diff --git a/.env.local.example b/.env.local.example index 8cac0fbdd..24af1f2f5 100644 --- a/.env.local.example +++ b/.env.local.example @@ -13,6 +13,9 @@ DB_PORT=5432 DB_USERNAME=coolify DB_PASSWORD=password +REDIS_USERNAME=coolify +REDIS_PASSWORD=password + RAY_ENABLED=true # RAY_PORT= diff --git a/CHANGELOG.md b/CHANGELOG.md index 084bee846..b76317344 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -2,7 +2,7 @@ All notable changes to this project will be documented in this file. -## [5.0.0-alpha.1] – 2026-XX-XX +## [5.0.0-alpha.1] - 2026-XX-XX ### Release Highlights @@ -22,10 +22,12 @@ All notable changes to this project will be documented in this file. - - **Laravel Configurations:** - Changed hashing algorithm from `bcrypt` to `argon2id` for enhanced security - - Encrypt user sessions and expire inactive sessions after 24h + - Use Redis for sessions and expire inactive sessions after 24h + - Encrypt user sessions data - Redirect Laravel logs to `stderr` so they can be viewed in docker logs - Configured production logging to rotate automatically and keep only the last 10 days of logs to reduce disk usage - Changed production log level from `debug` to `warning` to reduce disk usage and avoid logging sensitive information + - Configured separate Redis connections for cache, jobs and sessions for easier debugging and separation - Updated all Laravel config files to the latest version and removed all unused config options - Changed license from `Apache-2.0` to `AGPL-3.0` @@ -35,7 +37,8 @@ All notable changes to this project will be documented in this file. ### Removed -- +- Session cleanup job as we now use Redis for sessions with a TTL +- A lot of legacy code, outdated configs and dependencies ### Fixed diff --git a/config/cache.php b/config/cache.php index 4cd7f7fd5..0372e30ec 100644 --- a/config/cache.php +++ b/config/cache.php @@ -16,7 +16,7 @@ return [ | */ - 'default' => env('CACHE_STORE', 'database'), + 'default' => env('CACHE_STORE', 'redis'), /* |-------------------------------------------------------------------------- @@ -44,65 +44,17 @@ return [ 'key' => env('SESSION_CACHE_KEY', '_cache'), ], - 'database' => [ - 'driver' => 'database', - 'connection' => env('DB_CACHE_CONNECTION'), - 'table' => env('DB_CACHE_TABLE', 'cache'), - 'lock_connection' => env('DB_CACHE_LOCK_CONNECTION'), - 'lock_table' => env('DB_CACHE_LOCK_TABLE'), - ], - 'file' => [ 'driver' => 'file', 'path' => storage_path('framework/cache/data'), 'lock_path' => storage_path('framework/cache/data'), ], - 'memcached' => [ - 'driver' => 'memcached', - 'persistent_id' => env('MEMCACHED_PERSISTENT_ID'), - 'sasl' => [ - env('MEMCACHED_USERNAME'), - env('MEMCACHED_PASSWORD'), - ], - 'options' => [ - // Memcached::OPT_CONNECT_TIMEOUT => 2000, - ], - 'servers' => [ - [ - 'host' => env('MEMCACHED_HOST', '127.0.0.1'), - 'port' => env('MEMCACHED_PORT', 11211), - 'weight' => 100, - ], - ], - ], - 'redis' => [ 'driver' => 'redis', 'connection' => env('REDIS_CACHE_CONNECTION', 'cache'), 'lock_connection' => env('REDIS_CACHE_LOCK_CONNECTION', 'default'), ], - - 'dynamodb' => [ - 'driver' => 'dynamodb', - 'key' => env('AWS_ACCESS_KEY_ID'), - 'secret' => env('AWS_SECRET_ACCESS_KEY'), - 'region' => env('AWS_DEFAULT_REGION', 'us-east-1'), - 'table' => env('DYNAMODB_CACHE_TABLE', 'cache'), - 'endpoint' => env('DYNAMODB_ENDPOINT'), - ], - - 'octane' => [ - 'driver' => 'octane', - ], - - 'failover' => [ - 'driver' => 'failover', - 'stores' => [ - 'database', - 'array', - ], - ], ], /* @@ -116,5 +68,5 @@ return [ | */ - 'prefix' => env('CACHE_PREFIX', Str::slug((string) env('APP_NAME', 'laravel')).'-cache-'), + 'prefix' => env('CACHE_PREFIX', Str::slug((string) env('APP_NAME', 'coolify')).'-cache-'), ]; diff --git a/config/database.php b/config/database.php index b06e8528b..e34a36a5d 100644 --- a/config/database.php +++ b/config/database.php @@ -108,13 +108,13 @@ return [ 'options' => [ 'cluster' => env('REDIS_CLUSTER', 'redis'), - 'prefix' => env('REDIS_PREFIX', Str::slug((string) env('APP_NAME', 'laravel')).'-database-'), + 'prefix' => env('REDIS_PREFIX', Str::slug((string) env('APP_NAME', 'coolify')).'-database-'), 'persistent' => env('REDIS_PERSISTENT', false), ], 'default' => [ 'url' => env('REDIS_URL'), - 'host' => env('REDIS_HOST', '127.0.0.1'), + 'host' => env('REDIS_HOST', 'coolify-redis'), 'username' => env('REDIS_USERNAME'), 'password' => env('REDIS_PASSWORD'), 'port' => env('REDIS_PORT', '6379'), @@ -125,9 +125,9 @@ return [ 'backoff_cap' => env('REDIS_BACKOFF_CAP', 1000), ], - 'cache' => [ + 'sessions' => [ 'url' => env('REDIS_URL'), - 'host' => env('REDIS_HOST', '127.0.0.1'), + 'host' => env('REDIS_HOST', 'coolify-redis'), 'username' => env('REDIS_USERNAME'), 'password' => env('REDIS_PASSWORD'), 'port' => env('REDIS_PORT', '6379'), @@ -137,5 +137,31 @@ return [ 'backoff_base' => env('REDIS_BACKOFF_BASE', 100), 'backoff_cap' => env('REDIS_BACKOFF_CAP', 1000), ], + + 'jobs' => [ + 'url' => env('REDIS_URL'), + 'host' => env('REDIS_HOST', 'coolify-redis'), + 'username' => env('REDIS_USERNAME'), + 'password' => env('REDIS_PASSWORD'), + 'port' => env('REDIS_PORT', '6379'), + 'database' => env('REDIS_CACHE_DB', '2'), + 'max_retries' => env('REDIS_MAX_RETRIES', 3), + 'backoff_algorithm' => env('REDIS_BACKOFF_ALGORITHM', 'decorrelated_jitter'), + 'backoff_base' => env('REDIS_BACKOFF_BASE', 100), + 'backoff_cap' => env('REDIS_BACKOFF_CAP', 1000), + ], + + 'cache' => [ + 'url' => env('REDIS_URL'), + 'host' => env('REDIS_HOST', 'coolify-redis'), + 'username' => env('REDIS_USERNAME'), + 'password' => env('REDIS_PASSWORD'), + 'port' => env('REDIS_PORT', '6379'), + 'database' => env('REDIS_CACHE_DB', '3'), + 'max_retries' => env('REDIS_MAX_RETRIES', 3), + 'backoff_algorithm' => env('REDIS_BACKOFF_ALGORITHM', 'decorrelated_jitter'), + 'backoff_base' => env('REDIS_BACKOFF_BASE', 100), + 'backoff_cap' => env('REDIS_BACKOFF_CAP', 1000), + ], ], ]; diff --git a/config/session.php b/config/session.php index 93a3f47e4..9decb6168 100644 --- a/config/session.php +++ b/config/session.php @@ -19,7 +19,7 @@ return [ | */ - 'driver' => env('SESSION_DRIVER', 'database'), + 'driver' => env('SESSION_DRIVER', 'redis'), /* |-------------------------------------------------------------------------- @@ -33,7 +33,7 @@ return [ | */ - 'lifetime' => (int) env('SESSION_LIFETIME', 120), + 'lifetime' => (int) env('SESSION_LIFETIME', 1440), 'expire_on_close' => env('SESSION_EXPIRE_ON_CLOSE', false), @@ -50,19 +50,6 @@ return [ 'encrypt' => env('SESSION_ENCRYPT', true), - /* - |-------------------------------------------------------------------------- - | Session File Location - |-------------------------------------------------------------------------- - | - | When utilizing the "file" session driver, the session files are placed - | on disk. The default storage location is defined here; however, you - | are free to provide another location where they should be stored. - | - */ - - 'files' => storage_path('framework/sessions'), - /* |-------------------------------------------------------------------------- | Session Database Connection @@ -74,20 +61,7 @@ return [ | */ - 'connection' => env('SESSION_CONNECTION'), - - /* - |-------------------------------------------------------------------------- - | Session Database Table - |-------------------------------------------------------------------------- - | - | When using the "database" session driver, you may specify the table to - | be used to store sessions. Of course, a sensible default is defined - | for you; however, you're welcome to change this to another table. - | - */ - - 'table' => env('SESSION_TABLE', 'sessions'), + 'connection' => env('SESSION_CONNECTION', 'sessions'), /* |-------------------------------------------------------------------------- @@ -102,7 +76,7 @@ return [ | */ - 'store' => env('SESSION_STORE'), + 'store' => env('SESSION_STORE', 'redis'), /* |-------------------------------------------------------------------------- @@ -130,7 +104,7 @@ return [ 'cookie' => env( 'SESSION_COOKIE', - Str::slug((string) env('APP_NAME', 'laravel')).'-session', + Str::slug((string) env('APP_NAME', 'coolify')).'-session', ), /*