA_TAG=7.6.6 CLICKHOUSE_TAG=25.3.6.10034.altinitystable PGBOUNCER_TAG=v1.24.1-p1 -SEAWEEDFS_TAG=4.09_large_disk +SEAWEEDFS_TAG=4.17_large_disk diff --git a/services/sentry/docker-compose.yml b/services/sentry/docker-compose.yml index e84e259..ab527c5 100644 --- a/services/sentry/docker-compose.yml +++ b/services/sentry/docker-compose.yml @@ -70,7 +70,7 @@ x-sentry-defaults: &sentry_defaults max-file: "50" x-snuba-defaults: &snuba_defaults - image: "${SNUBA_IMAGE:-ghcr.io/getsentry/snuba:26.5.2}" + image: "${SNUBA_IMAGE:-ghcr.io/getsentry/snuba:26.6.0}" depends_on: clickhouse: <<: *depends_on-healthy @@ -360,7 +360,7 @@ services: - feature-complete postgres: - image: "postgres:${POSTGRES_TAG:-14.19-bookworm}" + image: "postgres:${POSTGRES_TAG:-14.23-bookworm}" container_name: sentry-postgres volumes: - sentry-postgres:/var/lib/postgresql/data @@ -456,7 +456,7 @@ services: ################################## seaweedfs: - image: "chrislusf/seaweedfs:${SEAWEEDFS_TAG:-4.09_large_disk}" + image: "chrislusf/seaweedfs:${SEAWEEDFS_TAG:-4.17_large_disk}" container_name: sentry-seaweedfs volumes: - sentry-seaweedfs:/data @@ -778,7 +778,7 @@ services: - feature-complete symbolicator: - image: "${SYMBOLICATOR_IMAGE:-ghcr.io/getsentry/symbolicator:26.5.2}" + image: "${SYMBOLICATOR_IMAGE:-ghcr.io/getsentry/symbolicator:26.6.0}" container_name: sentry-symbolicator volumes: - sentry-symbolicator:/data @@ -799,7 +799,7 @@ services: max-file: "50" symbolicator-cleanup: - image: "${SYMBOLICATOR_IMAGE:-ghcr.io/getsentry/symbolicator:26.5.2}" + image: "${SYMBOLICATOR_IMAGE:-ghcr.io/getsentry/symbolicator:26.6.0}" container_name: sentry-symbolicator-cleanup volumes: - sentry-symbolicator:/data @@ -817,7 +817,7 @@ services: max-file: "50" taskbroker: - image: "${TASKBROKER_IMAGE:-ghcr.io/getsentry/taskbroker:26.5.2}" + image: "${TASKBROKER_IMAGE:-ghcr.io/getsentry/taskbroker:26.6.0}" container_name: sentry-taskbroker depends_on: kafka: @@ -866,7 +866,7 @@ services: - feature-complete uptime-checker: - image: "${UPTIME_CHECKER_IMAGE:-ghcr.io/getsentry/uptime-checker:26.5.2}" + image: "${UPTIME_CHECKER_IMAGE:-ghcr.io/getsentry/uptime-checker:26.6.0}" container_name: sentry-uptime-checker depends_on: kafka: diff --git a/services/sonarqube/README.md b/services/sonarqube/README.md index 95b6bbd..2d57bd9 100644 --- a/services/sonarqube/README.md +++ b/services/sonarqube/README.md @@ -81,7 +81,7 @@ See [Service Dependency Graph](../../docs/DEPENDENCIES.md) for details. | Container | Image | Purpose | |-----------|-------|---------| -| sonarqube | sonarqube:10-community | SonarQube analysis server | +| sonarqube | sonarqube:26.6.0.123539-community | SonarQube analysis server | | sonarqube-db | postgres:17-alpine | PostgreSQL database | ## Environment Variables @@ -97,7 +97,7 @@ See [Service Dependency Graph](../../docs/DEPENDENCIES.md) for details. | Variable | Description | Default | |----------|-------------|---------| | `COMPOSE_PROJECT_NAME` | Docker Compose project name | `sonarqube` | -| `SONARQUBE_VERSION` | SonarQube image version | `10-community` | +| `SONARQUBE_VERSION` | SonarQube image version | `26.6.0.123539-community` | | `POSTGRES_TAG` | PostgreSQL image tag | `17-alpine` | ### Internal (Pre-configured) diff --git a/services/sonarqube/docker-compose.yml b/services/sonarqube/docker-compose.yml index 124cded..a34ffe0 100644 --- a/services/sonarqube/docker-compose.yml +++ b/services/sonarqube/docker-compose.yml @@ -25,7 +25,7 @@ services: max-file: "50" sonarqube: - image: sonarqube:${SONARQUBE_VERSION:-26.3.0.120487-community} + image: sonarqube:${SONARQUBE_VERSION:-26.6.0.123539-community} container_name: sonarqube depends_on: - database diff --git a/services/traefik-tunnel/README.md b/services/traefik-tunnel/README.md index c34d996..b2c4459 100644 --- a/services/traefik-tunnel/README.md +++ b/services/traefik-tunnel/README.md @@ -81,7 +81,7 @@ docker compose -f oci://ghcr.io/beevelop/metabase:latest --env-file .env.metabas | Variable | Default | Description | |----------|---------|-------------| | `COMPOSE_PROJECT_NAME` | `traefik` | Docker Compose project name | -| `TRAEFIK_VERSION` | `v3.6` | Traefik image version | +| `TRAEFIK_VERSION` | `v3.7` | Traefik image version | | `TRAEFIK_DOMAIN` | `traefik.example.com` | Domain for dashboard (via tunnel) | | `TRAEFIK_AUTH` | `admin:$$apr1$$changeme` | Basic auth for dashboard | diff --git a/services/traefik-tunnel/docker-compose.yml b/services/traefik-tunnel/docker-compose.yml index 2506420..8a73f0d 100644 --- a/services/traefik-tunnel/docker-compose.yml +++ b/services/traefik-tunnel/docker-compose.yml @@ -13,7 +13,7 @@ name: traefik services: traefik: - image: traefik:${TRAEFIK_VERSION:-v3.6} + image: traefik:${TRAEFIK_VERSION:-v3.7} container_name: traefik depends_on: traefik-init: diff --git a/services/traefik/README.md b/services/traefik/README.md index 15848d1..ba01750 100644 --- a/services/traefik/README.md +++ b/services/traefik/README.md @@ -61,8 +61,8 @@ docker compose -f oci://ghcr.io/beevelop/traefik:latest --env-file .env.traefik | Container | Image | Purpose | |-----------|-------|---------| -| traefik | traefik:v3.6 | Reverse proxy and load balancer | -| traefik-init | alpine:3.23 | Configuration generator (runs once) | +| traefik | traefik:v3.7 | Reverse proxy and load balancer | +| traefik-init | alpine:3.24 | Configuration generator (runs once) | ## Environment Variables @@ -78,7 +78,7 @@ docker compose -f oci://ghcr.io/beevelop/traefik:latest --env-file .env.traefik | Variable | Default | Description | |----------|---------|-------------| | `COMPOSE_PROJECT_NAME` | `traefik` | Docker Compose project name | -| `TRAEFIK_VERSION` | `v3.6` | Traefik image version | +| `TRAEFIK_VERSION` | `v3.7` | Traefik image version | | `TRAEFIK_DOMAIN` | `traefik.example.com` | Domain for Traefik dashboard | | `TRAEFIK_EMAIL` | Uses `CLOUDFLARE_EMAIL` | Email for Let's Encrypt notifications | | `TRAEFIK_AUTH` | `admin:$$apr1$$changeme` | Basic auth for dashboard (htpasswd format) | diff --git a/services/traefik/docker-compose.yml b/services/traefik/docker-compose.yml index eec5171..665e5fb 100644 --- a/services/traefik/docker-compose.yml +++ b/services/traefik/docker-compose.yml @@ -11,7 +11,7 @@ name: traefik services: traefik: - image: traefik:${TRAEFIK_VERSION:-v3.6} + image: traefik:${TRAEFIK_VERSION:-v3.7} container_name: traefik depends_on: traefik-init: diff --git a/services/tus/README.md b/services/tus/README.md index 4c8339a..6386ad4 100644 --- a/services/tus/README.md +++ b/services/tus/README.md @@ -54,7 +54,7 @@ docker compose -f oci://ghcr.io/beevelop/tus:latest --env-file .env.tus ps | Container | Image | Purpose | |-----------|-------|---------| -| tus | tusproject/tusd:v2.8.0 | TUS upload server | +| tus | tusproject/tusd:v2.10.0 | TUS upload server | ## Environment Variables diff --git a/services/tus/docker-compose.yml b/services/tus/docker-compose.yml index 4caf22f..32df9e9 100644 --- a/services/tus/docker-compose.yml +++ b/services/tus/docker-compose.yml @@ -1,7 +1,7 @@ name: tus services: tus: - image: tusproject/tusd:${TUS_VERSION:-v2.9.2} + image: tusproject/tusd:${TUS_VERSION:-v2.10.0} container_name: tus volumes: - tus_data:/srv/tusd-data diff --git a/services/weblate/README.md b/services/weblate/README.md index 3ce9743..2d980b0 100644 --- a/services/weblate/README.md +++ b/services/weblate/README.md @@ -104,7 +104,7 @@ See [Service Dependency Graph](../../docs/DEPENDENCIES.md) for details. | Container | Image | Purpose | |-----------|-------|---------| -| weblate | weblate/weblate:5.11 | Translation management web application | +| weblate | weblate/weblate:2026.6 | Translation management web application | | weblate-postgres | postgres:17-alpine | PostgreSQL database | | weblate-redis | redis:7-alpine | Caching and task queue | | weblate-memcached | memcached:1.6-alpine | Session caching | diff --git a/services/weblate/docker-compose.yml b/services/weblate/docker-compose.yml index b80ed07..8ddfc8a 100644 --- a/services/weblate/docker-compose.yml +++ b/services/weblate/docker-compose.yml @@ -61,7 +61,7 @@ services: max-file: "50" weblate: - image: weblate/weblate:${WEBLATE_VERSION:-5.16} + image: weblate/weblate:${WEBLATE_VERSION:-2026.6} container_name: weblate depends_on: - cache diff --git a/services/zabbix/README.md b/services/zabbix/README.md index ff0b6b1..11033fe 100644 --- a/services/zabbix/README.md +++ b/services/zabbix/README.md @@ -68,9 +68,9 @@ See [Service Dependency Graph](../../docs/DEPENDENCIES.md) for details. | Container | Image | Purpose | |-----------|-------|---------| -| zabbix-web | zabbix/zabbix-web-nginx-mysql:7.2-alpine-latest | Web frontend (Nginx + PHP) | -| zabbix-server | zabbix/zabbix-server-mysql:7.2-alpine-latest | Zabbix server daemon | -| zabbix-mariadb | mariadb:11.7 | MariaDB database | +| zabbix-web | zabbix/zabbix-web-nginx-mysql:7.4-alpine-latest | Web frontend (Nginx + PHP) | +| zabbix-server | zabbix/zabbix-server-mysql:7.4-alpine-latest | Zabbix server daemon | +| zabbix-mariadb | mariadb:12.2 | MariaDB database | ## Environment Variables diff --git a/services/zabbix/docker-compose.yml b/services/zabbix/docker-compose.yml index ef17b9d..2c499d7 100644 --- a/services/zabbix/docker-compose.yml +++ b/services/zabbix/docker-compose.yml @@ -26,7 +26,7 @@ services: max-file: "50" server: - image: zabbix/zabbix-server-mysql:${ZABBIX_VERSION:-7.2-alpine-latest} + image: zabbix/zabbix-server-mysql:${ZABBIX_VERSION:-7.4-alpine-latest} container_name: zabbix-server depends_on: - database @@ -57,7 +57,7 @@ services: max-file: "50" web: - image: zabbix/zabbix-web-nginx-mysql:${ZABBIX_VERSION:-7.2-alpine-latest} + image: zabbix/zabbix-web-nginx-mysql:${ZABBIX_VERSION:-7.4-alpine-latest} container_name: zabbix-web depends_on: - database From 51adc2291828852203da1a170d233576b24de098 Mon Sep 17 00:00:00 2001 From: Maik Hummel <6891349+beevelop@users.noreply.github.com> Date: Wed, 24 Jun 2026 15:13:06 +0200 Subject: [PATCH 2/2] Services: Address CodeRabbit review feedback - Directus/Graylog/Keycloak/n8n: parameterize newly added env vars with ${VAR:-default} substitution (IP_TRUST_PROXY, ACCEPT_TERMS, GRAYLOG_ELASTICSEARCH_HOSTS, KC_PROXY_HEADERS, N8N_RUNNERS_ENABLED) - Zabbix: pin immutable tag 7.4.11-alpine instead of mutable 7.4-alpine-latest (server + web), sync README - Graylog: align README Elasticsearch image with compose registry (docker.elastic.co/elasticsearch/elasticsearch:7.17.29) - Keycloak: fix stale README troubleshooting note (KC_PROXY=edge -> KC_PROXY_HEADERS=xforwarded) - docs/OCI_NAMING.md: bump Traefik example to v3.7 Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com> --- docs/OCI_NAMING.md | 2 +- services/directus/docker-compose.yml | 4 ++-- services/graylog/README.md | 2 +- services/graylog/docker-compose.yml | 2 +- services/keycloak/README.md | 2 +- services/keycloak/docker-compose.yml | 2 +- services/n8n/docker-compose.yml | 2 +- services/zabbix/README.md | 4 ++-- services/zabbix/docker-compose.yml | 4 ++-- 9 files changed, 12 insertions(+), 12 deletions(-) diff --git a/docs/OCI_NAMING.md b/docs/OCI_NAMING.md index 8f09a6c..d4dacfe 100644 --- a/docs/OCI_NAMING.md +++ b/docs/OCI_NAMING.md @@ -35,7 +35,7 @@ Versions are extracted from the service's `.env` file, specifically from the fir | Service | `.env` Variable | OCI Tag | |---------|-----------------|---------| | GitLab | `GITLAB_VERSION=18.8.0` | `ghcr.io/beevelop/gitlab:v18.8.0` | -| Traefik | `TRAEFIK_VERSION=v3.6` | `ghcr.io/beevelop/traefik:v3.6` | +| Traefik | `TRAEFIK_VERSION=v3.7` | `ghcr.io/beevelop/traefik:v3.7` | | Metabase | `METABASE_VERSION=v0.58.2` | `ghcr.io/beevelop/metabase:v0.58.2` | ## Versioning Rules diff --git a/services/directus/docker-compose.yml b/services/directus/docker-compose.yml index b61e8ed..f17253e 100644 --- a/services/directus/docker-compose.yml +++ b/services/directus/docker-compose.yml @@ -18,8 +18,8 @@ services: DB_USER: ${DB_USER:-directus} DB_PASSWORD: ${DB_PASS:-Swordfish} PUBLIC_URL: https://${SERVICE_DOMAIN:-example.com} - IP_TRUST_PROXY: "true" - ACCEPT_TERMS: "true" + IP_TRUST_PROXY: ${IP_TRUST_PROXY:-true} + ACCEPT_TERMS: ${ACCEPT_TERMS:-true} networks: - directus - traefik diff --git a/services/graylog/README.md b/services/graylog/README.md index 4db160f..83b8d72 100644 --- a/services/graylog/README.md +++ b/services/graylog/README.md @@ -81,7 +81,7 @@ See [Service Dependency Graph](../../docs/DEPENDENCIES.md) for details. | Container | Image | Purpose | |-----------|-------|---------| | graylog | graylog/graylog:6.3 | Log management web interface and API | -| graylog-elasticsearch | elasticsearch:7.17.29 | Search and indexing engine | +| graylog-elasticsearch | docker.elastic.co/elasticsearch/elasticsearch:7.17.29 | Search and indexing engine | | graylog-mongodb | mongo:8.0 | Configuration and metadata storage | ## Environment Variables diff --git a/services/graylog/docker-compose.yml b/services/graylog/docker-compose.yml index f296804..2db657a 100644 --- a/services/graylog/docker-compose.yml +++ b/services/graylog/docker-compose.yml @@ -45,7 +45,7 @@ services: - GRAYLOG_HTTP_BIND_ADDRESS=0.0.0.0:9000 - GRAYLOG_HTTP_PUBLISH_URI=https://${SERVICE_DOMAIN:-example.com} - GRAYLOG_HTTP_EXTERNAL_URI=https://${SERVICE_DOMAIN:-example.com}/ - - GRAYLOG_ELASTICSEARCH_HOSTS=http://elasticsearch:9200 + - GRAYLOG_ELASTICSEARCH_HOSTS=${GRAYLOG_ELASTICSEARCH_HOSTS:-http://elasticsearch:9200} - GRAYLOG_TRANSPORT_EMAIL_ENABLED=${GRAYLOG_TRANSPORT_EMAIL_ENABLED:-false} - GRAYLOG_TRANSPORT_EMAIL_HOSTNAME=${GRAYLOG_TRANSPORT_EMAIL_HOSTNAME:-} - GRAYLOG_TRANSPORT_EMAIL_PORT=25 diff --git a/services/keycloak/README.md b/services/keycloak/README.md index 846ae5a..beb61aa 100644 --- a/services/keycloak/README.md +++ b/services/keycloak/README.md @@ -144,7 +144,7 @@ dc pull && dc up -d Keycloak has a `start_period` of 90 seconds. Wait for the container to become healthy. Check logs with `docker logs keycloak`. ### Cannot access admin console -Ensure `KC_PROXY=edge` is set (default in this configuration) when running behind a reverse proxy like Traefik. +Ensure `KC_PROXY_HEADERS=xforwarded` is set (default in this configuration) when running behind a reverse proxy like Traefik. ### Database connection errors Verify PostgreSQL is running and healthy: `docker logs keycloak-postgres` diff --git a/services/keycloak/docker-compose.yml b/services/keycloak/docker-compose.yml index cd2f792..2e45b5e 100644 --- a/services/keycloak/docker-compose.yml +++ b/services/keycloak/docker-compose.yml @@ -12,7 +12,7 @@ services: KC_DB_PASSWORD: ${POSTGRES_PASS:-Swordfish} KEYCLOAK_ADMIN: ${KEYCLOAK_USER:-admin} KEYCLOAK_ADMIN_PASSWORD: ${KEYCLOAK_PASSWORD:-Swordfish} - KC_PROXY_HEADERS: xforwarded + KC_PROXY_HEADERS: ${KC_PROXY_HEADERS:-xforwarded} KC_HOSTNAME: ${SERVICE_DOMAIN:-example.com} KC_HTTP_ENABLED: "true" KC_HEALTH_ENABLED: "true" diff --git a/services/n8n/docker-compose.yml b/services/n8n/docker-compose.yml index 4cef532..973fbb1 100644 --- a/services/n8n/docker-compose.yml +++ b/services/n8n/docker-compose.yml @@ -20,7 +20,7 @@ services: N8N_PORT: 5678 N8N_PROTOCOL: https N8N_ENFORCE_SETTINGS_FILE_PERMISSIONS: "true" - N8N_RUNNERS_ENABLED: "true" + N8N_RUNNERS_ENABLED: ${N8N_RUNNERS_ENABLED:-true} NODE_ENV: production WEBHOOK_URL: https://${SERVICE_DOMAIN:-n8n.example.com}/ GENERIC_TIMEZONE: ${TZ:-UTC} diff --git a/services/zabbix/README.md b/services/zabbix/README.md index 11033fe..674bb8e 100644 --- a/services/zabbix/README.md +++ b/services/zabbix/README.md @@ -68,8 +68,8 @@ See [Service Dependency Graph](../../docs/DEPENDENCIES.md) for details. | Container | Image | Purpose | |-----------|-------|---------| -| zabbix-web | zabbix/zabbix-web-nginx-mysql:7.4-alpine-latest | Web frontend (Nginx + PHP) | -| zabbix-server | zabbix/zabbix-server-mysql:7.4-alpine-latest | Zabbix server daemon | +| zabbix-web | zabbix/zabbix-web-nginx-mysql:7.4.11-alpine | Web frontend (Nginx + PHP) | +| zabbix-server | zabbix/zabbix-server-mysql:7.4.11-alpine | Zabbix server daemon | | zabbix-mariadb | mariadb:12.2 | MariaDB database | ## Environment Variables diff --git a/services/zabbix/docker-compose.yml b/services/zabbix/docker-compose.yml index 2c499d7..f214217 100644 --- a/services/zabbix/docker-compose.yml +++ b/services/zabbix/docker-compose.yml @@ -26,7 +26,7 @@ services: max-file: "50" server: - image: zabbix/zabbix-server-mysql:${ZABBIX_VERSION:-7.4-alpine-latest} + image: zabbix/zabbix-server-mysql:${ZABBIX_VERSION:-7.4.11-alpine} container_name: zabbix-server depends_on: - database @@ -57,7 +57,7 @@ services: max-file: "50" web: - image: zabbix/zabbix-web-nginx-mysql:${ZABBIX_VERSION:-7.4-alpine-latest} + image: zabbix/zabbix-web-nginx-mysql:${ZABBIX_VERSION:-7.4.11-alpine} container_name: zabbix-web depends_on: - database