Skip to content

fix(docker): fix docker-compose startup failures for fresh installs #2422

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
enginer wants to merge 1 commit into
base: main
Choose a base branch
from
Open

fix(docker): fix docker-compose startup failures for fresh installs #2422

enginer wants to merge 1 commit into from
+61 −9

Conversation

@enginer
Copy link

@enginer enginer commented Feb 9, 2026
edited by sourcery-ai bot
Loading

Summary

Running docker-compose up on a fresh clone fails with multiple errors. This PR fixes all of them:

  • Remove dokploy-network external network dependency — The compose file references dokploy-network as an external network, but it doesn't exist by default. This causes docker-compose up to fail immediately on any fresh install. Services that referenced it: api, redis, evolution-postgres.

  • Fix evolution-manager frontend nginx crash — The evoapicloud/evolution-manager:latest image ships with an invalid gzip_proxied directive containing must-revalidate (a Cache-Control value, not a valid gzip_proxied option). This causes nginx to crash-loop on startup. Fix: add a corrected nginx.conf mounted as a volume override.

  • Add missing Postgres env vars to .env.example — The docker-compose.yaml references ${POSTGRES_DATABASE}, ${POSTGRES_USERNAME}, and ${POSTGRES_PASSWORD}, but these variables are missing from .env.example. This causes the postgres container to fail with POSTGRES_PASSWORD is not specified.

  • Fix DATABASE_CONNECTION_URI hostname — The connection string in .env.example uses postgres as the hostname, but the docker-compose service is named evolution-postgres. This causes the API to fail to connect to the database.

Changes

File Change
docker-compose.yaml Remove dokploy-network from all services and networks section
docker-compose.yaml Add nginx.conf volume mount for frontend service
nginx.conf New file — corrected nginx config (removed invalid must-revalidate from gzip_proxied)
.env.example Add POSTGRES_DATABASE, POSTGRES_USERNAME, POSTGRES_PASSWORD
.env.example Fix hostname: postgresevolution-postgres in DATABASE_CONNECTION_URI

Test plan

  • Clone repo fresh, copy .env.example to .env, run docker-compose up -d
  • All 4 containers should start without errors: api, frontend, redis, evolution-postgres
  • curl http://localhost:8080 returns welcome JSON
  • http://localhost:3000 loads the Evolution Manager frontend

🤖 Generated with Claude Code

Summary by Sourcery

Resolve docker-compose startup failures on fresh installs by adjusting networking, configuration, and environment defaults for the Evolution stack.

Bug Fixes:

  • Remove dependency on a non-existent external Docker network to allow services to start on fresh installs.
  • Add a custom nginx configuration for the frontend container to prevent nginx startup crashes caused by an invalid gzip directive.
  • Add missing Postgres environment variables to the example env file so the database container can initialize correctly.
  • Correct the database connection URI hostname in the example env file so the API can reach the Postgres service.

Enhancements:

  • Introduce a hardened nginx configuration for the Evolution Manager frontend with gzip compression, security headers, SPA routing, asset caching, and a health check endpoint.

@enginer @claude
fix(docker): fix docker-compose startup failures for fresh installs
5dd1845 
- Remove dokploy-network external network dependency that breaks
  docker-compose up on fresh installs without the network pre-created
- Fix evolution-manager frontend crash by adding nginx.conf with
  corrected gzip_proxied directive (removes invalid must-revalidate value)
- Add missing POSTGRES_DATABASE, POSTGRES_USERNAME, POSTGRES_PASSWORD
  to .env.example (required by docker-compose postgres service)
- Fix DATABASE_CONNECTION_URI hostname from postgres to evolution-postgres
  to match the docker-compose service name

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
@sourcery-ai
Copy link
Contributor

sourcery-ai bot commented Feb 9, 2026
edited
Loading

Reviewer's Guide

Fixes docker-compose startup on fresh installs by removing a non-existent external network, adding a custom nginx config for the frontend, and aligning environment variables and hostnames between .env.example and docker-compose services.

Flow diagram for HTTP requests through updated nginx and services

flowchart LR
    user["User browser"] -->|"http://localhost:3000"| fe_nginx["frontend service (nginx with custom nginx.conf)"]

    subgraph nginx_server["nginx.conf server block"]
        fe_nginx -->|"location / (SPA routing)"| spa["Serve index.html from /usr/share/nginx/html"]
        fe_nginx -->|"location ~* .(js|css|png|jpg|jpeg|gif|ico|svg|woff|woff2|ttf|eot)$"| static_assets["Serve cached static assets"]
        fe_nginx -->|"location ~* .html$"| html_cache["Serve cached HTML files"]
        fe_nginx -->|"location /health"| health["Return 200 'healthy' text response"]
    end

    user -->|"http://localhost:8080"| api["api service"]
    api -->|"Connect using DATABASE_CONNECTION_URI with host evolution-postgres"| pg["evolution-postgres (PostgreSQL)"]
    api -->|"Connect using Redis alias evolution-redis"| rds["redis service"]
Loading

File-Level Changes

Change Details Files
Remove dependency on non-existent external Docker network so docker-compose works on fresh installs.
  • Drop dokploy-network from all service network definitions that previously referenced it.
  • Remove dokploy-network from the networks section, leaving a single internal evolution-net network.
 docker-compose.yaml
Override the evolution-manager frontend container’s broken nginx configuration with a valid local config.
  • Add a read-only volume mount to inject ./nginx.conf into the frontend container at /etc/nginx/conf.d/nginx.conf.
  • Introduce a new nginx.conf with corrected gzip_proxied directive and basic SPA/static file handling, caching, and health-check endpoint.
 docker-compose.yaml
nginx.conf
Align database configuration between docker-compose and .env.example so Postgres and the API can start successfully.
  • Add missing POSTGRES_DATABASE, POSTGRES_USERNAME, and POSTGRES_PASSWORD variables to the example env file so Postgres has required credentials.
  • Correct DATABASE_CONNECTION_URI hostname from postgres to evolution-postgres to match the docker-compose service name.
 .env.example

Possibly linked issues

  • #: PR corrects DATABASE_CONNECTION_URI hostname and docker-compose setup so the API correctly reaches the Postgres container.
  • #(not specified): PR directly addresses Docker Compose startup failures on fresh installs, matching the user’s reported service start issue.
Tips and commands

Interacting with Sourcery

  • Trigger a new review: Comment @sourcery-ai review on the pull request.
  • Continue discussions: Reply directly to Sourcery's review comments.
  • Generate a GitHub issue from a review comment: Ask Sourcery to create an
    issue from a review comment by replying to it. You can also reply to a
    review comment with @sourcery-ai issue to create an issue from it.
  • Generate a pull request title: Write @sourcery-ai anywhere in the pull
    request title to generate a title at any time. You can also comment
    @sourcery-ai title on the pull request to (re-)generate the title at any time.
  • Generate a pull request summary: Write @sourcery-ai summary anywhere in
    the pull request body to generate a PR summary at any time exactly where you
    want it. You can also comment @sourcery-ai summary on the pull request to
    (re-)generate the summary at any time.
  • Generate reviewer's guide: Comment @sourcery-ai guide on the pull
    request to (re-)generate the reviewer's guide at any time.
  • Resolve all Sourcery comments: Comment @sourcery-ai resolve on the
    pull request to resolve all Sourcery comments. Useful if you've already
    addressed all the comments and don't want to see them anymore.
  • Dismiss all Sourcery reviews: Comment @sourcery-ai dismiss on the pull
    request to dismiss all existing Sourcery reviews. Especially useful if you
    want to start fresh with a new review - don't forget to comment
    @sourcery-ai review to trigger a new review!

Customizing Your Experience

Access your dashboard to:

  • Enable or disable review features such as the Sourcery-generated pull request
    summary, the reviewer's guide, and others.
  • Change the review language.
  • Add, remove or edit custom review instructions.
  • Adjust other review settings.

Getting Help

sourcery-ai[bot]
sourcery-ai bot reviewed Feb 9, 2026
View reviewed changes
Copy link
Contributor

@sourcery-ai sourcery-ai bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Hey - I've found 2 issues

Prompt for AI Agents 
Please address the comments from this code review:

## Individual Comments

### Comment 1
<location> `nginx.conf:26` </location>
<code_context>
+    add_header X-XSS-Protection "1; mode=block" always;
+    add_header X-Content-Type-Options "nosniff" always;
+    add_header Referrer-Policy "no-referrer-when-downgrade" always;
+    add_header Content-Security-Policy "default-src 'self' http: https: data: blob: 'unsafe-inline'" always;
+
+    # Handle client routing
</code_context>

<issue_to_address>
**🚨 issue (security):** CSP includes `unsafe-inline`, which largely defeats the protection CSP is meant to provide.

In `default-src`, this effectively disables CSP protections and leaves any injection point exploitable. Please tighten this by using nonces or hashes for required inline scripts/styles and removing `unsafe-inline`, or at minimum restrict it to `script-src`/`style-src` with a documented justification.
</issue_to_address>

### Comment 2
<location> `nginx.conf:21-26` </location>
<code_context>
+
+    # Security headers
+    add_header X-Frame-Options "SAMEORIGIN" always;
+    add_header X-XSS-Protection "1; mode=block" always;
+    add_header X-Content-Type-Options "nosniff" always;
+    add_header Referrer-Policy "no-referrer-when-downgrade" always;
</code_context>

<issue_to_address>
**🚨 suggestion (security):** X-XSS-Protection is deprecated and can be removed in favor of relying on CSP.

Since most browsers now ignore this header and it can behave unpredictably in older ones, relying on your existing CSP is preferable and keeps the security configuration clearer and more accurate.

```suggestion
    # Security headers
    add_header X-Frame-Options "SAMEORIGIN" always;
    add_header X-Content-Type-Options "nosniff" always;
    add_header Referrer-Policy "no-referrer-when-downgrade" always;
    add_header Content-Security-Policy "default-src 'self' http: https: data: blob: 'unsafe-inline'" always;
```
</issue_to_address>
Sourcery is free for open source - if you like our reviews please consider sharing them ✨
Help me be more useful! Please click 👍 or 👎 on each comment and I'll use the feedback to improve your reviews.

nginx.conf
add_header X-XSS-Protection "1; mode=block" always;
add_header X-Content-Type-Options "nosniff" always;
add_header Referrer-Policy "no-referrer-when-downgrade" always;
add_header Content-Security-Policy "default-src 'self' http: https: data: blob: 'unsafe-inline'" always;
Copy link
Contributor

@sourcery-ai sourcery-ai bot Feb 9, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

🚨 issue (security): CSP includes unsafe-inline, which largely defeats the protection CSP is meant to provide.

In default-src, this effectively disables CSP protections and leaves any injection point exploitable. Please tighten this by using nonces or hashes for required inline scripts/styles and removing unsafe-inline, or at minimum restrict it to script-src/style-src with a documented justification.

nginx.conf
Comment on lines +21 to +26
# Security headers
add_header X-Frame-Options "SAMEORIGIN" always;
add_header X-XSS-Protection "1; mode=block" always;
add_header X-Content-Type-Options "nosniff" always;
add_header Referrer-Policy "no-referrer-when-downgrade" always;
add_header Content-Security-Policy "default-src 'self' http: https: data: blob: 'unsafe-inline'" always;
Copy link
Contributor

@sourcery-ai sourcery-ai bot Feb 9, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

🚨 suggestion (security): X-XSS-Protection is deprecated and can be removed in favor of relying on CSP.

Since most browsers now ignore this header and it can behave unpredictably in older ones, relying on your existing CSP is preferable and keeps the security configuration clearer and more accurate.

Suggested change
# Security headers
add_header X-Frame-Options "SAMEORIGIN" always;
add_header X-XSS-Protection "1; mode=block" always;
add_header X-Content-Type-Options "nosniff" always;
add_header Referrer-Policy "no-referrer-when-downgrade" always;
add_header Content-Security-Policy "default-src 'self' http: https: data: blob: 'unsafe-inline'" always;
# Security headers
add_header X-Frame-Options "SAMEORIGIN" always;
add_header X-Content-Type-Options "nosniff" always;
add_header Referrer-Policy "no-referrer-when-downgrade" always;
add_header Content-Security-Policy "default-src 'self' http: https: data: blob: 'unsafe-inline'" always;

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@sourcery-ai sourcery-ai[bot] sourcery-ai[bot] left review comments

At least 1 approving review is required to merge this pull request.

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@enginer