Draft: fix: simplify deployment

[henri9813]

Objective

Improve "plug and play" aspect from appflowy.

TODO

• Embed nginx configuration in dedicated image, that could ease futher kubernetes deployment
• Simplify mail configuration and remove duplicates - Need review
• Deduplicate other settings
• Remove all builds from docker-compose in order to use the docker-compose.dev.yml ( dedicated for this ).
• Test just "git clone, make setup , docker compose up -d
• Remove gotrue hardcoded in .env password to ensure the user change theses values after first-login. ( as a password change after first connection )
• Remove hard coded SSL certificate for nginx -> i would like to remove entirely the SSL. This is not the role of appflowy to do the ssl termination but the reverse proxy job in a docker environment
• Remove notion of "Minio", minio is just a s3 compatible endpoint. Remove also all reference to AWS. Keep simple S3_HOST S3_ACCESS_TOKEN, etc... with default values configured to be compatible with the local minio.

[sourcery-ai]

Reviewer's Guide

This PR simplifies the deployment by containerizing Nginx with a custom image and consolidated configuration, refactors SMTP environment variables to use a unified naming scheme across all services, and enhances the worker’s mailer setup by inferring TLS mode based on port.

Class diagram for AppFlowy Worker mailer TLS logic

classDiagram
  class Config {
    +MailerConfig mailer
  }
  class MailerConfig {
    +String smtp_host
    +u16 smtp_port
    +String smtp_username
    +String smtp_email
    +String smtp_password
    -String smtp_tls_kind (removed, now inferred)
  }
  class AFWorkerMailer
  class Mailer {
    +new(username, email, password, host, port, tls_kind)
  }

  Config --> MailerConfig
  AFWorkerMailer --> Mailer

  %% Note: smtp_tls_kind is now inferred in get_worker_mailer based on smtp_port

Loading

File-Level Changes

Change	Details	Files
Consolidate and containerize Nginx configuration	Switched nginx service to use a custom image and build context Removed bind-mounts for nginx.conf and SSL files Added docker/nginx/Dockerfile to bake in config and SSL into the image Introduced docker/nginx/nginx.conf and removed the old root nginx/nginx.conf	docker-compose.yml docker/nginx/Dockerfile docker/nginx/nginx.conf nginx/nginx.conf
Unify SMTP environment variables across services	Replaced GOTRUE_SMTP_* vars with generic SMTP_* in GoTrue service Replaced APPFLOWY_MAILER_SMTP_* vars with SMTP_* and EMAIL_FROM in AppFlowy services Updated environment keys consistently in multiple docker-compose service definitions	docker-compose.yml
Automate TLS mode selection in worker mailer	Initialized smtp_tls_kind to “none” and made mutable Added conditional logic to set “wrapper” for port 465 and “opportunistic” for 587 Removed reliance on config.mailer.smtp_tls_kind and passed computed value to Mailer::new	services/appflowy-worker/src/application.rs

Possibly linked issues

• Portainer #123: The PR simplifies Docker Compose and Nginx configuration, directly addressing the complexities and access issues reported for self-hosting.
• #0: The PR replaces the Nginx configuration in docker-compose, which resolves the bug of duplicated '/app' paths in deployed links.

---

Tips and commands

Interacting with Sourcery

• Trigger a new review: Comment @sourcery-ai review on the pull request.
• Continue discussions: Reply directly to Sourcery's review comments.
• Generate a GitHub issue from a review comment: Ask Sourcery to create an
  issue from a review comment by replying to it. You can also reply to a
  review comment with @sourcery-ai issue to create an issue from it.
• Generate a pull request title: Write @sourcery-ai anywhere in the pull
  request title to generate a title at any time. You can also comment
  @sourcery-ai title on the pull request to (re-)generate the title at any time.
• Generate a pull request summary: Write @sourcery-ai summary anywhere in
  the pull request body to generate a PR summary at any time exactly where you
  want it. You can also comment @sourcery-ai summary on the pull request to
  (re-)generate the summary at any time.
• Generate reviewer's guide: Comment @sourcery-ai guide on the pull
  request to (re-)generate the reviewer's guide at any time.
• Resolve all Sourcery comments: Comment @sourcery-ai resolve on the
  pull request to resolve all Sourcery comments. Useful if you've already
  addressed all the comments and don't want to see them anymore.
• Dismiss all Sourcery reviews: Comment @sourcery-ai dismiss on the pull
  request to dismiss all existing Sourcery reviews. Especially useful if you
  want to start fresh with a new review - don't forget to comment
  @sourcery-ai review to trigger a new review!

Customizing Your Experience

Access your dashboard to:

• Enable or disable review features such as the Sourcery-generated pull request
  summary, the reviewer's guide, and others.
• Change the review language.
• Add, remove or edit custom review instructions.
• Adjust other review settings.

Getting Help

• Contact our support team for questions or feedback.
• Visit our documentation for detailed guides and information.
• Keep in touch with the Sourcery team by following us on X/Twitter, LinkedIn or GitHub.

[CLAassistant]

Thank you for your submission! We really appreciate it. Like many open source projects, we ask that you sign our Contributor License Agreement before we can accept your contribution.
_{You have signed the CLA already but the status is still pending? Let us recheck it.}

[sourcery-ai]

Hey @henri9813 - I've reviewed your changes and found some issues that need to be addressed.

Blocking issues:

• Assignment to smtp_tls_kind is not valid Rust syntax. (link)

General comments:

• In application.rs you’re reassigning smtp_tls_kind but declared it immutable—make it let mut smtp_tls_kind (or refactor to avoid mutation) so it compiles.
• The same SMTP environment variables are repeated across multiple services in docker-compose.yml—consider using an env_file or compose extensions (x- fields) to DRY up the config.
• The new nginx.conf is quite large and has many repeated CORS and proxy blocks—consider splitting common settings into include files or using macros to improve readability and maintainability.

Prompt for AI Agents

Please address the comments from this code review:
## Overall Comments
- In application.rs you’re reassigning `smtp_tls_kind` but declared it immutable—make it `let mut smtp_tls_kind` (or refactor to avoid mutation) so it compiles.
- The same SMTP environment variables are repeated across multiple services in docker-compose.yml—consider using an env_file or compose extensions (`x-` fields) to DRY up the config.
- The new nginx.conf is quite large and has many repeated CORS and proxy blocks—consider splitting common settings into include files or using macros to improve readability and maintainability.

## Individual Comments

### Comment 1
<location> `docker-compose.yml:10` </location>
<code_context>
-      - ${NGINX_PORT:-80}:80   # Disable this if you are using TLS
+      - ${NGINX_PORT:-80}:80
       - ${NGINX_TLS_PORT:-443}:443
-    volumes:
-      - ./nginx/nginx.conf:/etc/nginx/nginx.conf
-      - ./nginx/ssl/certificate.crt:/etc/nginx/ssl/certificate.crt
-      - ./nginx/ssl/private_key.key:/etc/nginx/ssl/private_key.key

   # You do not need this if you have configured to use your own s3 file storage
</code_context>

<issue_to_address>
Removing nginx volume mounts may break SSL if certificates are not present in the image.

Make sure the Docker image includes the necessary SSL certificates and nginx configuration files to prevent deployment failures.
</issue_to_address>

### Comment 2
<location> `docker-compose.yml:136` </location>
<code_context>
-      - APPFLOWY_MAILER_SMTP_USERNAME=${APPFLOWY_MAILER_SMTP_USERNAME}
-      - APPFLOWY_MAILER_SMTP_EMAIL=${APPFLOWY_MAILER_SMTP_EMAIL}
-      - APPFLOWY_MAILER_SMTP_PASSWORD=${APPFLOWY_MAILER_SMTP_PASSWORD}
-      - APPFLOWY_MAILER_SMTP_TLS_KIND=${APPFLOWY_MAILER_SMTP_TLS_KIND}
+      - APPFLOWY_MAILER_SMTP_HOST=${SMTP_HOST}
+      - APPFLOWY_MAILER_SMTP_PORT=${SMTP_PORT}
</code_context>

<issue_to_address>
Removal of APPFLOWY_MAILER_SMTP_TLS_KIND may cause issues for non-standard SMTP ports.

Relying on port-based inference for TLS mode may fail with SMTP providers that use non-standard ports or require explicit TLS settings.
</issue_to_address>

### Comment 3
<location> `services/appflowy-worker/src/application.rs:170` </location>
<code_context>
 }

 async fn get_worker_mailer(config: &Config) -> Result<AFWorkerMailer, Error> {
+  let smtp_tls_kind = "none"
+  if config.mailer.smtp_port == 465 {
+    smtp_tls_kind = "wrapper"
+  } else if config.mailer.smtp_port == 587 {
</code_context>

<issue_to_address>
Assignment to smtp_tls_kind is not valid Rust syntax.

Declare smtp_tls_kind as mutable using 'let mut smtp_tls_kind = ...' to allow reassignment.
</issue_to_address>

### Comment 4
<location> `services/appflowy-worker/src/application.rs:171` </location>
<code_context>

 async fn get_worker_mailer(config: &Config) -> Result<AFWorkerMailer, Error> {
+  let smtp_tls_kind = "none"
+  if config.mailer.smtp_port == 465 {
+    smtp_tls_kind = "wrapper"
+  } else if config.mailer.smtp_port == 587 {
+    smtp_tls_kind = "opportunistic"
+  }
</code_context>

<issue_to_address>
Inferring TLS kind from port may not cover all SMTP configurations.

Some providers use non-standard ports or require explicit TLS settings. Allowing a configurable TLS kind would improve flexibility.

Suggested implementation:

```rust
async fn get_worker_mailer(config: &Config) -> Result<AFWorkerMailer, Error> {
  let smtp_tls_kind = config.mailer.smtp_tls_kind.as_str();

  let mailer = Mailer::new(

```

1. Add a new field `smtp_tls_kind: String` (or appropriate type) to your mailer config struct (e.g., in `Config` or `MailerConfig`).
2. Update your configuration loading logic (e.g., from environment variables or config files) to support the new `smtp_tls_kind` field.
3. Update documentation and deployment configuration to require/allow setting `smtp_tls_kind` (e.g., "none", "wrapper", "opportunistic").
4. Remove any other logic that infers TLS kind from port elsewhere in the codebase, if present.
</issue_to_address>

### Comment 5
<location> `docker/nginx/nginx.conf:29` </location>
<code_context>
+
+
+server {
+    ssl_certificate /etc/nginx/ssl/certificate.crt;
+    ssl_certificate_key /etc/nginx/ssl/private_key.key;
+
+    listen 80;
</code_context>

<issue_to_address>
No fallback or error handling for missing SSL certificates.

Document the required SSL files or add a startup check to verify their presence, as nginx will not start without them.
</issue_to_address>

<suggested_fix>
<<<<<<< SEARCH
server {
    ssl_certificate /etc/nginx/ssl/certificate.crt;
    ssl_certificate_key /etc/nginx/ssl/private_key.key;

    listen 80;
=======
# 
# NOTE: The following server block requires SSL certificate and key files to be present at:
#   /etc/nginx/ssl/certificate.crt
#   /etc/nginx/ssl/private_key.key
# Nginx will fail to start if these files are missing.
# Ensure these files exist before starting the container.
#
# You may add a startup script to check for these files, e.g.:
#   [ -f /etc/nginx/ssl/certificate.crt ] && [ -f /etc/nginx/ssl/private_key.key ] || { echo "Missing SSL files"; exit 1; }
#
server {
    ssl_certificate /etc/nginx/ssl/certificate.crt;
    ssl_certificate_key /etc/nginx/ssl/private_key.key;

    listen 80;
>>>>>>> REPLACE

</suggested_fix>

---

Sourcery is free for open source - if you like our reviews please consider sharing them ✨

• X
• Mastodon
• LinkedIn
• Facebook

_{Help me be more useful! Please click 👍 or 👎 on each comment and I'll use the feedback to improve your reviews.}

[sourcery-ai]

issue (bug_risk): Removal of APPFLOWY_MAILER_SMTP_TLS_KIND may cause issues for non-standard SMTP ports.

Relying on port-based inference for TLS mode may fail with SMTP providers that use non-standard ports or require explicit TLS settings.

[sourcery-ai]

issue (bug_risk): Assignment to smtp_tls_kind is not valid Rust syntax.

Declare smtp_tls_kind as mutable using 'let mut smtp_tls_kind = ...' to allow reassignment.

[sourcery-ai]

suggestion: Inferring TLS kind from port may not cover all SMTP configurations.

Some providers use non-standard ports or require explicit TLS settings. Allowing a configurable TLS kind would improve flexibility.

Suggested implementation:

async fn get_worker_mailer(config: &Config) -> Result<AFWorkerMailer, Error> {
  let smtp_tls_kind = config.mailer.smtp_tls_kind.as_str();

  let mailer = Mailer::new(

1. Add a new field smtp_tls_kind: String (or appropriate type) to your mailer config struct (e.g., in Config or MailerConfig).
2. Update your configuration loading logic (e.g., from environment variables or config files) to support the new smtp_tls_kind field.
3. Update documentation and deployment configuration to require/allow setting smtp_tls_kind (e.g., "none", "wrapper", "opportunistic").
4. Remove any other logic that infers TLS kind from port elsewhere in the codebase, if present.

[henri9813]

I'm not rust expert, but there's something to made around the TLS configuration for autodetection or having a variable which is optional.