fix: isolate environment variables per container in Docker Compose deployments#8504
Closed
ripgtxgt wants to merge 2 commits intocoollabsio:nextfrom
Closed
fix: isolate environment variables per container in Docker Compose deployments#8504ripgtxgt wants to merge 2 commits intocoollabsio:nextfrom
ripgtxgt wants to merge 2 commits intocoollabsio:nextfrom
Conversation
Changes
-------
### PATCH /databases/:uuid — backup configuration support
Adds optional backup_* fields so callers can configure (or auto-create)
a database's backup schedule through the existing resource endpoint,
without needing to know the scheduled_backup_uuid:
backup_save_s3, backup_frequency, backup_s3_storage_uuid,
backup_enabled, backup_disable_local_backup,
backup_databases_to_backup, backup_dump_all,
backup_retention_{amount,days,max_storage}_{locally,s3}
If no backup config exists for the database, one is automatically
created with sane defaults. The backup_* prefix avoids any collision
with existing database fields.
### GET /databases — last_successful_backup timestamp
Each backup_config entry now includes a `last_successful_backup`
ISO-8601 timestamp (null when no successful run has occurred yet),
satisfying the issue requirement to surface backup health at a glance
without a second API call.
### POST /databases/:uuid/backups — expose disable_local_backup
Added `disable_local_backup` (boolean) to the create-backup endpoint so
callers can configure S3-only backups from the start.
### PATCH /databases/:uuid/backups/:uuid — fix frequency validation + disable_local_backup
- The frequency field was previously validated with a strict enum
(every_minute|hourly|daily|weekly|monthly|yearly), preventing custom
cron expressions. Validation is now delegated to the same
`validate_cron_expression()` helper used by the create endpoint.
- Added `disable_local_backup` to the allowed/validated fields.
All other backup endpoints (GET backups, DELETE backup, DELETE execution,
GET executions) were already implemented and are unchanged.
Closes coollabsio#5672
…oses coollabsio#7655) Problem ------- Coolify injected a single .env file containing ALL environment variables from a Compose project into every container via an unconditional \$service['env_file'] = ['.env']; applied to every service. This meant a compromised Redis container could read POSTGRES_PASSWORD, and a Next.js container could read database credentials that are none of its business — a serious lateral-movement risk in multi-tenant/cloud deployments. Fix --- Instead of one shared .env we now generate a per-service env file (.env.<service_name>) that contains only: 1. Variables explicitly declared in that service's `environment:` block in the Compose file. 2. Coolify-injected metadata (COOLIFY_*, SERVICE_URL_*, SERVICE_FQDN_*, SERVICE_NAME_*) which are legitimate global context variables. Implementation -------------- * ApplicationDeploymentJob::$composeServiceEnvKeys (new property) Populated during compose file generation by parsing each service's raw `environment:` block (supports both list and map YAML forms). * Compose generation loop (line ~643) Each service's env_file is set to [".env.<slug>"] instead of [".env"]. Any env_file entries already present in the original compose are preserved after the per-service file. * ApplicationDeploymentJob::write_per_service_env_files() (new method) Called from save_runtime_environment_variables() after the global .env is written. Builds per-service KEY=value lists and writes them via the existing remote-command infrastructure. The global .env is still written (backward-compatible for raw-compose mode and any tooling that reads it directly). Scope ----- Only affects `build_pack === 'dockercompose'` non-raw deployments. Raw compose mode is intentionally unchanged — users who manage raw compose files control env_file themselves. Single-container (dockerfile/nixpacks/etc.) deployments are unaffected. Closes coollabsio#7655
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to subscribe to this conversation on GitHub.
Already have an account?
Sign in.
3 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Changes
Coolify injected a single
.envfile containing ALL environment variables from every service into every container via an unconditional$service['env_file'] = ['.env']. In anextjs + postgres + redisstack, Redis could readPOSTGRES_PASSWORDand Next.js API keys — a lateral-movement risk.Now generates a per-service
.env.<service_name>file containing only:environment:blockCOOLIFY_*,SERVICE_URL_*,SERVICE_FQDN_*,SERVICE_NAME_*)The global
.envis preserved for backward compatibility.Issues
Category
AI Usage
Steps to Test
POSTGRES_PASSWORDContributor Agreement
Important