- Replace `environment` with `type` for global context data
- Update default log directory path from `storage/logs` to `logs`
- Comment out Nginx log paths to disable by default
- Change `DockerJsonHandler` contract from `FormattableHandler` to `LogHandler`
- Remove is_readable() check when running as root
- Root can read files even with 0700 permissions
- Should fix issue where REDIS_PASSWORD file exists but is not readable (0700, owner 1000, process 0)
- Docker secrets may have restrictive permissions that root can bypass
- Handle paths like /redis_password and convert to /run/secrets/redis_password
- Docker Swarm may set *_FILE variables with just the secret name
- Add file permission debugging to diagnose read issues
- Should fix issue where REDIS_PASSWORD_FILE points to /redis_password instead of /run/secrets/redis_password
- Use RedisConfig::fromEnvironment() in LoggerInitializer
- Remove fallback logic in QueueInitializer, always use connection pool
- Make RedisConfig constructor private
- Clean up Redis connection error message
- Manually set REDIS_PASSWORD_FILE if file exists but variable is not set
- Handles cases where Docker Compose doesn't set the variable correctly
- Should fix issue where REDIS_PASSWORD_FILE is missing even though configured
- Check getenv(), $_ENV and $_SERVER for REDIS_PASSWORD_FILE
- Check if /run/secrets/redis_password file exists
- Help diagnose why REDIS_PASSWORD_FILE is not in environment
- Add debug logging for REDIS_PASSWORD_FILE and REDIS_PASSWORD
- Check if REDIS_PASSWORD_FILE exists and has correct value
- Check if secret file exists and is readable
- Help diagnose why REDIS_PASSWORD_FILE is not in logs
- Update all() first pass to skip storing empty values when secret resolution fails
- Ensures second pass can still resolve secrets from *_FILE variables
- Prevents empty values from blocking secret resolution in second pass
- Should fix issue where REDIS_PASSWORD was empty even though REDIS_PASSWORD_FILE existed
- Update all() method to check for *_FILE variables and resolve their base variables
- Ensures APP_KEY, DB_PASSWORD, etc. are resolved even if they don't exist in the array
- Two-pass approach: first processes existing variables, second checks for *_FILE patterns
- Fixes issue where APP_KEY was empty even though APP_KEY_FILE existed
- Update all() to automatically resolve Docker Secrets (*_FILE pattern) for empty variables
- Ensures DB_PASSWORD, REDIS_PASSWORD, etc. are resolved from their *_FILE counterparts when empty
- Variables like DB_PASSWORD_FILE are still included in output, but empty values are replaced with resolved secrets
- Fixes issue where DB_PASSWORD and REDIS_PASSWORD appeared empty in logs even though *_FILE variables existed
- Update get() method to treat empty strings as 'not set' for Docker Secrets resolution
- Allows Docker Secrets (*_FILE pattern) to override empty values
- Preserves original behavior: explicitly set empty strings are still returned
- Fixes issue where RAPIDMAIL_USERNAME and RAPIDMAIL_PASSWORD appear empty even when Docker Secrets are available
- Update all() to merge internal variables with system environment variables
- Ensures variables set after initialization (e.g., by PHP-FPM) are included
- Internal variables take precedence over system variables
- Fixes issue where RAPIDMAIL_USERNAME and RAPIDMAIL_PASSWORD were missing in all() output
- Fix priority order in loadSystemEnvironment() to check and first
- Add dynamic fallback in Environment::get() to handle variables set after initialization
- Ensure all environment variables are captured during bootstrap, including those set dynamically by PHP-FPM/FastCGI
Fixes issue where environment variables like RAPIDMAIL_USERNAME and RAPIDMAIL_PASSWORD were missing during bootstrap but available later in request processing.
- Improve WireGuard client IP calculation logic (find next available IP)
- Add local wireguard-clients directory for storing client configs
- Integrate Redis pool into CacheInitializer
- Improve ContainerBootstrapper with better imports and Redis pool
- Add monitoring role tags for better task organization
- Update WireGuard documentation
- Store generated WireGuard client configs locally
- Add fallback to 'latest' tag when build fails
- Add fallback mechanism when pulling specific image tag fails
- Fix code style: move opening brace in ObjectInfo
- Remove unused comment in ObjectStorage
- Use RedisConnectionPool when available for consistency
- Use named parameters when creating RedisQueue to prevent parameter confusion
- Fix RedisQueue constructor error where strings were passed instead of connection object
- Add deployment/ansible/templates/.env.production.j2 used by secrets playbook
- Enhance deploy-update.yml to read registry creds from vault or CI
- Update production-deploy workflow to pass registry credentials to Ansible
- Remove obsolete GitHub-style workflows under .gitea (conflicted naming)
Why: make the production pipeline executable end-to-end with Ansible and
consistent secrets handling; avoid legacy CI configs interfering.
- Commented out RateLimitMiddleware in MiddlewareManager
- RateLimit system not fully implemented yet (missing Storage, Initializer)
- Added ENV_SETUP.md documentation for .env file structure
- Website was returning HTTP 500 due to missing StorageInterface binding
TODO: Implement complete RateLimit system with Storage interface and DI bindings
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude <noreply@anthropic.com>
