Docker AIO - Commercial Edition #137
Conversation
|
The latest updates on your projects. Learn more about Vercel for GitHub.
|
WalkthroughUpdates navigation in Changes
Estimated code review effort🎯 3 (Moderate) | ⏱️ ~20 minutes Poem
Pre-merge checks and finishing touches✅ Passed checks (3 passed)
✨ Finishing touches🧪 Generate unit tests (beta)
Warning Review ran into problems🔥 ProblemsGit: Failed to clone repository. Please run the Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out. Comment |
![coderabbitai[bot]](https://avatars.githubusercontent.com/in/347564?s=60&v=4){kind=small}
There was a problem hiding this comment.
Actionable comments posted: 3
🧹 Nitpick comments (1)
self-hosting/methods/airgapped-edition.mdx (1)
2-2: Title/body mismatch – clarify edition namingThe title drops the word “Commercial”, but Line 6 still says “Commercial Airgapped Edition”. Either re-insert “Commercial” into the title or remove it from the body to avoid reader confusion and preserve search/SEO consistency.
📜 Review details
Configuration used: CodeRabbit UI
Review profile: CHILL
Plan: Pro
📒 Files selected for processing (3)
mint.json(1 hunks)self-hosting/methods/airgapped-edition.mdx(1 hunks)self-hosting/methods/docker-aio.mdx(1 hunks)
🧰 Additional context used
🪛 Gitleaks (8.27.2)
self-hosting/methods/docker-aio.mdx
78-78: Detected a Generic API Key, potentially exposing access to various services and sensitive operations.
(generic-api-key)
🔇 Additional comments (1)
mint.json (1)
70-76: Verify navigation ordering & slug consistencyThe new slugs
self-hosting/methods/docker-aio and the moved airgapped-edition entry look correct, but please run the site locally to ensure:
- The new page renders (front-matter slug matches filename).
- The reorder does not break deep links that previously referenced the old position.
No change requested if both checks pass.
|
You have run out of free Bugbot PR reviews for this billing cycle. This will reset on October 20. To receive reviews on all of your PRs, visit the Cursor dashboard to activate Pro and start your 14-day free trial. |
There was a problem hiding this comment.
Actionable comments posted: 2
♻️ Duplicate comments (1)
self-hosting/methods/docker-aio.mdx (1)
133-139: Add an explicit warning to rotate default secretsThese entries say “default provided” with no call-out. Installations that keep the shipped defaults will share identical secrets, undermining security (prior review already flagged this). Place a
<Warning>block here telling readers to replace every default secret in production.### Security and secrets - `MACHINE_SIGNATURE`: Unique machine identifier (auto-generated if not provided) -- `SECRET_KEY`: Django secret key (default provided) -- `SILO_HMAC_SECRET_KEY`: Silo HMAC secret (default provided) -- `AES_SECRET_KEY`: AES encryption key (default provided) -- `LIVE_SERVER_SECRET_KEY`: Live server secret (default provided) +<Warning> + Replace every default secret before going to production. Generate unique values for `SECRET_KEY`, `SILO_HMAC_SECRET_KEY`, `AES_SECRET_KEY`, and `LIVE_SERVER_SECRET_KEY`; leaving defaults makes your instance vulnerable. +</Warning> +- `SECRET_KEY`: Django secret key (default provided) +- `SILO_HMAC_SECRET_KEY`: Silo HMAC secret (default provided) +- `AES_SECRET_KEY`: AES encryption key (default provided) +- `LIVE_SERVER_SECRET_KEY`: Live server secret (default provided)
📜 Review details
Configuration used: CodeRabbit UI
Review profile: CHILL
Plan: Pro
📒 Files selected for processing (2)
mint.json(1 hunks)self-hosting/methods/docker-aio.mdx(1 hunks)
🚧 Files skipped from review as they are similar to previous changes (1)
- mint.json
There was a problem hiding this comment.
Actionable comments posted: 2
🧹 Nitpick comments (3)
self-hosting/methods/docker-aio.mdx (3)
20-22: Align Proxy ports with Port Mapping (include 443 or drop numbers here)Proxy bullet lists ports but omits 443 while Port Mapping includes it. Prefer removing port numbers here to avoid duplication.
-- **Proxy** (Port 80, 20025, 20465, 20587) - Caddy reverse proxy +- **Proxy** - Caddy reverse proxy
133-139: Add an explicit warning to rotate default secretsThese items say “default provided.” Instruct users to set unique values for production to avoid shared secrets.
## Environment variables (optional) +<Warning> + Security: Do not use default/auto‑generated secrets in production. Set unique values for: + SECRET_KEY, SILO_HMAC_SECRET_KEY, AES_SECRET_KEY, and LIVE_SERVER_SECRET_KEY. +</Warning> + ### Security and secrets - `MACHINE_SIGNATURE`: Unique machine identifier (auto-generated if not provided) - `SECRET_KEY`: Django secret key (default provided) - `SILO_HMAC_SECRET_KEY`: Silo HMAC secret (default provided) - `AES_SECRET_KEY`: AES encryption key (default provided) - `LIVE_SERVER_SECRET_KEY`: Live server secret (default provided)
58-73: Use detached mode and env file for production usageRunning with
--rm -itand inline secrets isn’t ideal for prod. Suggest a detached example and--env-fileto avoid leaking secrets via history/process list.-docker run --name plane-aio --rm -it \ +docker run --name plane-aio -d \Example env file usage:
Create a .env file: DOMAIN_NAME=your-domain.com DATABASE_URL=postgresql://user:pass@host:port/database REDIS_URL=redis://host:port AMQP_URL=amqp://user:pass@host:port/vhost AWS_REGION=us-east-1 AWS_ACCESS_KEY_ID=your-access-key AWS_SECRET_ACCESS_KEY=your-secret-key AWS_S3_BUCKET_NAME=your-bucketdocker run --name plane-aio -d \ --env-file ./.env \ -p 80:80 -p 443:443 -p 20025:20025 -p 20465:20465 -p 20587:20587 \ artifacts.plane.so/makeplane/plane-aio-commercial:stable
📜 Review details
Configuration used: CodeRabbit UI
Review profile: CHILL
Plan: Pro
📒 Files selected for processing (2)
mint.json(1 hunks)self-hosting/methods/docker-aio.mdx(1 hunks)
🔇 Additional comments (3)
self-hosting/methods/docker-aio.mdx (1)
112-116: Clarify SSL mount: HTTPS vs SMTP certificatesPath
/app/email/tlssuggests SMTP TLS, not HTTPS (Caddy). If HTTPS needs certs, document the correct mount path for Caddy or note automatic TLS behavior explicitly.
- Confirm HTTPS cert path for Caddy, or add a note that Caddy auto‑provisions certs (and any required envs).
- If a different path is required, update this section accordingly.
mint.json (2)
71-71: Nav entry addition looks goodAdding self-hosting/methods/docker-aio after docker-compose fits the Install flow.
71-84: AI summary says podman-quadlets removed, but it’s still presentLine 83 retains "self-hosting/methods/podman-quadlets". Confirm whether this page should remain or be removed.
| docker run --name plane-aio --rm -it \ | ||
| -p 80:80 \ | ||
| -p 20025:20025 \ | ||
| -p 20465:20465 \ | ||
| -p 20587:20587 \ | ||
| -e DOMAIN_NAME=your-domain.com \ |
There was a problem hiding this comment.
Publish HTTPS port 443 in run examples
You list HTTPS in Port Mapping but don’t publish 443; users can’t terminate TLS. Add 443 to both examples.
docker run --name plane-aio --rm -it \
- -p 80:80 \
+ -p 80:80 \
+ -p 443:443 \
-p 20025:20025 \
-p 20465:20465 \
-p 20587:20587 \ docker run --name myaio --rm -it \
- -p 80:80 \
+ -p 80:80 \
+ -p 443:443 \
-p 20025:20025 \
-p 20465:20465 \
-p 20587:20587 \Also applies to: 80-84
🤖 Prompt for AI Agents
In self-hosting/methods/docker-aio.mdx around lines 59 to 64, the docker run
example maps HTTP and other ports but omits publishing HTTPS port 443,
preventing TLS termination; modify both run examples (lines 59-64 and also
80-84) to include "-p 443:443" in the docker run command so the container can
accept inbound HTTPS traffic.
| artifacts.plane.so/makeplane/plane-aio-commercial:stable | ||
| ``` | ||
|
|
||
| 2. Once it's running, you can access the Plane application on the domain you provided during the deployment. |
There was a problem hiding this comment.
Fix step numbering (2 → 3)
Minor numbering issue.
-2. Once it's running, you can access the Plane application on the domain you provided during the deployment.
+3. Once it's running, you can access the Plane application on the domain you provided during the deployment.📝 Committable suggestion
‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.
| 2. Once it's running, you can access the Plane application on the domain you provided during the deployment. | |
| 3. Once it's running, you can access the Plane application on the domain you provided during the deployment. |
🤖 Prompt for AI Agents
In self-hosting/methods/docker-aio.mdx around line 97, the ordered step is
misnumbered as "2" but should be "3"; update the step number to "3" to maintain
correct sequence in the instructions.
2 participants
Description
Type of Change
Screenshots and Media (if applicable)
Test Scenarios
References
Summary by CodeRabbit