fix: separate DB_PASSWORD from DATABASE_URL to handle special chars
Coolify overrides container_name, so the DB service is only reachable
via its compose service name ("db"), not "worldcup_db". Also, passwords
containing URL-special characters (#, ], =) break postgres URL parsing
because the driver uses new URL() internally.
- docker-compose.yml: DATABASE_URL now uses "db" hostname with no
embedded password; DB_PASSWORD is passed as a separate env var
- lib/db/index.ts: when DB_PASSWORD env var is set it is passed as a
postgres driver option, bypassing URL parsing entirely
- .env.example: documents production vs local dev env var usage;
removes DATABASE_URL from the Coolify section (not needed there)
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
This commit is contained in:
+10
-2
@@ -1,8 +1,16 @@
|
|||||||
# Database
|
# ── Production (Coolify) ────────────────────────────────────────────────────
|
||||||
|
# DB_PASSWORD is passed separately so special characters never need URL-encoding.
|
||||||
|
# DATABASE_URL is constructed inside docker-compose.yml and does NOT need to be
|
||||||
|
# set in Coolify — only DB_PASSWORD is required.
|
||||||
DB_PASSWORD=changeme
|
DB_PASSWORD=changeme
|
||||||
DATABASE_URL=postgres://wc:changeme@worldcup_db:5432/worldcup
|
|
||||||
|
|
||||||
# Traefik (set TRAEFIK_ENABLED=true when deploying behind Traefik)
|
# Traefik (set TRAEFIK_ENABLED=true when deploying behind Traefik)
|
||||||
TRAEFIK_ENABLED=false
|
TRAEFIK_ENABLED=false
|
||||||
TRAEFIK_HOST=worldcup.example.com
|
TRAEFIK_HOST=worldcup.example.com
|
||||||
NETWORK_NAME=traefik-network
|
NETWORK_NAME=traefik-network
|
||||||
|
|
||||||
|
# ── Local development ────────────────────────────────────────────────────────
|
||||||
|
# Set DATABASE_URL when running pnpm dev or pnpm sync on the host directly.
|
||||||
|
# The password can be plain-text here since it goes through the postgres driver,
|
||||||
|
# not URL parsing, when DB_PASSWORD is unset.
|
||||||
|
# DATABASE_URL=postgres://wc:wc@localhost:5432/worldcup
|
||||||
|
|||||||
+2
-3
@@ -2,12 +2,12 @@ services:
|
|||||||
app:
|
app:
|
||||||
build: .
|
build: .
|
||||||
restart: unless-stopped
|
restart: unless-stopped
|
||||||
container_name: worldcup
|
|
||||||
depends_on:
|
depends_on:
|
||||||
db:
|
db:
|
||||||
condition: service_healthy
|
condition: service_healthy
|
||||||
environment:
|
environment:
|
||||||
DATABASE_URL: postgres://wc:${DB_PASSWORD}@worldcup_db:5432/worldcup
|
DATABASE_URL: postgres://wc@db:5432/worldcup
|
||||||
|
DB_PASSWORD: ${DB_PASSWORD}
|
||||||
NODE_ENV: production
|
NODE_ENV: production
|
||||||
labels:
|
labels:
|
||||||
- "traefik.enable=${TRAEFIK_ENABLED:-false}"
|
- "traefik.enable=${TRAEFIK_ENABLED:-false}"
|
||||||
@@ -27,7 +27,6 @@ services:
|
|||||||
db:
|
db:
|
||||||
image: postgres:16-alpine
|
image: postgres:16-alpine
|
||||||
restart: unless-stopped
|
restart: unless-stopped
|
||||||
container_name: worldcup_db
|
|
||||||
environment:
|
environment:
|
||||||
POSTGRES_DB: worldcup
|
POSTGRES_DB: worldcup
|
||||||
POSTGRES_USER: wc
|
POSTGRES_USER: wc
|
||||||
|
|||||||
+6
-1
@@ -4,7 +4,12 @@ import * as schema from './schema'
|
|||||||
|
|
||||||
const connectionString = process.env.DATABASE_URL ?? 'postgres://wc:wc@localhost:5432/worldcup'
|
const connectionString = process.env.DATABASE_URL ?? 'postgres://wc:wc@localhost:5432/worldcup'
|
||||||
|
|
||||||
const client = postgres(connectionString, { max: 10 })
|
// DB_PASSWORD is passed separately to avoid URL-encoding issues with special chars
|
||||||
|
// (e.g. #, ], = in passwords break URL parsing). Falls back to password in DATABASE_URL for local dev.
|
||||||
|
const client = postgres(connectionString, {
|
||||||
|
max: 10,
|
||||||
|
...(process.env.DB_PASSWORD ? { password: process.env.DB_PASSWORD } : {}),
|
||||||
|
})
|
||||||
export const db = drizzle(client, { schema })
|
export const db = drizzle(client, { schema })
|
||||||
|
|
||||||
export * from './schema'
|
export * from './schema'
|
||||||
|
|||||||
Reference in New Issue
Block a user