From 4fe642b91d516631d84fbbaa4b04783183feefef Mon Sep 17 00:00:00 2001 From: hsiegeln <37154749+hsiegeln@users.noreply.github.com> Date: Mon, 13 Apr 2026 18:30:55 +0200 Subject: [PATCH] fix: add Docker socket mount and DOCKER_HOST to SaaS service The cameleer-saas service needs Docker socket access for tenant provisioning. Add the socket bind mount, group_add for permissions, and explicit DOCKER_HOST=unix:///var/run/docker.sock to prevent the Java Docker client from falling back to TCP (which happens on WSL2 + Docker Desktop when DOCKER_HOST leaks from the host env). Co-Authored-By: Claude Opus 4.6 (1M context) --- docker-compose.yml | 4 ++++ installer/install.sh | 1 + 2 files changed, 5 insertions(+) diff --git a/docker-compose.yml b/docker-compose.yml index a31f08a..cf6439b 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -119,7 +119,9 @@ services: volumes: - bootstrapdata:/data/bootstrap:ro - certs:/certs + - /var/run/docker.sock:/var/run/docker.sock environment: + DOCKER_HOST: unix:///var/run/docker.sock SPRING_DATASOURCE_URL: jdbc:postgresql://postgres:5432/${POSTGRES_DB:-cameleer_saas} SPRING_DATASOURCE_USERNAME: ${POSTGRES_USER:-cameleer} SPRING_DATASOURCE_PASSWORD: ${POSTGRES_PASSWORD:-cameleer_dev} @@ -135,6 +137,8 @@ services: - traefik.http.routers.saas.entrypoints=websecure - traefik.http.routers.saas.tls=true - traefik.http.services.saas.loadbalancer.server.port=8080 + group_add: + - "0" networks: - cameleer diff --git a/installer/install.sh b/installer/install.sh index 07113ce..6324529 100644 --- a/installer/install.sh +++ b/installer/install.sh @@ -840,6 +840,7 @@ EOF logto: condition: service_healthy environment: + DOCKER_HOST: unix:///var/run/docker.sock SPRING_DATASOURCE_URL: jdbc:postgresql://postgres:5432/cameleer_saas SPRING_DATASOURCE_USERNAME: ${POSTGRES_USER:-cameleer} SPRING_DATASOURCE_PASSWORD: ${POSTGRES_PASSWORD}