Self hosting with docker

[ThibautGrx]

Summary by CodeRabbit

• Documentation
  • Added a comprehensive “Self-Hosting with Docker on VPS” guide.
  • Updated README with a new subsection linking to the Docker guide and minor formatting.
• Chores
  • Added NEXT_PUBLIC_BASE_URL to apps/web/.env.example to surface the public frontend base URL configuration.
• Style
  • Added a trailing newline to the production Dockerfile.

[jit-ci]

Hi, I’m Jit, a friendly security platform designed to help developers build secure applications from day zero with an MVS (Minimal viable security) mindset.

In case there are security findings, they will be communicated to you as a comment inside the PR.

Hope you’ll enjoy using Jit.

Questions? Comments? Want to learn more? Get in touch with us.

[coderabbitai]

Note

Other AI code review bot(s) detected

CodeRabbit has detected other AI code review bot(s) in this pull request and will avoid duplicating their findings in the review comments. This may lead to a less comprehensive review.

Walkthrough

Introduces a new Docker self-hosting guide under docs, links it from README, adds NEXT_PUBLIC_BASE_URL to apps/web/.env.example, and adds a trailing newline to docker/Dockerfile.prod. No runtime logic or functional changes.

Changes

Cohort / File(s)	Summary
Documentation additions README.md, docs/hosting/docker.md	Adds a “Self-Hosting with Docker on VPS” subsection in README and a new detailed guide at docs/hosting/docker.md covering setup, build/deploy, migrations, Nginx, SSL, updates, and monitoring.
Environment configuration apps/web/.env.example	Adds NEXT_PUBLIC_BASE_URL=http://localhost:3000 to the example env file; no other changes.
Dockerfile formatting docker/Dockerfile.prod	Adds a trailing newline; no functional modifications.

Estimated code review effort

🎯 2 (Simple) | ⏱️ ~10 minutes

Possibly related PRs

• Fix dockerfile #694 — Adjusts Docker/self-hosting handling for NEXT_PUBLIC_BASE_URL, matching the new env example and docs.
• Update migrations #638 — Switches auth client usage to NEXT_PUBLIC_BASE_URL, directly related to the newly documented/env-configured variable.
• feat: Add Docker build and publish CI for web app #418 — Modifies docker/Dockerfile.prod in production build context, touching the same file altered here.

Pre-merge checks (2 passed, 1 inconclusive)

❌ Failed checks (1 inconclusive)

Check name	Status	Explanation	Resolution
Description Check	❓ Inconclusive	The pull request lacks a descriptive summary in its description field, which makes the rationale and context of the changes unclear to reviewers.	Please add a clear description that summarizes the changes made, including the new Docker self-hosting guide, environment variable addition, and any other relevant details.

✅ Passed checks (2 passed)

Check name	Status	Explanation
Title Check	✅ Passed	The title succinctly and accurately describes the primary change of adding self-hosting with Docker documentation, making it clear and specific for reviewers and future readers.
Docstring Coverage	✅ Passed	No functions found in the changes. Docstring coverage check skipped.

Poem

I thump my paws on VPS ground,
A Docker waltz, containers sound.
A BASE_URL nibble, neat and small,
New docs to guide us, one and all.
With Nginx moons and SSL stars—
I hop-deploy to shipping mars. 🐇🚀

✨ Finishing Touches

🧪 Generate unit tests

• Create PR with unit tests
• Post copyable unit tests in a comment

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[CLAassistant]

All committers have signed the CLA.

[vercel]

@ThibautGrx is attempting to deploy a commit to the Inbox Zero OSS Program Team on Vercel.

A member of the Team first needs to authorize it.

[cubic-dev-ai]

6 issues found across 6 files

---

Since this is your first cubic review, here's how it works:

• cubic automatically reviews your code and comments on bugs and improvements
• Teach cubic by replying to its comments. cubic learns from your replies and gets better over time
• Ask questions if you need clarification on any suggestion

_{React with 👍 or 👎 to teach cubic. You can also tag @cubic-dev-ai to give feedback, ask questions, or re-run the review.}

[elie222]

This is great. I'm sure it'll help a lot of people. Note the comments above, and please sign the CLA.

[ThibautGrx]

All done, thanks!

[cubic-dev-ai]

No issues found across 4 files

[coderabbitai]

Actionable comments posted: 1

🧹 Nitpick comments (4)

docker/Dockerfile.prod (1)

29-33: Reduce image size and attack surface with a multi-stage build.

Install dev deps and run next build in a builder stage, then copy .next and node_modules --prod to a slim runtime.

I can provide a concrete multi-stage Dockerfile if helpful.

docs/hosting/docker.md (3)

51-53: Clarify env loading in Compose.

--env-file only feeds variable substitution; it doesn’t inject variables into containers unless your compose.yml references them (environment: or env_file:). Explicitly note that compose.yml must expose these to the web service.

Add in docker-compose.yml:

services:
  web:
    env_file:
      - apps/web/.env

---

82-94: Harden reverse proxy headers and timeouts.

Add X-Forwarded-Host and reasonable timeouts; keep Host header as you have.

Apply:

proxy_set_header X-Forwarded-Host $host;
proxy_read_timeout 300s;
proxy_send_timeout 300s;

If uploads are expected, consider client_max_body_size 25m;

---

117-126: Optional: simpler Certbot install on Ubuntu/Debian.

apt install python3-certbot-nginx avoids snapd on minimal VPS images.

sudo apt update && sudo apt install -y certbot python3-certbot-nginx
sudo certbot --nginx -d yourdomain.com

📜 Review details

Configuration used: Path: .coderabbit.yaml

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 47bcf10 and c34345c.

📒 Files selected for processing (4)

• README.md (1 hunks)
• apps/web/.env.example (1 hunks)
• docker/Dockerfile.prod (1 hunks)
• docs/hosting/docker.md (1 hunks)

🧰 Additional context used

📓 Path-based instructions (7)

!{.cursor/rules/*.mdc}

📄 CodeRabbit inference engine (.cursor/rules/cursor-rules.mdc)

Never place rule files in the project root, in subdirectories outside .cursor/rules, or in any other location

Files:

• docker/Dockerfile.prod
• docs/hosting/docker.md
• apps/web/.env.example
• README.md

!pages/_document.{js,jsx,ts,tsx}

📄 CodeRabbit inference engine (.cursor/rules/ultracite.mdc)

!pages/_document.{js,jsx,ts,tsx}: Don't import next/document outside of pages/_document.jsx in Next.js projects.
Don't import next/document outside of pages/_document.jsx in Next.js projects.

Files:

• docker/Dockerfile.prod
• docs/hosting/docker.md
• apps/web/.env.example
• README.md

apps/web/**/{.env.example,env.ts,turbo.json}

📄 CodeRabbit inference engine (apps/web/CLAUDE.md)

Add environment variables to .env.example, env.ts, and turbo.json

Files:

• apps/web/.env.example

apps/web/**/{.env.example,env.ts}

📄 CodeRabbit inference engine (apps/web/CLAUDE.md)

Client-side environment variables: Prefix with NEXT_PUBLIC_

Files:

• apps/web/.env.example

apps/web/.env.example

📄 CodeRabbit inference engine (.cursor/rules/environment-variables.mdc)

When adding a new environment variable, add it to .env.example with an example value (e.g., NEW_VARIABLE=value_example).

Files:

• apps/web/.env.example

**/.env*

📄 CodeRabbit inference engine (.cursor/rules/security.mdc)

Never use predictable or weak cron secrets (e.g., 'secret', 'password', 'cron', or short/simple strings) in environment variables.

Files:

• apps/web/.env.example

*{TASKS,ASSISTANT_CHAT,*.md}

📄 CodeRabbit inference engine (.cursor/rules/task-list.mdc)

*{TASKS,ASSISTANT_CHAT,*.md}: Create task lists in a markdown file in the project root, using TASKS.md or a descriptive name relevant to the feature (e.g., ASSISTANT_CHAT.md), and include a clear title and description of the feature being implemented.
Structure the task list markdown file with sections: Completed Tasks, In Progress Tasks, Future Tasks, Implementation Plan, and Relevant Files.
Update the task list as you progress: mark tasks as completed by changing [ ] to [x], add new tasks as identified, and move tasks between sections as appropriate.
Keep the 'Relevant Files' section updated with file paths, brief descriptions of each file's purpose, and status indicators (e.g., ✅) for completed components.
Add implementation details to the task list markdown file, including architecture decisions, data flow descriptions, technical components needed, and environment configuration.
When working with task lists, regularly update the task list file after implementing significant components, mark completed tasks with [x], add new tasks discovered during implementation, maintain the 'Relevant Files' section, and document implementation details.
When implementing tasks one by one, first check which task to implement next, and after implementing a task, update the file to reflect progress.

Files:

• README.md

🧠 Learnings (4)

📚 Learning: 2025-07-18T15:04:30.467Z

Learnt from: CR
PR: elie222/inbox-zero#0
File: apps/web/CLAUDE.md:0-0
Timestamp: 2025-07-18T15:04:30.467Z
Learning: Applies to apps/web/**/{.env.example,env.ts} : Client-side environment variables: Prefix with `NEXT_PUBLIC_`

Applied to files:

• apps/web/.env.example

📚 Learning: 2025-07-18T15:04:50.520Z

Learnt from: CR
PR: elie222/inbox-zero#0
File: .cursor/rules/environment-variables.mdc:0-0
Timestamp: 2025-07-18T15:04:50.520Z
Learning: Applies to apps/web/env.ts : Client-side environment variables must be prefixed with `NEXT_PUBLIC_` and added to both the `client` and `experimental__runtimeEnv` sections in `apps/web/env.ts`.

Applied to files:

• apps/web/.env.example

📚 Learning: 2025-07-18T15:04:50.520Z

Learnt from: CR
PR: elie222/inbox-zero#0
File: .cursor/rules/environment-variables.mdc:0-0
Timestamp: 2025-07-18T15:04:50.520Z
Learning: Applies to apps/web/.env.example : When adding a new environment variable, add it to `.env.example` with an example value (e.g., NEW_VARIABLE=value_example).

Applied to files:

• apps/web/.env.example

📚 Learning: 2025-07-18T15:04:30.467Z

Learnt from: CR
PR: elie222/inbox-zero#0
File: apps/web/CLAUDE.md:0-0
Timestamp: 2025-07-18T15:04:30.467Z
Learning: Applies to apps/web/**/{.env.example,env.ts,turbo.json} : Add environment variables to `.env.example`, `env.ts`, and `turbo.json`

Applied to files:

• apps/web/.env.example

🔇 Additional comments (6)

docker/Dockerfile.prod (2)

77-77: LGTM: start command unchanged.

No functional change beyond newline; start target remains correct.

---

34-36: I’ve initiated a script to check for existing .dockerignore files. Proceeding once results are available.

README.md (1)

82-85: Nice addition: clear pointer to Docker guide.

Concise and well-placed under Getting Started.

docs/hosting/docker.md (3)

41-46: Build arg usage looks correct.

Embedding NEXT_PUBLIC_BASE_URL at build time aligns with Next.js behavior.

---

96-110: Ensure port mapping matches Nginx upstream.

Nginx proxies to localhost:3000; confirm compose publishes 3000:3000 on the host for the web service, or update upstream to the container IP/name if terminating inside the Docker network.

---

21-25: Clone URL: HTTPS is fine; remove any SSH-agent mentions if present elsewhere.

If the doc doesn’t rely on SSH key forwarding later, using HTTPS is consistent.