Compare commits
6 Commits
v3.0.14
...
418f3e0bb2
| Author | SHA1 | Date | |
|---|---|---|---|
| 418f3e0bb2 | |||
| 640e5616e9 | |||
| 22f3bf4bfc | |||
| 256f38d8fa | |||
| 9592cc663f | |||
| dba4b28380 |
@@ -15,7 +15,7 @@
|
||||
## Checklist
|
||||
- [ ] I have read the [Contributing Guidelines](https://github.com/mauriceboe/TREK/wiki/Contributing)
|
||||
- [ ] My branch is [up to date with `dev`](https://github.com/mauriceboe/TREK/wiki/Development-environment#3-keep-your-fork-up-to-date)
|
||||
- [ ] This PR targets the `dev` branch, not `main`
|
||||
- [ ] This PR targets the `dev` branch, not `main` *(wiki-only PRs are exempt)*
|
||||
- [ ] I have tested my changes locally
|
||||
- [ ] I have added/updated tests that prove my fix is effective or that my feature works
|
||||
- [ ] I have updated documentation if needed
|
||||
|
||||
@@ -32,6 +32,30 @@ jobs:
|
||||
const hasLabel = pull.labels.some(l => l.name === 'wrong-base-branch');
|
||||
if (!hasLabel) continue;
|
||||
|
||||
// Wiki-only PRs are exempt — clear label and skip
|
||||
const files = [];
|
||||
for (let page = 1; ; page++) {
|
||||
const { data } = await github.rest.pulls.listFiles({
|
||||
owner: context.repo.owner,
|
||||
repo: context.repo.repo,
|
||||
pull_number: pull.number,
|
||||
per_page: 100,
|
||||
page,
|
||||
});
|
||||
files.push(...data);
|
||||
if (data.length < 100) break;
|
||||
}
|
||||
const allWiki = files.length > 0 && files.every(f => f.filename.startsWith('wiki/'));
|
||||
if (allWiki) {
|
||||
await github.rest.issues.removeLabel({
|
||||
owner: context.repo.owner,
|
||||
repo: context.repo.repo,
|
||||
issue_number: pull.number,
|
||||
name: 'wrong-base-branch',
|
||||
});
|
||||
continue;
|
||||
}
|
||||
|
||||
const createdAt = new Date(pull.created_at);
|
||||
if (createdAt > twentyFourHoursAgo) continue; // grace period not over yet
|
||||
|
||||
|
||||
@@ -27,6 +27,33 @@ jobs:
|
||||
return;
|
||||
}
|
||||
|
||||
// Wiki-only PRs are exempt from branch enforcement
|
||||
const files = [];
|
||||
for (let page = 1; ; page++) {
|
||||
const { data } = await github.rest.pulls.listFiles({
|
||||
owner: context.repo.owner,
|
||||
repo: context.repo.repo,
|
||||
pull_number: prNumber,
|
||||
per_page: 100,
|
||||
page,
|
||||
});
|
||||
files.push(...data);
|
||||
if (data.length < 100) break;
|
||||
}
|
||||
const allWiki = files.length > 0 && files.every(f => f.filename.startsWith('wiki/'));
|
||||
if (allWiki) {
|
||||
console.log('All changed files are under wiki/ — skipping enforcement.');
|
||||
if (labels.includes('wrong-base-branch')) {
|
||||
await github.rest.issues.removeLabel({
|
||||
owner: context.repo.owner,
|
||||
repo: context.repo.repo,
|
||||
issue_number: prNumber,
|
||||
name: 'wrong-base-branch',
|
||||
});
|
||||
}
|
||||
return;
|
||||
}
|
||||
|
||||
// If the base was fixed, remove the label and let it through
|
||||
if (base !== 'main') {
|
||||
if (labels.includes('wrong-base-branch')) {
|
||||
|
||||
@@ -7,7 +7,7 @@ Thanks for your interest in contributing! Please read these guidelines before op
|
||||
1. **Ask in Discord first** — Before writing any code, pitch your idea in the `#github-pr` channel on our [Discord server](https://discord.gg/NhZBDSd4qW). We'll let you know if the PR is wanted and give direction. PRs that show up without prior discussion will be closed
|
||||
2. **One change per PR** — Keep it focused. Don't bundle unrelated fixes or refactors
|
||||
3. **No breaking changes** — Backwards compatibility is non-negotiable
|
||||
4. **Target the `dev` branch** — All PRs must be opened against `dev`, not `main`
|
||||
4. **Target the `dev` branch** — All PRs must be opened against `dev`, not `main`. Exception: PRs that only modify files under `wiki/` may target any branch
|
||||
5. **Match the existing style** — No reformatting, no linter config changes, no "while I'm here" cleanups
|
||||
6. **Tests** — Your changes must include tests. The project maintains 80%+ coverage; PRs that drop it will be closed
|
||||
7. **Branch up to date** — Your branch must be [up to date with `dev`](https://github.com/mauriceboe/TREK/wiki/Development-environment#3-keep-your-fork-up-to-date) before submitting a PR
|
||||
|
||||
@@ -1,5 +1,5 @@
|
||||
apiVersion: v2
|
||||
name: trek
|
||||
version: 3.0.14
|
||||
version: 3.0.15
|
||||
description: Minimal Helm chart for TREK app
|
||||
appVersion: "3.0.14"
|
||||
appVersion: "3.0.15"
|
||||
|
||||
@@ -1,12 +1,12 @@
|
||||
{
|
||||
"name": "trek-client",
|
||||
"version": "3.0.14",
|
||||
"version": "3.0.15",
|
||||
"lockfileVersion": 3,
|
||||
"requires": true,
|
||||
"packages": {
|
||||
"": {
|
||||
"name": "trek-client",
|
||||
"version": "3.0.14",
|
||||
"version": "3.0.15",
|
||||
"dependencies": {
|
||||
"@react-pdf/renderer": "^4.3.2",
|
||||
"axios": "^1.6.7",
|
||||
|
||||
@@ -1,6 +1,6 @@
|
||||
{
|
||||
"name": "trek-client",
|
||||
"version": "3.0.14",
|
||||
"version": "3.0.15",
|
||||
"private": true,
|
||||
"type": "module",
|
||||
"scripts": {
|
||||
|
||||
@@ -1,4 +1,5 @@
|
||||
PORT=3001 # Port to run the server on
|
||||
# HOST=0.0.0.0 # Bind address for the HTTP server. Only set this when running TREK from sources or via the Proxmox community script — never in Docker (the container handles binding).
|
||||
NODE_ENV=development # development = development mode; production = production mode
|
||||
# ENCRYPTION_KEY=<random-256-bit-hex> # Separate key for encrypting stored secrets (API keys, MFA, SMTP, OIDC, etc.)
|
||||
# Auto-generated and persisted to ./data/.encryption_key if not set.
|
||||
|
||||
@@ -1,12 +1,12 @@
|
||||
{
|
||||
"name": "trek-server",
|
||||
"version": "3.0.14",
|
||||
"version": "3.0.15",
|
||||
"lockfileVersion": 3,
|
||||
"requires": true,
|
||||
"packages": {
|
||||
"": {
|
||||
"name": "trek-server",
|
||||
"version": "3.0.14",
|
||||
"version": "3.0.15",
|
||||
"dependencies": {
|
||||
"@modelcontextprotocol/sdk": "^1.28.0",
|
||||
"archiver": "^6.0.1",
|
||||
|
||||
@@ -1,6 +1,6 @@
|
||||
{
|
||||
"name": "trek-server",
|
||||
"version": "3.0.14",
|
||||
"version": "3.0.15",
|
||||
"main": "src/index.ts",
|
||||
"scripts": {
|
||||
"start": "node --import tsx src/index.ts",
|
||||
|
||||
@@ -2222,6 +2222,13 @@ function runMigrations(db: Database.Database): void {
|
||||
db.prepare("INSERT OR REPLACE INTO app_settings (key, value) VALUES ('whitespace_migration_collision', 'true')").run();
|
||||
}
|
||||
},
|
||||
() => {
|
||||
db.exec(`CREATE TABLE IF NOT EXISTS schema_version_new (id INTEGER PRIMARY KEY AUTOINCREMENT,version INTEGER NOT NULL)`)
|
||||
db.exec(`INSERT INTO schema_version_new (version) SELECT version FROM schema_version`)
|
||||
db.exec(`DROP TABLE schema_version`)
|
||||
db.exec(`ALTER TABLE schema_version_new RENAME TO schema_version`)
|
||||
db.exec(`UPDATE app_settings SET value = '${process.env.APP_VERSION || '3.0.15'}' WHERE key = 'app_version'`);
|
||||
},
|
||||
];
|
||||
|
||||
if (currentVersion < migrations.length) {
|
||||
|
||||
@@ -20,8 +20,11 @@ const app = createApp();
|
||||
|
||||
import * as scheduler from './scheduler';
|
||||
|
||||
const PORT = process.env.PORT || 3001;
|
||||
const server = app.listen(PORT, () => {
|
||||
const PORT = Number(process.env.PORT) || 3001;
|
||||
const HOST = process.env.HOST;
|
||||
const APP_VERSION: string = process.env.APP_VERSION || (require('../package.json') as { version: string }).version;
|
||||
|
||||
const onListen = () => {
|
||||
const { logInfo: sLogInfo, logWarn: sLogWarn } = require('./services/auditLog');
|
||||
const LOG_LVL = (process.env.LOG_LEVEL || 'info').toLowerCase();
|
||||
const tz = process.env.TZ || Intl.DateTimeFormat().resolvedOptions().timeZone || 'UTC';
|
||||
@@ -29,7 +32,8 @@ const server = app.listen(PORT, () => {
|
||||
const banner = [
|
||||
'──────────────────────────────────────',
|
||||
' TREK API started',
|
||||
` Version ${process.env.APP_VERSION}`,
|
||||
` Version ${APP_VERSION}`,
|
||||
...(HOST ? [` Host: ${HOST}`] : []),
|
||||
` Port: ${PORT}`,
|
||||
` Environment: ${process.env.NODE_ENV?.toLowerCase() || 'development'}`,
|
||||
` Timezone: ${tz}`,
|
||||
@@ -57,7 +61,11 @@ const server = app.listen(PORT, () => {
|
||||
import('./websocket').then(({ setupWebSocket }) => {
|
||||
setupWebSocket(server);
|
||||
});
|
||||
});
|
||||
};
|
||||
|
||||
const server = HOST
|
||||
? app.listen(PORT, HOST, onListen)
|
||||
: app.listen(PORT, onListen);
|
||||
|
||||
// Graceful shutdown
|
||||
function shutdown(signal: string): void {
|
||||
|
||||
@@ -12,6 +12,8 @@ Open the **Budget** tab inside the trip planner. The tab is only visible when th
|
||||
|
||||
> **Admin:** Budget is an addon. Enable it in [Admin-Addons](Admin-Addons).
|
||||
|
||||

|
||||
|
||||
## Currency
|
||||
|
||||
Use the currency picker in the Budget toolbar to select one currency for the entire trip. 46 currencies are supported (EUR, USD, GBP, JPY, CHF, CZK, PLN, SEK, NOK, DKK, TRY, THB, AUD, CAD, NZD, BRL, MXN, INR, IDR, MYR, PHP, SGD, KRW, CNY, HKD, TWD, ZAR, AED, SAR, ILS, EGP, MAD, HUF, RON, BGN, HRK, ISK, RUB, UAH, BDT, LKR, VND, CLP, COP, PEN, ARS). All amounts are displayed in this currency.
|
||||
@@ -54,6 +56,8 @@ The **Persons** column behaves differently depending on the trip:
|
||||
- **Single-user trip** — enter a number of persons directly.
|
||||
- **Multi-member trip** — a member chip picker appears. Click the edit button to assign or remove members from an expense. Click an assigned member chip again to mark them as **paid** (the chip shows a green ring).
|
||||
|
||||

|
||||
|
||||
## Settlement calculator
|
||||
|
||||
When multiple members are assigned to expenses and there are outstanding debts between members, a collapsible **Settlement** section appears inside the total card. Click the section header to expand it. It shows the minimum number of transfers needed to settle all debts (using a greedy matching algorithm), including:
|
||||
@@ -61,6 +65,8 @@ When multiple members are assigned to expenses and there are outstanding debts b
|
||||
- Transfer flows: who pays whom and how much.
|
||||
- Net balances: each member's overall surplus or deficit.
|
||||
|
||||

|
||||
|
||||
## Budget summary
|
||||
|
||||
The right-hand column contains two widgets:
|
||||
|
||||
@@ -6,7 +6,7 @@ Thanks for your interest in contributing to TREK! Here are the guidelines for su
|
||||
|
||||
- **Ask in Discord first** — Before writing any code, pitch your idea in the `#github-pr` channel on our [Discord server](https://discord.gg/NhZBDSd4qW). We'll let you know if the PR is wanted and give direction. PRs without prior approval will be closed
|
||||
- **Check existing issues** — Look for open issues or discussions before starting work
|
||||
- **Target the `dev` branch** — All PRs must be opened against `dev`, not `main`
|
||||
- **Target the `dev` branch** — All PRs must be opened against `dev`, not `main`. Exception: PRs that only modify files under `wiki/` may target any branch
|
||||
- **One thing per PR** — Keep PRs focused on a single change. Don't bundle unrelated fixes
|
||||
|
||||
## Pull Request Guidelines
|
||||
|
||||
@@ -26,7 +26,7 @@ Items are sorted by their time or position index.
|
||||
|
||||

|
||||
|
||||
- **Add button** — click the **+** button inside an expanded day section to open an inline search panel; find the place and tap it to assign.
|
||||
- **Add button** — Click on the day and then click the **+** button inside an expanded day section to open an inline search panel; find the place and tap it to assign.
|
||||
|
||||

|
||||
|
||||
|
||||
@@ -127,7 +127,7 @@ git push origin fix/my-changes:dev
|
||||
git push origin dev
|
||||
```
|
||||
|
||||
Then open a Pull Request from your fork to `mauriceboe/TREK` targeting the `dev` branch.
|
||||
Then open a Pull Request from your fork to `mauriceboe/TREK` targeting the `dev` branch. If your PR only modifies files under `wiki/`, it is exempt from branch enforcement and may target any branch.
|
||||
|
||||
---
|
||||
|
||||
|
||||
@@ -16,6 +16,7 @@ Complete reference for all environment variables TREK reads.
|
||||
| Variable | Description | Default |
|
||||
|---|---|---|
|
||||
| `PORT` | Server port | `3000` |
|
||||
| `HOST` | Bind address for the HTTP server (e.g. `127.0.0.1`, `10.0.0.72`). **Source / Proxmox installs only** — do not set this in Docker or any containerized deployment. See note below. | all interfaces |
|
||||
| `NODE_ENV` | Environment (`production` / `development`) | `production` |
|
||||
| `ENCRYPTION_KEY` | At-rest encryption key — see resolution order below | auto |
|
||||
| `TZ` | Timezone for logs, reminders, and cron jobs (e.g. `Europe/Berlin`) | `UTC` |
|
||||
@@ -25,6 +26,22 @@ Complete reference for all environment variables TREK reads.
|
||||
| `ALLOW_INTERNAL_NETWORK` | Allow outbound requests to private/RFC-1918 IPs. Set `true` if Immich or other integrated services are on your local network. Loopback (`127.x`) and link-local (`169.254.x`) addresses remain blocked regardless. | `false` |
|
||||
| `APP_URL` | Public base URL (e.g. `https://trek.example.com`). Required when OIDC is enabled — must match the redirect URI registered with your IdP. Also used as the base URL for email notification links. | — |
|
||||
|
||||
### `HOST` — Source and Proxmox installs only
|
||||
|
||||
By default TREK binds to all network interfaces (`0.0.0.0`), which is the correct behaviour inside a container because Docker handles port exposure at the host level. Setting `HOST` overrides the bind address at the Node.js level.
|
||||
|
||||
**When to use it:** only when running TREK directly on a host (git sources or the [Proxmox community script](Install-Proxmox)) and you need to restrict which interface the server listens on — for example, to expose TREK only on a LAN interface while keeping it off the public-facing one.
|
||||
|
||||
**Never set `HOST` in Docker, Docker Compose, Helm, or Unraid deployments.** Use Docker's `-p <host-ip>:<host-port>:<container-port>` syntax or your orchestrator's port binding instead.
|
||||
|
||||
```
|
||||
# .env — source / Proxmox installs only
|
||||
HOST=10.0.0.72 # bind only on this LAN interface
|
||||
PORT=3001
|
||||
```
|
||||
|
||||
When `HOST` is set, the startup banner includes a `Host:` line confirming the bound address.
|
||||
|
||||
### `ENCRYPTION_KEY` — Resolution Order
|
||||
|
||||
`server/src/config.ts` resolves the encryption key in this order:
|
||||
|
||||
@@ -4,63 +4,7 @@ Production-ready setup using Docker Compose with security hardening enabled.
|
||||
|
||||
## Compose File
|
||||
|
||||
Create a `docker-compose.yml` with the following content (taken directly from the repository):
|
||||
|
||||
```yaml
|
||||
services:
|
||||
app:
|
||||
image: mauriceboe/trek:latest
|
||||
container_name: trek
|
||||
read_only: true
|
||||
security_opt:
|
||||
- no-new-privileges:true
|
||||
cap_drop:
|
||||
- ALL
|
||||
cap_add:
|
||||
- CHOWN
|
||||
- SETUID
|
||||
- SETGID
|
||||
tmpfs:
|
||||
- /tmp:noexec,nosuid,size=64m
|
||||
ports:
|
||||
- "3000:3000"
|
||||
environment:
|
||||
- NODE_ENV=production
|
||||
- PORT=3000
|
||||
- ENCRYPTION_KEY=${ENCRYPTION_KEY:-} # Recommended. Generate with: openssl rand -hex 32. If unset, falls back to data/.jwt_secret (existing installs) or auto-generates a key (fresh installs).
|
||||
- TZ=${TZ:-UTC} # Timezone for logs, reminders and scheduled tasks (e.g. Europe/Berlin)
|
||||
- LOG_LEVEL=${LOG_LEVEL:-info} # info = concise user actions; debug = verbose admin-level details
|
||||
# - DEFAULT_LANGUAGE=en # Default language on the login page for users with no saved preference. Browser/OS language is auto-detected first; this is the fallback. Supported: de, en, es, fr, hu, nl, br, cs, pl, ru, zh, zh-TW, it, ar
|
||||
- ALLOWED_ORIGINS=${ALLOWED_ORIGINS:-} # Comma-separated origins for CORS and email notification links
|
||||
# - FORCE_HTTPS=true # Optional. Enables HTTPS redirect, HSTS, CSP upgrade-insecure-requests, and secure cookies behind a TLS proxy
|
||||
# - COOKIE_SECURE=false # Escape hatch: force session cookies over plain HTTP even in production. Not recommended.
|
||||
# - TRUST_PROXY=1 # Trusted proxy count for X-Forwarded-For / X-Forwarded-Proto. Required for FORCE_HTTPS to work.
|
||||
# - ALLOW_INTERNAL_NETWORK=false # Set to true if Immich or other services are hosted on your local network (RFC-1918 IPs). Loopback and link-local addresses remain blocked regardless.
|
||||
# - APP_URL=https://trek.example.com # Public base URL — required when OIDC is enabled (must match the redirect URI registered with your IdP); also used as base URL for links in email notifications
|
||||
# - OIDC_ISSUER=https://auth.example.com # OpenID Connect provider URL
|
||||
# - OIDC_CLIENT_ID=trek # OpenID Connect client ID
|
||||
# - OIDC_CLIENT_SECRET=supersecret # OpenID Connect client secret
|
||||
# - OIDC_DISPLAY_NAME=SSO # Label shown on the SSO login button
|
||||
# - OIDC_ONLY=false # Set true to force SSO-only mode: disables password login and registration, overrides Admin > Settings toggles, cannot be changed at runtime
|
||||
# - OIDC_ADMIN_CLAIM=groups # OIDC claim used to identify admin users
|
||||
# - OIDC_ADMIN_VALUE=app-trek-admins # Value of the OIDC claim that grants admin role
|
||||
# - OIDC_SCOPE=openid email profile # Fully overrides the default. Add extra scopes as needed (e.g. add groups if using OIDC_ADMIN_CLAIM)
|
||||
# - OIDC_DISCOVERY_URL= # Override the OIDC discovery endpoint for providers with non-standard paths (e.g. Authentik)
|
||||
# - ADMIN_EMAIL=admin@trek.local # Initial admin e-mail — only used on first boot when no users exist
|
||||
# - ADMIN_PASSWORD=changeme # Initial admin password — only used on first boot when no users exist
|
||||
# - MCP_RATE_LIMIT=300 # Max MCP API requests per user per minute (default: 300)
|
||||
# - MCP_MAX_SESSION_PER_USER=20 # Max concurrent MCP sessions per user (default: 20)
|
||||
volumes:
|
||||
- ./data:/app/data
|
||||
- ./uploads:/app/uploads
|
||||
restart: unless-stopped
|
||||
healthcheck:
|
||||
test: ["CMD", "wget", "-qO-", "http://localhost:3000/api/health"]
|
||||
interval: 30s
|
||||
timeout: 10s
|
||||
retries: 3
|
||||
start_period: 15s
|
||||
```
|
||||
See https://github.com/mauriceboe/TREK/blob/main/docker-compose.yml
|
||||
|
||||
## Security Hardening Explained
|
||||
|
||||
@@ -81,6 +25,25 @@ The compose file ships with several hardening options enabled by default:
|
||||
| `./data` | `/app/data` | SQLite database, logs, `.jwt_secret`, `.encryption_key` |
|
||||
| `./uploads` | `/app/uploads` | Uploaded files (photos, documents, covers, avatars) |
|
||||
|
||||
### Named Volumes
|
||||
|
||||
The compose file above uses bind mounts (`./data`, `./uploads`). You can switch to Docker named volumes, which are fully managed by Docker and not tied to a specific host path. See the [Docker Compose volumes reference](https://docs.docker.com/reference/compose-file/volumes/) for all options.
|
||||
|
||||
```yaml
|
||||
services:
|
||||
app:
|
||||
# ... (rest of service config unchanged)
|
||||
volumes:
|
||||
- trek_data:/app/data
|
||||
- trek_uploads:/app/uploads
|
||||
|
||||
volumes:
|
||||
trek_data:
|
||||
trek_uploads:
|
||||
```
|
||||
|
||||
Docker creates the volumes automatically on first `docker compose up`. Use `docker volume ls` and `docker volume inspect` to manage them.
|
||||
|
||||
## Environment Variables
|
||||
|
||||
The compose file reads variables from a `.env` file placed alongside `docker-compose.yml`. At minimum, set:
|
||||
@@ -95,6 +58,23 @@ APP_URL=https://trek.example.com
|
||||
|
||||
Uncomment and fill in the OIDC, initial setup, or MCP variables as needed. For a full description of every variable, see [Environment-Variables](Environment-Variables).
|
||||
|
||||
## Image Tags
|
||||
|
||||
Three tag strategies are available:
|
||||
|
||||
| Tag | Example | Behavior |
|
||||
|---|---|---|
|
||||
| `latest` | `mauriceboe/trek:latest` | Always the newest release across all major versions |
|
||||
| Major version | `mauriceboe/trek:3` | Latest release pinned to that major version |
|
||||
| Full version | `mauriceboe/trek:3.0.15` | Exact release; never changes |
|
||||
|
||||
The compose file above uses `latest`. To pin, change the `image:` line:
|
||||
|
||||
```yaml
|
||||
image: mauriceboe/trek:3 # track major version 3
|
||||
image: mauriceboe/trek:3.0.15 # pin to exact release
|
||||
```
|
||||
|
||||
## Start TREK
|
||||
|
||||
```bash
|
||||
|
||||
@@ -34,6 +34,16 @@ Pass additional `-e` flags for timezone and CORS/email link support:
|
||||
|
||||
See [Environment-Variables](Environment-Variables) for the full list.
|
||||
|
||||
## Image Tags
|
||||
|
||||
| Tag | Example | Behavior |
|
||||
|---|---|---|
|
||||
| `latest` | `mauriceboe/trek:latest` | Always the newest release across all major versions |
|
||||
| Major version | `mauriceboe/trek:3` | Latest release pinned to that major version |
|
||||
| Full version | `mauriceboe/trek:3.0.15` | Exact release; never changes |
|
||||
|
||||
Replace `mauriceboe/trek:latest` in the run command with your chosen tag to pin to a major version or exact release.
|
||||
|
||||
## Volume Reference
|
||||
|
||||
| Volume | Container path | What lives there |
|
||||
@@ -43,6 +53,23 @@ See [Environment-Variables](Environment-Variables) for the full list.
|
||||
|
||||
Both volumes must survive container replacement — they are your persistent state. Never remove them before pulling a new image.
|
||||
|
||||
### Named Volumes
|
||||
|
||||
The run command above uses bind mounts (`./data`, `./uploads`). You can use Docker named volumes instead, which are fully managed by Docker and not tied to a host path:
|
||||
|
||||
```bash
|
||||
docker run -d \
|
||||
--name trek \
|
||||
-p 3000:3000 \
|
||||
-v trek_data:/app/data \
|
||||
-v trek_uploads:/app/uploads \
|
||||
-e ENCRYPTION_KEY=<your-32-byte-hex-key> \
|
||||
--restart unless-stopped \
|
||||
mauriceboe/trek:latest
|
||||
```
|
||||
|
||||
Docker creates `trek_data` and `trek_uploads` automatically on first run. Named volumes are easier to manage with `docker volume` commands and work better in some NAS or container-management environments.
|
||||
|
||||
## Health Check
|
||||
|
||||
The container exposes a health endpoint at:
|
||||
|
||||
@@ -0,0 +1,99 @@
|
||||
# Install: Portainer
|
||||
|
||||
Install TREK on Portainer using a Stack (Docker Compose).
|
||||
|
||||
## Prerequisite
|
||||
|
||||
Portainer must be installed and connected to your Docker environment. Use **Stacks** — it supports Docker Compose and gives you the full compose syntax including environment variables, volumes, and restart policies.
|
||||
|
||||
## Create a Stack
|
||||
|
||||

|
||||
|
||||
1. In Portainer, go to **Stacks → Add stack**.
|
||||
2. Give the stack a name (e.g. `trek`).
|
||||
3. Select **Web editor** and paste the compose file from [docker-compose.yml](https://github.com/mauriceboe/TREK/blob/main/docker-compose.yml).
|
||||
|
||||

|
||||
|
||||
4. Fill in the environment variables at the bottom of the page.
|
||||
|
||||

|
||||
|
||||
5. Click **Deploy the stack**.
|
||||
|
||||

|
||||
|
||||
## Compose Content
|
||||
|
||||
See https://github.com/mauriceboe/TREK/blob/main/docker-compose.yml
|
||||
|
||||
Set at minimum `ENCRYPTION_KEY`, `TZ`, and `APP_URL` in the **Environment variables** section of the stack editor. Generate an encryption key with:
|
||||
|
||||
```bash
|
||||
openssl rand -hex 32
|
||||
```
|
||||
|
||||
## Image Tags
|
||||
|
||||
Three tag strategies are available:
|
||||
|
||||
| Tag | Example | Behavior |
|
||||
|---|---|---|
|
||||
| `latest` | `mauriceboe/trek:latest` | Always the newest release across all major versions |
|
||||
| Major version | `mauriceboe/trek:3` | Latest release pinned to that major version |
|
||||
| Full version | `mauriceboe/trek:3.0.15` | Exact release; never changes |
|
||||
|
||||
Use `latest` or a major-version tag (e.g. `3`) if you want automatic updates on redeploy. Use a full version tag (e.g. `3.0.15`) if you want explicit control over which release runs.
|
||||
|
||||
## Updating
|
||||
|
||||
How you update depends on the tag you chose:
|
||||
|
||||
**`latest` or major-version tag** — In Portainer, open the stack, click **Redeploy**, enable the **Re-pull image and redeploy** switch, then confirm. Portainer will pull the newest matching image and recreate the container.
|
||||
|
||||

|
||||
|
||||
**Pinned full-version tag** — Edit the stack, change the tag in the `image:` line (e.g. `3.0.15` → `3.0.16`), then click **Update the stack**. No need to toggle the re-pull switch — a tag change forces a fresh pull.
|
||||
|
||||

|
||||
|
||||

|
||||
|
||||
> Back up your data before any update. Go to **Admin Panel → Backups** or copy your `./data` and `./uploads` directories. See [Backups](Backups).
|
||||
|
||||
## Volumes
|
||||
|
||||
| Stack-relative path | Container path | Contents |
|
||||
|---|---|---|
|
||||
| `./data` | `/app/data` | SQLite database, logs, encryption key |
|
||||
| `./uploads` | `/app/uploads` | Uploaded files (photos, documents, covers, avatars) |
|
||||
|
||||
Portainer resolves `./` relative to the stack's working directory. Confirm the paths under **Stack details** after deploying.
|
||||
|
||||
### Named Volumes
|
||||
|
||||
You can use Docker named volumes instead of bind mounts. Named volumes are fully managed by Docker and not tied to a host path — a good fit for Portainer where the working directory can vary. See the [Docker Compose volumes reference](https://docs.docker.com/reference/compose-file/volumes/) for all options.
|
||||
|
||||
Replace the `volumes:` block in the service and add a top-level declaration:
|
||||
|
||||
```yaml
|
||||
services:
|
||||
app:
|
||||
# ... (rest of service config unchanged)
|
||||
volumes:
|
||||
- trek_data:/app/data
|
||||
- trek_uploads:/app/uploads
|
||||
|
||||
volumes:
|
||||
trek_data:
|
||||
trek_uploads:
|
||||
```
|
||||
|
||||
Portainer lists named volumes under **Volumes** in the sidebar, where you can inspect or back them up.
|
||||
|
||||
## Next Steps
|
||||
|
||||
- [Environment-Variables](Environment-Variables) — full variable reference
|
||||
- [Reverse-Proxy](Reverse-Proxy) — HTTPS configuration
|
||||
- [Updating](Updating) — update strategies across all install methods
|
||||
@@ -78,6 +78,17 @@ The environment file is located at `/opt/trek/server/.env` inside the container.
|
||||
systemctl restart trek
|
||||
```
|
||||
|
||||
### Binding to a specific network interface
|
||||
|
||||
If your Proxmox host has multiple network interfaces and you want TREK to listen on only one of them, set the `HOST` variable in `/opt/trek/server/.env`:
|
||||
|
||||
```
|
||||
HOST=10.0.0.72 # bind only on this LAN interface
|
||||
PORT=3001
|
||||
```
|
||||
|
||||
> **Note:** `HOST` is only relevant for source-based and Proxmox installs. Do not use it in Docker or any containerised deployment.
|
||||
|
||||
See [Environment-Variables](Environment-Variables) for the full variable reference.
|
||||
|
||||
## Updating
|
||||
|
||||
@@ -6,13 +6,33 @@ How to update TREK to a newer version without losing data.
|
||||
|
||||
Back up your data first. Go to Admin Panel → Backups and create a manual backup, or copy your `./data` and `./uploads` directories to a safe location. See [Backups](Backups) for details.
|
||||
|
||||
## Image Tags
|
||||
|
||||
| Tag | Example | Behavior |
|
||||
|---|---|---|
|
||||
| `latest` | `mauriceboe/trek:latest` | Always the newest release across all major versions |
|
||||
| Major version | `mauriceboe/trek:3` | Latest release pinned to that major version |
|
||||
| Full version | `mauriceboe/trek:3.0.15` | Exact release; never changes |
|
||||
|
||||
Use `latest` or a major-version tag if you want updates on each redeploy. Use a full version tag for explicit control — update by changing the tag, not by re-pulling.
|
||||
|
||||
## Docker Compose (Recommended)
|
||||
|
||||
**`latest` or major-version tag:**
|
||||
|
||||
```bash
|
||||
docker compose pull && docker compose up -d
|
||||
```
|
||||
|
||||
This pulls the latest image and recreates the container with your existing volumes. Your data is untouched.
|
||||
This pulls the newest matching image and recreates the container with your existing volumes. Your data is untouched.
|
||||
|
||||
**Pinned full-version tag:**
|
||||
|
||||
Edit `docker-compose.yml`, update the tag in the `image:` line (e.g. `3.0.15` → `3.0.16`), then redeploy:
|
||||
|
||||
```bash
|
||||
docker compose up -d
|
||||
```
|
||||
|
||||
## Docker Run
|
||||
|
||||
@@ -63,6 +83,22 @@ To verify the update completed and check for errors:
|
||||
journalctl -u trek -n 50
|
||||
```
|
||||
|
||||
## Portainer
|
||||
|
||||
Open the **Stacks** list, click the TREK stack, then click **Redeploy**.
|
||||
|
||||
**`latest` or major-version tag** — enable the **Re-pull image and redeploy** switch before confirming. Portainer pulls the newest matching image and recreates the container.
|
||||
|
||||

|
||||
|
||||
**Pinned full-version tag** (e.g. `3.0.15`) — edit the stack, update the tag in the `image:` line, then click **Update the stack**. No re-pull switch needed; the tag change forces a fresh pull.
|
||||
|
||||

|
||||
|
||||

|
||||
|
||||
See [Install-Portainer](Install-Portainer) for the full installation walkthrough.
|
||||
|
||||
## Unraid
|
||||
|
||||
In the Unraid Docker tab, click the TREK container and select **Update**. Unraid will pull the latest image and restart with the same volumes.
|
||||
|
||||
@@ -6,6 +6,7 @@
|
||||
- [[Install: Helm|Install-Helm]]
|
||||
- [[Install: Proxmox VE (LXC)|Install-Proxmox]]
|
||||
- [[Install: Unraid|Install-Unraid]]
|
||||
- [[Install: Portainer|Install-Portainer]]
|
||||
- [[Reverse Proxy|Reverse-Proxy]]
|
||||
- [[Environment Variables|Environment-Variables]]
|
||||
- [[Updating]]
|
||||
|
||||
|
After Width: | Height: | Size: 666 KiB |
|
After Width: | Height: | Size: 410 KiB |
|
After Width: | Height: | Size: 222 KiB |
|
After Width: | Height: | Size: 71 KiB |
|
After Width: | Height: | Size: 55 KiB |
|
After Width: | Height: | Size: 94 KiB |
|
After Width: | Height: | Size: 79 KiB |
|
After Width: | Height: | Size: 153 KiB |
|
After Width: | Height: | Size: 75 KiB |
|
After Width: | Height: | Size: 86 KiB |