From ca430d6fdf6db58d1b9501ffa12ac43eade14f50 Mon Sep 17 00:00:00 2001 From: Jason Woltje Date: Mon, 16 Feb 2026 22:05:58 -0600 Subject: [PATCH] fix: resolve Portainer deployment Redis and CORS failures Remove Docker Compose profiles from postgres and valkey services so they start by default without --profile flag. Add NEXT_PUBLIC_APP_URL, NEXT_PUBLIC_API_URL, and TRUSTED_ORIGINS to the API service environment so CORS works in production. Co-Authored-By: Claude Opus 4.6 --- .env.example | 84 ++++++++++++++++++++++++++-------------------- docker-compose.yml | 10 +++--- 2 files changed, 52 insertions(+), 42 deletions(-) diff --git a/.env.example b/.env.example index 396d74e..8615344 100644 --- a/.env.example +++ b/.env.example @@ -19,7 +19,7 @@ NEXT_PUBLIC_API_URL=http://localhost:3001 # ====================== # PostgreSQL Database # ====================== -# Bundled PostgreSQL (when database profile enabled) +# Bundled PostgreSQL # SECURITY: Change POSTGRES_PASSWORD to a strong random password in production DATABASE_URL=postgresql://mosaic:REPLACE_WITH_SECURE_PASSWORD@postgres:5432/mosaic POSTGRES_USER=mosaic @@ -28,7 +28,7 @@ POSTGRES_DB=mosaic POSTGRES_PORT=5432 # External PostgreSQL (managed service) -# Disable 'database' profile and point DATABASE_URL to your external instance +# To use an external instance, update DATABASE_URL above # Example: DATABASE_URL=postgresql://user:pass@rds.amazonaws.com:5432/mosaic # PostgreSQL Performance Tuning (Optional) @@ -39,7 +39,7 @@ POSTGRES_MAX_CONNECTIONS=100 # ====================== # Valkey Cache (Redis-compatible) # ====================== -# Bundled Valkey (when cache profile enabled) +# Bundled Valkey VALKEY_URL=redis://valkey:6379 VALKEY_HOST=valkey VALKEY_PORT=6379 @@ -47,7 +47,7 @@ VALKEY_PORT=6379 VALKEY_MAXMEMORY=256mb # External Redis/Valkey (managed service) -# Disable 'cache' profile and point VALKEY_URL to your external instance +# To use an external instance, update VALKEY_URL above # Example: VALKEY_URL=redis://elasticache.amazonaws.com:6379 # Example with auth: VALKEY_URL=redis://:password@redis.example.com:6379 @@ -244,12 +244,16 @@ MOSAIC_API_DOMAIN=api.mosaic.local MOSAIC_WEB_DOMAIN=mosaic.local MOSAIC_AUTH_DOMAIN=auth.mosaic.local -# External Traefik network name (for upstream mode) +# External Traefik network name (for upstream mode and swarm) # Must match the network name of your existing Traefik instance TRAEFIK_NETWORK=traefik-public +TRAEFIK_DOCKER_NETWORK=traefik-public # TLS/SSL Configuration TRAEFIK_TLS_ENABLED=true +TRAEFIK_ENTRYPOINT=websecure +# Cert resolver name (leave empty if TLS is handled externally or using self-signed certs) +TRAEFIK_CERTRESOLVER= # For Let's Encrypt (production): TRAEFIK_ACME_EMAIL=admin@example.com # For self-signed certificates (development), leave TRAEFIK_ACME_EMAIL empty @@ -285,6 +289,15 @@ GITEA_WEBHOOK_SECRET=REPLACE_WITH_RANDOM_WEBHOOK_SECRET # The coordinator service uses this key to authenticate with the API COORDINATOR_API_KEY=REPLACE_WITH_RANDOM_API_KEY_MINIMUM_32_CHARS +# Anthropic API Key (used by coordinator for issue parsing) +# Get your API key from: https://console.anthropic.com/ +ANTHROPIC_API_KEY=REPLACE_WITH_ANTHROPIC_API_KEY + +# Coordinator tuning +COORDINATOR_POLL_INTERVAL=5.0 +COORDINATOR_MAX_CONCURRENT_AGENTS=10 +COORDINATOR_ENABLED=true + # ====================== # Rate Limiting # ====================== @@ -329,16 +342,34 @@ RATE_LIMIT_STORAGE=redis # ====================== # Matrix bot integration for chat-based control via Matrix protocol # Requires a Matrix account with an access token for the bot user -# MATRIX_HOMESERVER_URL=https://matrix.example.com -# MATRIX_ACCESS_TOKEN= -# MATRIX_BOT_USER_ID=@mosaic-bot:example.com -# MATRIX_CONTROL_ROOM_ID=!roomid:example.com -# MATRIX_WORKSPACE_ID=your-workspace-uuid +# Set these AFTER deploying Synapse and creating the bot account. # # SECURITY: MATRIX_WORKSPACE_ID must be a valid workspace UUID from your database. # All Matrix commands will execute within this workspace context for proper # multi-tenant isolation. Each Matrix bot instance should be configured for # a single workspace. +MATRIX_HOMESERVER_URL=http://synapse:8008 +MATRIX_ACCESS_TOKEN= +MATRIX_BOT_USER_ID=@mosaic-bot:matrix.example.com +MATRIX_SERVER_NAME=matrix.example.com +# MATRIX_CONTROL_ROOM_ID=!roomid:matrix.example.com +# MATRIX_WORKSPACE_ID=your-workspace-uuid + +# ====================== +# Matrix / Synapse Deployment +# ====================== +# Domains for Traefik routing to Matrix services +MATRIX_DOMAIN=matrix.example.com +ELEMENT_DOMAIN=chat.example.com + +# Synapse database (created automatically by synapse-db-init in the swarm compose) +SYNAPSE_POSTGRES_DB=synapse +SYNAPSE_POSTGRES_USER=synapse +SYNAPSE_POSTGRES_PASSWORD=REPLACE_WITH_SECURE_SYNAPSE_DB_PASSWORD + +# Image tags for Matrix services +SYNAPSE_IMAGE_TAG=latest +ELEMENT_IMAGE_TAG=latest # ====================== # Orchestrator Configuration @@ -363,11 +394,11 @@ AI_PROVIDER=ollama # For remote Ollama: http://your-ollama-server:11434 OLLAMA_MODEL=llama3.1:latest -# Claude API Configuration (when AI_PROVIDER=claude) -# OPTIONAL: Only required if AI_PROVIDER=claude +# Claude API Key +# Required by the orchestrator service in swarm deployment. +# Also used when AI_PROVIDER=claude for other services. # Get your API key from: https://console.anthropic.com/ -# Note: Claude Max subscription users should use AI_PROVIDER=ollama instead -# CLAUDE_API_KEY=sk-ant-... +CLAUDE_API_KEY=REPLACE_WITH_CLAUDE_API_KEY # OpenAI API Configuration (when AI_PROVIDER=openai) # OPTIONAL: Only required if AI_PROVIDER=openai @@ -405,6 +436,9 @@ TTS_PREMIUM_URL=http://chatterbox-tts:8881/v1 TTS_FALLBACK_ENABLED=false TTS_FALLBACK_URL=http://openedai-speech:8000/v1 +# Whisper model for Speaches STT engine +SPEACHES_WHISPER_MODEL=Systran/faster-whisper-large-v3-turbo + # Speech Service Limits # Maximum upload file size in bytes (default: 25MB) SPEECH_MAX_UPLOAD_SIZE=25000000 @@ -439,28 +473,6 @@ MOSAIC_TELEMETRY_INSTANCE_ID=your-instance-uuid-here # Useful for development and debugging telemetry payloads MOSAIC_TELEMETRY_DRY_RUN=false -# ====================== -# Matrix Dev Environment (docker-compose.matrix.yml overlay) -# ====================== -# These variables configure the local Matrix dev environment. -# Only used when running: docker compose -f docker/docker-compose.yml -f docker/docker-compose.matrix.yml up -# -# Synapse homeserver -# SYNAPSE_CLIENT_PORT=8008 -# SYNAPSE_FEDERATION_PORT=8448 -# SYNAPSE_POSTGRES_DB=synapse -# SYNAPSE_POSTGRES_USER=synapse -# SYNAPSE_POSTGRES_PASSWORD=synapse_dev_password -# -# Element Web client -# ELEMENT_PORT=8501 -# -# Matrix bridge connection (set after running docker/matrix/scripts/setup-bot.sh) -# MATRIX_HOMESERVER_URL=http://localhost:8008 -# MATRIX_ACCESS_TOKEN= -# MATRIX_BOT_USER_ID=@mosaic-bot:localhost -# MATRIX_SERVER_NAME=localhost - # ====================== # Logging & Debugging # ====================== diff --git a/docker-compose.yml b/docker-compose.yml index 0661a85..8350b37 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -27,9 +27,6 @@ services: start_period: 30s networks: - mosaic-internal - profiles: - - database - - full labels: - "com.mosaic.service=database" - "com.mosaic.description=PostgreSQL 17 with pgvector" @@ -58,9 +55,6 @@ services: start_period: 10s networks: - mosaic-internal - profiles: - - cache - - full labels: - "com.mosaic.service=cache" - "com.mosaic.description=Valkey Redis-compatible cache" @@ -384,6 +378,10 @@ services: MOSAIC_TELEMETRY_API_KEY: ${MOSAIC_TELEMETRY_API_KEY:-} MOSAIC_TELEMETRY_INSTANCE_ID: ${MOSAIC_TELEMETRY_INSTANCE_ID:-} MOSAIC_TELEMETRY_DRY_RUN: ${MOSAIC_TELEMETRY_DRY_RUN:-false} + # Frontend URLs (for CORS and auth redirects) + NEXT_PUBLIC_APP_URL: ${NEXT_PUBLIC_APP_URL:-http://localhost:3000} + NEXT_PUBLIC_API_URL: ${NEXT_PUBLIC_API_URL:-http://localhost:3001} + TRUSTED_ORIGINS: ${TRUSTED_ORIGINS:-} volumes: - openbao_init:/openbao/init:ro ports: