If the scheduler is not docker-local, we will assume that a separate plugin trigger will pull access/error logs on our behalf. For k3s, the naive implementation is to pull logs from a single container (multiple ingress-nginx pods will be supported in a future release).
Closes#7268
Previously, we would always set the port mapping during a dockerfile build, making it difficult for users to override mappings. We also only _sometimes_ updated the detected port mapping, further confusing issues when users were migrating from Dockerfile to Buildpacks for builds.
Now, we always detect the port mapping during the build process, and only use that detected port mapping if an override is not specified. This greatly simplifies the experience around port mapping, as now a user can create an app, set a port mapping, and that first deploy will respect the port mapping without an additional deploy.
The builder always has the best context for what the app should be listening on, and thus we can always specify a "default" port mapping at this stage. Users can override this map as desired later.
This change also results in the removal of a ton of internal code that is now centralized in the ports plugin.
Closes#4067
This will allow users to switch to a docker label-based nginx proxy server transparently without rebuilds (after the first one), which would mimic how the caddy, haproxy, and traefik proxy implementations work.
See https://github.com/dokku/nginx-docker-proxy for an example server implementation.
The shorthand is more prevalent in this codebase, and is something that bash supports, so we should just use the same thing everywhere.
Note that we do not use shorthand redirect in Makefile as shell parsing is a bit different in Make and the shorthand redirect doesn't seem to be properly supported, causing CI errors.
This makes standard use of shellcheck work without needing to provide extra configuration anywhere.
Also remove use of inline 'shellcheck disable' calls that are already defined in the .shellcheckrc and don't need to be set inline.
The URLS file is no longer necessary as urls are now generated directly from the app VHOST file.
This also moves all the url generation logic to the domains plugin.
The previous method was a bit more difficult for users to interact with as they needed to ensure the file was at a certain path in the built image. This change divorces the file from the built artifact, better aligning the nginx.conf.sigil handling with the rest of Dokku's monorepo support.
A side effect of this is now building proxy configurations does not require access to the built image.
Closes#5207
This fixes issues where users may somehow add an https mapping but are missing an ssl certificate, causing nginx to not load properly. We now ignore the mapping and warn users of the misconfiguration.
Closes#5368
Some things must pull *all* apps vs filtered apps (mostly things that write out config files or install triggers). Using an unflitered list is best.
Also, we default to filtering, which should be what most usage needs.
Before restarting nginx, check if the current app is using a proxy and if the selected proxy is in fact NGINX. Only then should we bother invoking the nginx reload.
Fixes https://github.com/dokku/dokku/issues/4987
This makes the installation a bit more secure by ensuring a user does not accidentally expose a way for unauthorized users to add new ssh keys to the system.
Additionally, this removes the extra HOSTNAME file to make the initial install process easier (that file was not modifiable by any dokku commands.
Closes#2247
This is useful when there is a service not managed by Dokku but should be exposed via the Dokku routing layer. As an example, some binaries (consul, nomad, vault) expose web uis, and are traditionally run on the host directly vs in a container.
Closes#4665
GLOBAL_VHOST_PATH and GLOBAL_VHOST_FILE were used to represent the same
thing. Same for APP_URLS_PATH and APP_VHOST_PATH.
This normalizes all of those to _PATH.
