fix(docker): ensure correct permissions for PostgreSQL directories

Ensure that PGDATA, /run/postgresql, and /var/log/postgresql are owned by the postgres user to prevent volume permission issues during container startup.
fix(ui): enable IPv6 listening in nginx configuration
2026-06-03 20:12:58 +00:00 · 2026-05-21 14:46:57 +02:00 · 2026-05-21 14:16:11 +02:00 · 2026-05-21 13:21:19 +02:00
6 changed files with 158 additions and 146 deletions
@@ -1,13 +1,14 @@
-# Trackeep Configuration for Casa OS
+# Trackeep All-in-One Configuration
-# Only required variables - everything else is auto-configured
+# PostgreSQL is bundled inside the container — no external database needed.
 # Everything below is optional; the container auto-generates sensible defaults.
-# Host port for the application (default: 8080)
+# Host port mapping (default: 8080)
 HOST_PORT=8080
-# Database Configuration
+# Database credentials (auto-generated if left empty)
-DB_PASSWORD=your_secure_password_here
+# DB_PASSWORD=your_secure_password_here
-DB_USER=trackeep
+# DB_USER=trackeep
-DB_NAME=trackeep
+# DB_NAME=trackeep
-# JWT Secret (generate with: openssl rand -hex 32)
+# JWT Secret (auto-generated and persisted in /data if left empty)
-JWT_SECRET=your_jwt_secret_here_64_hex_characters_long_exactly
+# JWT_SECRET=your_jwt_secret_here_64_hex_characters_long_exactly
@@ -20,8 +20,12 @@ RUN CGO_ENABLED=0 GOOS=linux go build -a -installsuffix cgo -o main .
 # Stage 3: Final unified image
 FROM alpine:latest
-# Install dependencies
+# Install dependencies including PostgreSQL
-RUN apk --no-cache add ca-certificates tzdata nginx
+RUN apk --no-cache add ca-certificates tzdata nginx postgresql postgresql-contrib
 # Create postgres user directories and fix permissions
 RUN mkdir -p /var/lib/postgresql/data /run/postgresql /var/log/postgresql && \
    chown -R postgres:postgres /var/lib/postgresql /run/postgresql /var/log/postgresql
 # Copy backend binary and migrations
 COPY --from=backend-builder /app/backend/main /app/main
@@ -45,10 +49,10 @@ RUN mkdir -p /app/uploads /data /var/log/nginx
 EXPOSE 8080
 # Health check
-HEALTHCHECK --interval=30s --timeout=10s --start-period=40s --retries=3 \
+HEALTHCHECK --interval=30s --timeout=10s --start-period=60s --retries=3 \
    CMD wget --no-verbose --tries=1 --spider http://localhost:8080/health || exit 1
-# Start script to run both backend and nginx
+# Start script to run PostgreSQL, backend and nginx
 COPY docker-entrypoint.sh /docker-entrypoint.sh
 RUN chmod +x /docker-entrypoint.sh
@@ -33,34 +33,23 @@
 ## 🚀 Quick Start
-### One-Command Deployment (GHCR Image - Recommended for Casa OS)
+### One-Command Deployment (Docker Run)
 PostgreSQL is bundled inside the image. Zero external dependencies.
 ```bash
 docker run -d \
  --name trackeep \
  -p 8080:8080 \
-  -e DB_PASSWORD=your_password \
+  -e DB_PASSWORD=your_secure_password \
-  -e DB_USER=trackeep \
+  -e JWT_SECRET=$(openssl rand -hex 32) \
-  -e DB_NAME=trackeep \
+  -v trackeep_postgres:/var/lib/postgresql/data \
-  -e JWT_SECRET=your_jwt_secret \
+  -v trackeep_uploads:/app/uploads \
  -v trackeep_data:/data \
  ghcr.io/dvorinka/trackeep:latest
 ```
-**Note**: This requires an external PostgreSQL database. For a complete deployment with the database included, use Docker Compose below.
+### CasaOS / Docker Compose (Copy-Paste Ready)
 ### Production Deployment with Docker Compose
 ```bash
 git clone https://github.com/dvorinka/trackeep.git
 cd trackeep
 cp .env.example .env
 # Edit .env file with your configuration
 docker compose up -d
 ```
 The setup uses a unified Docker image with frontend and backend in a single container.
 **Complete docker-compose.yml**:
 ```yaml
 icon: https://github.com/Dvorinka/Trackeep/raw/main/trackeepfavi_bg.png
@@ -68,78 +57,47 @@ icon: https://github.com/Dvorinka/Trackeep/raw/main/trackeepfavi_bg.png
 services:
  trackeep:
    image: ghcr.io/dvorinka/trackeep:latest
    container_name: trackeep
    ports:
      - "${HOST_PORT:-8080}:8080"
    env_file:
      - .env
    environment:
-      - BACKEND_PORT=8080
+      DB_PASSWORD: ${DB_PASSWORD:-}
-      - DB_HOST=postgres
+      DB_USER: ${DB_USER:-trackeep}
-      - DB_PORT=5432
+      DB_NAME: ${DB_NAME:-trackeep}
-      - GIN_MODE=release
+      JWT_SECRET: ${JWT_SECRET:-}
      GIN_MODE: release
    volumes:
-      - ./uploads:/app/uploads
+      - trackeep_postgres:/var/lib/postgresql/data
-      - ./data:/data
+      - trackeep_uploads:/app/uploads
      - trackeep_data:/data
    restart: unless-stopped
    depends_on:
      postgres:
        condition: service_healthy
  postgres:
    image: postgres:15-alpine
    environment:
      POSTGRES_DB: ${DB_NAME:-trackeep}
      POSTGRES_USER: ${DB_USER:-trackeep}
      POSTGRES_PASSWORD: ${DB_PASSWORD}
    volumes:
      - postgres_data:/var/lib/postgresql/data
    restart: unless-stopped
    healthcheck:
      test: ["CMD-SHELL", "pg_isready -U ${DB_USER:-trackeep} -d ${DB_NAME:-trackeep}"]
      interval: 10s
      timeout: 5s
      retries: 5
      start_period: 30s
 volumes:
-  postgres_data:
+  trackeep_postgres:
  trackeep_uploads:
  trackeep_data:
 ```
-### Service Architecture
+**Why this is CasaOS-ready:**
 - **Single service** — PostgreSQL runs inside the same container
 - **No `BACKEND_PORT`** — internal backend runs on 8081, only port 8080 is exposed
 - **Named volumes** — CasaOS handles them automatically
 - **Optional env vars** — if `DB_PASSWORD` or `JWT_SECRET` are empty, the container auto-generates them
 - **Icon header** — CasaOS reads the `icon:` field for the app tile
-Trackeep deployment consists of **2 services**:
+### Optional Environment Variables
-#### **🎯 Trackeep Service (Unified)**
+All variables have sensible defaults. Only override what you need:
 - **Image**: Built from unified Dockerfile (frontend + backend in one)
 - **Ports**: `${HOST_PORT:-8080}:8080`
 - **Purpose**: Web interface, API server, and business logic combined
 - **Health**: HTTP health check endpoint
 - **Auto-configuration**: Frontend automatically connects to backend via nginx proxy
 #### **🗄️ Database Service**
 - **Image**: `postgres:15-alpine`
 - **Purpose**: Data persistence and storage
 - **Health**: PostgreSQL readiness check
 - **Storage**: Persistent volume for data
 ### Required Environment Variables
 Create a `.env` file from the provided `.env.example` and configure these required variables:
 ```env
 # Host port for the application (default: 8080)
 HOST_PORT=8080
-
+DB_PASSWORD=your_secure_password_here   # auto-generated if empty
 # Database Configuration
 DB_PASSWORD=your_secure_password_here
 DB_USER=trackeep
 DB_NAME=trackeep
-
+JWT_SECRET=your_jwt_secret_here         # auto-generated & persisted if empty
 # JWT Secret (generate with: openssl rand -hex 32)
 JWT_SECRET=your_jwt_secret_here_64_hex_characters_long_exactly
 ```
-**Note**: The frontend automatically connects to the backend via nginx proxy - no VITE_API_URL or additional configuration needed.
+**Note:** The frontend automatically connects to the backend via nginx proxy — no `VITE_API_URL` or additional configuration needed.
 ### AI Services Configuration
@@ -404,25 +362,15 @@ DISABLE_CHINESE_AI=true
   cd Trackeep
   ```
-2. **Configure environment**
+2. **Start the container**
   ```bash
   cp .env.example .env
   # Edit .env with your configuration
   ```
 3. **Start all services**
   ```bash
   # Using the startup script
   ./start.sh
   # Or manually with Docker Compose
   docker compose up -d
   ```
-4. **Access the application**
+3. **Access the application**
-   - Application: http://localhost:${HOST_PORT:-8080}
+   - Application: http://localhost:8080
-   - Health Check: http://localhost:${HOST_PORT:-8080}/health
+   - Health Check: http://localhost:8080/health
-   - API: http://localhost:${HOST_PORT:-8080}/api/
+   - API: http://localhost:8080/api/
 ### Demo Login
 - Email: `demo@trackeep.com`
@@ -489,22 +437,22 @@ Additional documentation files:
 ### Environment Variables
-Key environment variables to configure:
+Only override what you need — everything else auto-configures:
 ```bash
 # Host port for the application
 HOST_PORT=8080
-# Database Configuration
+# Database credentials (auto-generated if omitted)
 DB_PASSWORD=your_secure_password_here
 DB_USER=trackeep
 DB_NAME=trackeep
-# JWT Configuration (generate with: openssl rand -hex 32)
+# JWT Secret (auto-generated & persisted if omitted)
 JWT_SECRET=your_jwt_secret_here_64_hex_characters_long_exactly
 ```
-**Note**: All other configuration has sensible defaults. The frontend automatically connects to the backend via nginx proxy - no additional API URL configuration needed.
+**Note:** All other configuration has sensible defaults. The frontend automatically connects to the backend via nginx proxy — no additional API URL configuration needed.
 ## Contributing
@@ -1,39 +1,31 @@
 icon: https://github.com/Dvorinka/Trackeep/raw/main/trackeepfavi_bg.png
 services:
  trackeep:
-    build:
+    image: ghcr.io/dvorinka/trackeep:latest
-      context: .
+    container_name: trackeep
      dockerfile: Dockerfile
    ports:
      - "${HOST_PORT:-8080}:8080"
    env_file:
      - .env
    environment:
-      - DB_HOST=postgres
+      DB_PASSWORD: ${DB_PASSWORD:-}
-      - DB_PORT=5432
+      DB_USER: ${DB_USER:-trackeep}
-      - GIN_MODE=release
+      DB_NAME: ${DB_NAME:-trackeep}
      JWT_SECRET: ${JWT_SECRET:-}
      GIN_MODE: release
      CORS_ALLOWED_ORIGINS: ${CORS_ALLOWED_ORIGINS:-*}
    volumes:
-      - ./uploads:/app/uploads
+      - trackeep_postgres:/var/lib/postgresql/data
-      - ./data:/data
+      - trackeep_uploads:/app/uploads
-    restart: unless-stopped
+      - trackeep_data:/data
    depends_on:
      postgres:
        condition: service_healthy
  postgres:
    image: postgres:15-alpine
    environment:
      POSTGRES_DB: ${DB_NAME:-trackeep}
      POSTGRES_USER: ${DB_USER:-trackeep}
      POSTGRES_PASSWORD: ${DB_PASSWORD}
    volumes:
      - postgres_data:/var/lib/postgresql/data
    restart: unless-stopped
    healthcheck:
-      test: ["CMD-SHELL", "pg_isready -U ${DB_USER:-trackeep} -d ${DB_NAME:-trackeep}"]
+      test: ["CMD", "wget", "--no-verbose", "--tries=1", "--spider", "http://localhost:8080/health"]
-      interval: 10s
+      interval: 30s
-      timeout: 5s
+      timeout: 10s
-      retries: 5
+      retries: 3
-      start_period: 30s
+      start_period: 60s
 volumes:
-  postgres_data:
+  trackeep_postgres:
  trackeep_uploads:
  trackeep_data:
@@ -1,24 +1,90 @@
 #!/bin/sh
-# Unified entrypoint for Trackeep
+# All-in-one entrypoint for Trackeep
-# Starts both backend and nginx in one container
+# Initializes and starts PostgreSQL, then backend + nginx
 set -e
-# Backend configuration
+PGDATA=${PGDATA:-/var/lib/postgresql/data}
 # Auto-generate DB_PASSWORD if not provided
 if [ -z "$DB_PASSWORD" ]; then
    DB_PASSWORD=$(tr -dc 'a-zA-Z0-9' < /dev/urandom | head -c 32)
    echo "========================================"
    echo "WARNING: DB_PASSWORD was not set."
    echo "Auto-generated password: $DB_PASSWORD"
    echo "Set DB_PASSWORD explicitly to keep it stable across restarts."
    echo "========================================"
 fi
 DB_USER=${DB_USER:-trackeep}
 DB_NAME=${DB_NAME:-trackeep}
 # Ensure PostgreSQL directories are owned by postgres (fixes volume permission issues)
 mkdir -p "$PGDATA" /run/postgresql /var/log/postgresql
 chown -R postgres:postgres "$PGDATA" /run/postgresql /var/log/postgresql
 # Initialize PostgreSQL if data directory is empty
 if [ ! -f "$PGDATA/PG_VERSION" ]; then
    echo "Initializing PostgreSQL database cluster..."
    su -s /bin/sh postgres -c "initdb -D $PGDATA --auth-local=trust --auth-host=md5"
    # Allow local TCP connections
    echo "host all all 127.0.0.1/32 md5" >> "$PGDATA/pg_hba.conf"
    echo "host all all ::1/128 md5"     >> "$PGDATA/pg_hba.conf"
    # Start postgres temporarily to create user and database
    su -s /bin/sh postgres -c "pg_ctl -D $PGDATA -l /var/log/postgresql/server.log start"
    # Wait until postgres accepts connections
    echo "Waiting for PostgreSQL to accept connections..."
    for i in $(seq 1 30); do
        if su -s /bin/sh postgres -c "pg_isready -q"; then
            break
        fi
        sleep 1
    done
    # Create role and database
    su -s /bin/sh postgres -c "psql -c \"CREATE USER \\\"$DB_USER\\\" WITH PASSWORD '$DB_PASSWORD';\""
    su -s /bin/sh postgres -c "psql -c \"CREATE DATABASE \\\"$DB_NAME\\\" OWNER \\\"$DB_USER\\\";\""
    su -s /bin/sh postgres -c "pg_ctl -D $PGDATA stop"
    echo "PostgreSQL initialized."
 fi
 # Start PostgreSQL
 echo "Starting PostgreSQL..."
 su -s /bin/sh postgres -c "pg_ctl -D $PGDATA -l /var/log/postgresql/server.log start"
 # Wait for PostgreSQL to be ready
 echo "Waiting for PostgreSQL to be ready..."
 for i in $(seq 1 30); do
    if su -s /bin/sh postgres -c "pg_isready -q"; then
        echo "PostgreSQL is ready."
        break
    fi
    echo "Waiting for PostgreSQL... ($i/30)"
    sleep 1
 done
 # Backend connects to the bundled local PostgreSQL
 export BACKEND_PORT=8081
-export DB_HOST=${DB_HOST:-postgres}
+export DB_HOST=localhost
-export DB_PORT=${DB_PORT:-5432}
+export DB_PORT=5432
-export DB_NAME=${DB_NAME:-trackeep}
+export DB_NAME="$DB_NAME"
-export DB_USER=${DB_USER:-trackeep}
+export DB_USER="$DB_USER"
-export DB_PASSWORD=${DB_PASSWORD}
+export DB_PASSWORD="$DB_PASSWORD"
-export JWT_SECRET=${JWT_SECRET}
+export DB_SSL_MODE=disable
 export JWT_SECRET=${JWT_SECRET:-}
 export GIN_MODE=${GIN_MODE:-release}
 export CORS_ALLOWED_ORIGINS=${CORS_ALLOWED_ORIGINS:-*}
 # Start backend in background
 cd /app
 echo "Starting Trackeep backend on port ${BACKEND_PORT}..."
 ./main &
 BACKEND_PID=$!
 # Wait for backend to be ready
 echo "Waiting for backend to be ready..."
@@ -31,6 +97,6 @@ for i in $(seq 1 30); do
    sleep 2
 done
-# Start nginx
+# Start nginx in foreground (keeps container alive)
-echo "Starting nginx..."
+echo "Starting nginx on port 8080..."
 nginx -g "daemon off;"
@@ -40,6 +40,7 @@ http {
    server {
        listen 8080;
        listen [::]:8080;
        server_name localhost;
        root /usr/share/nginx/html;
        index index.html;