From dc6841e9d09b65a9892fb32aa1fb436855cc61a2 Mon Sep 17 00:00:00 2001
From: initstring <26131150+initstring@users.noreply.github.com>
Date: Sat, 17 Jan 2026 21:41:57 +1100
Subject: [PATCH 1/3] Add optional SSO env vars to compose

---
 deploy/docker/docker-compose.yml | 10 ++++++++++
 1 file changed, 10 insertions(+)

diff --git a/deploy/docker/docker-compose.yml b/deploy/docker/docker-compose.yml
index 2acd134..96b9fd9 100644
--- a/deploy/docker/docker-compose.yml
+++ b/deploy/docker/docker-compose.yml
@@ -25,6 +25,16 @@ services:
       ENABLE_DEMO_MODE: ${ENABLE_DEMO_MODE}
       GOOGLE_CLIENT_ID: ${GOOGLE_CLIENT_ID}
       GOOGLE_CLIENT_SECRET: ${GOOGLE_CLIENT_SECRET}
+      GITHUB_CLIENT_ID: ${GITHUB_CLIENT_ID}
+      GITHUB_CLIENT_SECRET: ${GITHUB_CLIENT_SECRET}
+      GITLAB_CLIENT_ID: ${GITLAB_CLIENT_ID}
+      GITLAB_CLIENT_SECRET: ${GITLAB_CLIENT_SECRET}
+      KEYCLOAK_CLIENT_ID: ${KEYCLOAK_CLIENT_ID}
+      KEYCLOAK_CLIENT_SECRET: ${KEYCLOAK_CLIENT_SECRET}
+      KEYCLOAK_ISSUER: ${KEYCLOAK_ISSUER}
+      OKTA_CLIENT_ID: ${OKTA_CLIENT_ID}
+      OKTA_CLIENT_SECRET: ${OKTA_CLIENT_SECRET}
+      OKTA_ISSUER: ${OKTA_ISSUER}
     ports:
       - "${PORT}:${PORT}"
     restart: unless-stopped

From 92909a18e54fddfbfed93322e341ac69c63912e0 Mon Sep 17 00:00:00 2001
From: initstring <26131150+initstring@users.noreply.github.com>
Date: Sat, 17 Jan 2026 21:53:50 +1100
Subject: [PATCH 2/3] Fix compose TLS port comment

---
 deploy/docker/.env.example-prod  | 4 ++--
 deploy/docker/docker-compose.yml | 6 +++---
 2 files changed, 5 insertions(+), 5 deletions(-)

diff --git a/deploy/docker/.env.example-prod b/deploy/docker/.env.example-prod
index 9d3bd39..6b0169c 100644
--- a/deploy/docker/.env.example-prod
+++ b/deploy/docker/.env.example-prod
@@ -34,6 +34,6 @@ POSTGRES_USER=postgres
 POSTGRES_PASSWORD=CHANGE_ME
 POSTGRES_DB=rtap
 
-# Web app
-PORT=3000
+# Web app (optional host port mapping)
+HOST_PORT=3000
 DATABASE_URL=postgresql://${POSTGRES_USER}:${POSTGRES_PASSWORD}@rtap-postgres:5432/${POSTGRES_DB}
diff --git a/deploy/docker/docker-compose.yml b/deploy/docker/docker-compose.yml
index 96b9fd9..d454a6a 100644
--- a/deploy/docker/docker-compose.yml
+++ b/deploy/docker/docker-compose.yml
@@ -17,7 +17,7 @@ services:
       - rtap-postgres
     environment:
       NODE_ENV: production
-      PORT: ${PORT}
+      PORT: 3000
       DATABASE_URL: ${DATABASE_URL}
       AUTH_URL: ${AUTH_URL}
       AUTH_SECRET: ${AUTH_SECRET}
@@ -36,11 +36,11 @@ services:
       OKTA_CLIENT_SECRET: ${OKTA_CLIENT_SECRET}
       OKTA_ISSUER: ${OKTA_ISSUER}
     ports:
-      - "${PORT}:${PORT}"
+      - "${HOST_PORT:-3000}:3000"
     restart: unless-stopped
 
 # If you need TLS, place your own reverse proxy (e.g., Traefik, Caddy, Nginx)
-# in front of rtap-web and forward port 80/443 to ${PORT}.
+# in front of rtap-web and forward port 80/443 to ${HOST_PORT:-3000}.
 
 volumes:
   rtap-postgres-data:

From 5088c1e299d8dfaa883ef14c5b6317d107bba9d6 Mon Sep 17 00:00:00 2001
From: initstring <26131150+initstring@users.noreply.github.com>
Date: Sat, 17 Jan 2026 21:53:54 +1100
Subject: [PATCH 3/3] Remove port env vars from docker setup

---
 deploy/docker/.env.example-prod  | 2 --
 deploy/docker/docker-compose.yml | 5 ++---
 2 files changed, 2 insertions(+), 5 deletions(-)

diff --git a/deploy/docker/.env.example-prod b/deploy/docker/.env.example-prod
index 6b0169c..85a584b 100644
--- a/deploy/docker/.env.example-prod
+++ b/deploy/docker/.env.example-prod
@@ -34,6 +34,4 @@ POSTGRES_USER=postgres
 POSTGRES_PASSWORD=CHANGE_ME
 POSTGRES_DB=rtap
 
-# Web app (optional host port mapping)
-HOST_PORT=3000
 DATABASE_URL=postgresql://${POSTGRES_USER}:${POSTGRES_PASSWORD}@rtap-postgres:5432/${POSTGRES_DB}
diff --git a/deploy/docker/docker-compose.yml b/deploy/docker/docker-compose.yml
index d454a6a..7329ad0 100644
--- a/deploy/docker/docker-compose.yml
+++ b/deploy/docker/docker-compose.yml
@@ -17,7 +17,6 @@ services:
       - rtap-postgres
     environment:
       NODE_ENV: production
-      PORT: 3000
       DATABASE_URL: ${DATABASE_URL}
       AUTH_URL: ${AUTH_URL}
       AUTH_SECRET: ${AUTH_SECRET}
@@ -36,11 +35,11 @@ services:
       OKTA_CLIENT_SECRET: ${OKTA_CLIENT_SECRET}
       OKTA_ISSUER: ${OKTA_ISSUER}
     ports:
-      - "${HOST_PORT:-3000}:3000"
+      - "3000:3000"
     restart: unless-stopped
 
 # If you need TLS, place your own reverse proxy (e.g., Traefik, Caddy, Nginx)
-# in front of rtap-web and forward port 80/443 to ${HOST_PORT:-3000}.
+# in front of rtap-web and forward port 80/443 to 3000.
 
 volumes:
   rtap-postgres-data: