kallithea v0.7.0-patched-ed117efc9ae9

2026-02-07 13:19:02 +01:00 · 2024-04-14 01:36:56 +09:00
parent d7607cde17
commit 93ac09ab2e
16 changed files with 250 additions and 185 deletions
--- a/.github/workflows/docker-publish.yml
+++ b/.github/workflows/docker-publish.yml
@@ -10,6 +10,7 @@ on:
    branches:
 #      - 'main'
      - 'v*.*.*'
+      - 'v*.*.*-patched*'
  workflow_dispatch:
    inputs:
      with_latest:
--- a/README.md
+++ b/README.md
@@ -7,6 +7,8 @@ This image enables the SSH repository access function implemented in kallithea v

 - 0.7.0
    - Version 0.7.0 of the pip package.
+- 0.7.0-patched1
+    - Version overwritten with [changesets from the official source](https://kallithea-scm.org/repos/kallithea/changelog/ed117efc9ae952bbab966a267bbd2297d31b05e2/).

 ## Data location

@@ -50,6 +52,12 @@ SQLAlchemy connection string when using an external database.See [SQLAlchemy doc
 This image supports PostgreSQL (by psycopg2) and MySQL (by mysqlclient).  
 (empty by default, SQLite is used.)  

+- `KALLITHEA_REMOTE_ADDR_VAR`  
+WSGI environment variable to get the IP address of the client. (default: `REMOTE_ADDR`)  
+
+- `KALLITHEA_URL_SCHEME_VAR`  
+WSGI environment variable to get the protocol (http or https) of the client connection (default wsgi.url_scheme)  
+
 - `KALLITHEA_DB_PRE_CREATED`  
 If set to TRUE, use an existing database. (FALSE by default)  
 This can be used when initialization is performed by a DB user who does not have DB creation privileges.  
@@ -117,7 +125,7 @@ The following is an example of a simple docker-compose.yml for Sqlite.
 ```
 services:
  app:
-    image: toras9000/kallithea-mp:0.7.0
+    image: toras9000/kallithea-mp:0.7.0-patched1
    restart: unless-stopped
    ports:
      - "8010:5000"
--- a/build/Dockerfile
+++ b/build/Dockerfile
@@ -1,105 +1,14 @@
-FROM ubuntu:20.04
+FROM toras9000/kallithea-mp:0.7.0

 ARG DEBIAN_FRONTEND=noninteractive

-# Pass the path in advance to the directory where kallithea is installed.
-ENV PATH=$PATH:/home/kallithea/.local/bin
-
-# set locale
-ENV LC_ALL=C.UTF-8
-ENV LANG=C.UTF-8
-
-RUN <<-EOL
-    : This is what to keep installed in the image.
-    apt-get update
-    apt-get install -y --no-install-recommends                                 \
-                    dumb-init ssh curl locales ca-certificates busybox-static  \
-                    mercurial git python3 libpq5 libmysqlclient21
-    apt-get clean
-    rm -rf /var/lib/apt/lists/*
-EOL
-
-RUN <<-EOL
-    : Prepare kallithea execution user.
-    groupadd kallithea
-    useradd -m -c '' -g kallithea kallithea
-EOL
-
-# Package version when installing by pip. ex.) 0.7.0
-ARG KALLITHEA_VER=x.x.x
-
-RUN <<-EOL
-    : Check version specify
-    if [ "$KALLITHEA_VER" = "x.x.x" ]; then false; fi
-    
-    : This is only needed for kallithea installation.
-    curl -sL https://deb.nodesource.com/setup_14.x | bash -
-    apt-get install -y --no-install-recommends                      \
-                    build-essential libffi-dev pkg-config           \
-                    python3-dev libpq-dev libmysqlclient-dev        \
-                    libldap2-dev libsasl2-dev slapd ldap-utils tox  \
-                    nodejs
-    
-    : Build su-exec
-    git -C /tmp clone https://github.com/ncopa/su-exec.git su-exec
-    make -C /tmp/su-exec all
-    mv /tmp/su-exec/su-exec /usr/bin/
-    rm -rf /tmp/su-exec
-    
-    : Install pip.
-    curl -sL https://bootstrap.pypa.io/get-pip.py | su-exec kallithea:kallithea python3 - "setuptools < 58.0" "pip < 24.1" --user
-    
-    : Install kallithea and optional packages.
-    su-exec kallithea:kallithea python3 -m pip install --no-cache-dir --user                        \
-                                                       kallithea${KALLITHEA_VER:+==$KALLITHEA_VER}  \
-                                                       psycopg2                                     \
-                                                       mysqlclient                                  \
-                                                       python-ldap
-    
-    : Preparing the front-end files.
-    su-exec kallithea:kallithea kallithea-cli front-end-build
-    
-    : Clean up installation materials.
-    apt-get purge -y                                        \
-                  build-essential libffi-dev pkg-config     \
-                  python3-dev libpq-dev libmysqlclient-dev  \
-                  nodejs
-    apt-get autoremove -y
-    apt-get clean
-    rm -r  /etc/apt/sources.list.d/nodesource.list
-    rm -rf /var/lib/apt/lists/*
-    rm -rf /home/kallithea/.npm
-EOL
-
-# SSH setting
-RUN <<-EOL
-    cp /etc/ssh/sshd_config /etc/ssh/sshd_config.bak
-    
-    sed -ri "s/^\\s*#?\\s*PubkeyAuthentication\\s+.+\$/PubkeyAuthentication yes/1" /etc/ssh/sshd_config
-    sed -ri "s/^\\s*#?\\s*PasswordAuthentication\\s+.+\$/PasswordAuthentication no/1" /etc/ssh/sshd_config
-    sed -ri "s/^\\s*#?\\s*ChallengeResponseAuthentication\\s+.+\$/ChallengeResponseAuthentication no/1" /etc/ssh/sshd_config
-    sed -ri "s/^\\s*#?\\s*PermitRootLogin\\s+.+\$/PermitRootLogin no/1" /etc/ssh/sshd_config
-    sed -ri "s/^\\s*#?\\s*X11Forwarding\\s+.+\$/X11Forwarding no/1" /etc/ssh/sshd_config
-    
-    echo '' >> /etc/ssh/sshd_config
-    echo 'AcceptEnv GIT_PROTOCOL' >> /etc/ssh/sshd_config
-EOL
-
-# Copy assets.
 COPY ./assets/ /kallithea/

-# Prepare a directory for storing persistent data.
+ARG KALLITHEA_REV=stable
+
 RUN <<-EOL
-    mkdir -p /kallithea/config
-    mkdir -p /kallithea/repos
-    mkdir -p /home/kallithea/.ssh
-    chown kallithea:kallithea /kallithea/config
-    chown kallithea:kallithea /kallithea/repos
-    chown kallithea:kallithea /home/kallithea/.ssh
+    hg clone --rev "$KALLITHEA_REV" https://kallithea-scm.org/repos/kallithea /kallithea/src
+    cp -RT /kallithea/src/kallithea "$(su-exec kallithea:kallithea python3 -m site --user-site)/kallithea"
+    rm -rf /kallithea/src
+    sed -ri 's/^\s*VERSION\s*=\s*\(\s*([^,]+)\s*,\s*([^,]+)\s*,\s*([^,]+)\s*(.*)\)\s*$/VERSION = \(\1, \2, \3, '"'rev-${KALLITHEA_REV}'"'\)/' "$(su-exec kallithea:kallithea python3 -m site --user-site)/kallithea/__init__.py"
 EOL
-
-# Service port
-EXPOSE 5000 22
-
-# Startup command
-CMD ["dumb-init", "bash", "/kallithea/startup.sh"]
--- a/build/assets/helper/exists-db-table.py
+++ b/build/assets/helper/exists-db-table.py
@@ -1,22 +0,0 @@
-import sys
-import time
-import sqlalchemy
-
-try:
-    db_uri = sys.argv[1]
-    db_table = sys.argv[2]
-
-    engine = sqlalchemy.engine.create_engine(db_uri)
-    with engine.connect() as db:
-        exists = engine.has_table(db_table)
-
-        if exists:
-            sys.exit(0)
-        else:
-            sys.exit(1)
-
-except Exception:
-    print(traceback.format_exc())
-    exit(2)
-
-
--- a/build/assets/helper/get-db-settings.py
+++ b/build/assets/helper/get-db-settings.py
@@ -1,20 +0,0 @@
-import sys
-import time
-import sqlalchemy
-from sqlalchemy import text as sql_text
-
-try:
-    db_uri = sys.argv[1]
-    setting_key = sys.argv[2]
-
-    engine = sqlalchemy.engine.create_engine(db_uri)
-    with engine.connect() as db:
-        value = db.scalar(sql_text("select app_settings_value from settings where app_settings_name = :key"), { "key": setting_key, })
-        if value is None:
-            print("((None))")
-        else:
-            print(value)
-
-except Exception:
-    print(traceback.format_exc())
-    exit(1)
--- a/build/assets/helper/upsert-db-settings.py
+++ b/build/assets/helper/upsert-db-settings.py
@@ -1,26 +0,0 @@
-import sys
-import time
-import sqlalchemy
-from sqlalchemy import text as sql_text
-
-try:
-    db_uri = sys.argv[1]
-    setting_key = sys.argv[2]
-    setting_value = sys.argv[3]
-    setting_type = sys.argv[4]
-
-    engine = sqlalchemy.engine.create_engine(db_uri)
-    with engine.connect() as db:
-        setting_id = db.scalar(sql_text("select app_settings_id from settings where app_settings_name = :key"), { "key": setting_key, })
-        if setting_id is None:
-            sql = sql_text("insert into settings(app_settings_name, app_settings_value, app_settings_type) values (:key, :value, :type)")
-            params = { "key": setting_key, "value": setting_value, "type": setting_type, }
-        else:
-            sql = sql_text("update settings set app_settings_value = :value where app_settings_name = :key")
-            params = { "key": setting_key, "value": setting_value, }
-        db.execute(sql, params)
-
-except Exception:
-    print(traceback.format_exc())
-    exit(1)
-
--- a/build/assets/helper/wait-db-connect.py
+++ b/build/assets/helper/wait-db-connect.py
@@ -1,17 +0,0 @@
-import sys
-import time
-import sqlalchemy
-
-db_uri = sys.argv[1]
-
-print(f"Connect to '{db_uri}'")
-engine = sqlalchemy.engine.create_engine(db_uri)
-while True:
-    try:
-        with engine.connect() as db:
-            print("... success")
-            break
-
-    except:
-        print("Retry the database connection after 5 seconds.")
-        time.sleep(5)
--- a/build/assets/startup.sh
+++ b/build/assets/startup.sh
@@ -94,6 +94,18 @@ function create_setup_ini_file()
        CONFIG_OPTIONS+=("ssh_locale=$KALLITHEA_SSH_LOCALE")
    fi

+    # Setting: Remote address variable
+    if [ -n "$KALLITHEA_REMOTE_ADDR_VAR" ]; then
+        echo "Setting client address variable"
+        CONFIG_OPTIONS+=("remote_addr_variable=$KALLITHEA_REMOTE_ADDR_VAR")
+    fi
+
+    # Setting: URL scheme variable
+    if [ -n "$KALLITHEA_URL_SCHEME_VAR" ]; then
+        echo "Setting URL scheme variable"
+        CONFIG_OPTIONS+=("url_scheme_variable=$KALLITHEA_URL_SCHEME_VAR")
+    fi
+
    # Generate a configuration file.
    su-exec kallithea:kallithea kallithea-cli config-create "$INI_FILE_PATH" "${CONFIG_OPTIONS[@]}"
 }
--- a/docker-bake.hcl
+++ b/docker-bake.hcl
@@ -6,8 +6,12 @@ variable "KALLITHEA_IMAGE_VER" {
    default = "0.7.0"
 }

+variable "KALLITHEA_PATCH_REV" {
+    default = "ed117efc9ae9"
+}
+
 variable "KALLITHEA_FLAVOR" {
-    default = [""]
+    default = ["patched-${KALLITHEA_PATCH_REV}", "patched1"]
 }

 group "default" {
@@ -22,6 +26,7 @@ target "kallithea" {
  context = "./build"
  args = {
    KALLITHEA_VER = "${KALLITHEA_IMAGE_VER}"
+    KALLITHEA_REV = "${KALLITHEA_PATCH_REV}"
  }
  platforms = [
    "linux/amd64",
--- a/sample/.env
+++ b/sample/.env
@@ -0,0 +1 @@
+COMPOSE_PROJECT_NAME=docker-kallithea-sample
--- a/sample/assets/certs/ca/ca.crt
+++ b/sample/assets/certs/ca/ca.crt
@@ -0,0 +1,21 @@
+-----BEGIN CERTIFICATE-----
+MIIDiDCCAnCgAwIBAgIUdEh8zyMBBXRSoS92iyBn5zoRcEIwDQYJKoZIhvcNAQEL
+BQAwTTELMAkGA1UEBhMCSlAxFDASBgNVBAgMC1NhbXBsZVN0YXRlMQ8wDQYDVQQK
+DAZTYW1wbGUxFzAVBgNVBAMMDnNhbXBsZS1jYS5ob21lMB4XDTIzMDMxMzE1MDEw
+OVoXDTMzMDMxMDE1MDEwOVowTTELMAkGA1UEBhMCSlAxFDASBgNVBAgMC1NhbXBs
+ZVN0YXRlMQ8wDQYDVQQKDAZTYW1wbGUxFzAVBgNVBAMMDnNhbXBsZS1jYS5ob21l
+MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA5uYRuV/d5iXZAS5QzR2f
+4cTcpmv6FS9ZhEAtDTBQq3XLr2xXilWfI9947bqVPLlP7iYQemHCjCLZwhvDhqyf
+63Y72EUEAu/gpdmJfH9k8+wpyWj8rUIOC2RyTyhM2YpcxIDNCBjbBzTeJUzyDzrs
+b3lGaUC6uQcY8ZvsS7aGJfoJcW3ZdjoM6QX+7d/wECM58Q7+UzY/ZnRt37JY3B1H
+13vLWC85cU1het0Teb43X0v5Z0s5wDYrQOiX81M8fyyGjue1zBNaOtlPYa7DqT8Y
+oFcybTf+m9UkRR0KaP6+ZHL8cQv1PbJ9fBtCBLm3iUgu/QBEi/zSa3y/XpS4RiiX
+GQIDAQABo2AwXjAdBgNVHQ4EFgQU9nIVK5QlDzcx5b4LU8528D8lcEEwHwYDVR0j
+BBgwFoAU9nIVK5QlDzcx5b4LU8528D8lcEEwDwYDVR0TAQH/BAUwAwEB/zALBgNV
+HQ8EBAMCAQYwDQYJKoZIhvcNAQELBQADggEBAFBqUxAwQ4JX12CRrJ7GzvnvrA2L
+aCvIe1Kbuo/oX8Z39GgVH12XBRjUERNpb9xXNictreYeNTfAEWGmgiut1u/0FlRB
+RP1oyYB8cEEFlaaBnoGYblv6UY7GXb3a2sNMyiz8X8fxMx9FDHYj36bsAIfRJ/LU
+Z8bICy85ymrEgrddSTlf8FOLryTX0xNw1AIuehOqbLgvwLzf+OnvOdvSilO6zpkY
+HXiB2GBeeCq3OX3prEZBWwn0t1hgvFs+0l5P3arTKrxN6KLcYhjglmgGFnuO9j4Z
+o+oERjHdTorODyIIwwj5Kb16iPrLX5IB+gSRpVQiI9DZzH/TawhlX3LSCnU=
+-----END CERTIFICATE-----
--- a/sample/assets/certs/server/server.crt
+++ b/sample/assets/certs/server/server.crt
@@ -0,0 +1,22 @@
+-----BEGIN CERTIFICATE-----
+MIIDnzCCAoegAwIBAgIUMnZBstFQF1tmY1iRnJMVJVRBLqkwDQYJKoZIhvcNAQEL
+BQAwTTELMAkGA1UEBhMCSlAxFDASBgNVBAgMC1NhbXBsZVN0YXRlMQ8wDQYDVQQK
+DAZTYW1wbGUxFzAVBgNVBAMMDnNhbXBsZS1jYS5ob21lMB4XDTIzMDMxMzE1MDU1
+OVoXDTMzMDMxMDE1MDU1OVowTDELMAkGA1UEBhMCSlAxFDASBgNVBAgMC1NhbXBs
+ZVN0YXRlMQ8wDQYDVQQKDAZTYW1wbGUxFjAUBgNVBAMMDW15c2VydmVyLmhvbWUw
+ggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDzhqH/Xgl8Obf3Z79XcAT/
+qUkQ/8iNquZLZgl1Koez4/nuZBcWd/eWMFLOJbMaT+0JyaAkeb6BXHWz/x9HTCAS
+10wulb8k+cq1YmBb9gH1soqrDp4kelt5IkE4xXZskw1XaOhaeZaNaLvB/zrk0dW+
+LOb6GuCmPdY3Y95DpqyI3hl2wevX5tOVKkKaUY7P/5SBXttSe6jZDCy6Vo7a1P5N
+hZYD6oiEgn8rmD4miLC5m4cWz1uLhfAji1C+FA+x2kjrSQzEgebmMVXbWeXOKLB3
+thraUVjL2XCZOWYEiYPtpdyOK31ap+9o1pABvfDRlHw8dgZE9RBDCV32o5at/iUv
+AgMBAAGjeDB2MAkGA1UdEwQCMAAwHQYDVR0OBBYEFMvEnKF053YKtGB0CuEMaxj8
+esApMB8GA1UdIwQYMBaAFPZyFSuUJQ83MeW+C1POdvA/JXBBMCkGA1UdEQQiMCCC
+DW15c2VydmVyLmhvbWWCDyoubXlzZXJ2ZXIuaG9tZTANBgkqhkiG9w0BAQsFAAOC
+AQEAtY01jZR81yY2WMKFOvQptLS4rZSmNBmlkQhE6YVhMrGoBXw8uDF/H/pdVp8i
+p0OjsPBjuV2CVss4ifuw7pG0GIS247rumlEE1VL+YmlC5n5l9C3Bd93+MO+Bak8h
+G7vNq9YGZqjvl1sJBhujN0XVSLlVKdDHjmt+IKcaC1VGM5Wayhk3i5E9eQXOY88N
+9iwxUgi2ijQQBvR+UwzUiZ7AjThSn1KdYGkhb6RQrIiSCsmno/K7WmdLpeSZcwet
+ToHKBBxrcFixT1IVxkiSErEf604qVElRylJveW3n8+oNJzn7go9pifg7rqIMmxTE
+5vIJUpbiQvCtyIFeuCQ78opr2A==
+-----END CERTIFICATE-----
--- a/sample/assets/certs/server/server.key
+++ b/sample/assets/certs/server/server.key
@@ -0,0 +1,28 @@
+-----BEGIN PRIVATE KEY-----
+MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQDzhqH/Xgl8Obf3
+Z79XcAT/qUkQ/8iNquZLZgl1Koez4/nuZBcWd/eWMFLOJbMaT+0JyaAkeb6BXHWz
+/x9HTCAS10wulb8k+cq1YmBb9gH1soqrDp4kelt5IkE4xXZskw1XaOhaeZaNaLvB
+/zrk0dW+LOb6GuCmPdY3Y95DpqyI3hl2wevX5tOVKkKaUY7P/5SBXttSe6jZDCy6
+Vo7a1P5NhZYD6oiEgn8rmD4miLC5m4cWz1uLhfAji1C+FA+x2kjrSQzEgebmMVXb
+WeXOKLB3thraUVjL2XCZOWYEiYPtpdyOK31ap+9o1pABvfDRlHw8dgZE9RBDCV32
+o5at/iUvAgMBAAECggEAAd2wumpdNpNMpREpnAES5hCagOOs2jpf1wkPnn22b3rv
+jH4+LQu7R8PUBpoEWXnDo7UPTJLq55vZQl6nPd5yn80AMO/bI0Hkuzy8kfJ8c7EB
+XgEtK14NUGF3pXiMiUAb3zpsZAZq0GeSihCAwjBswQR1ZUo1GXZU1gomXFdXxW6x
+Eyyj2eWdJbWzlEjmAYGnrSlI5q2FnwcgGZ9QRXPpD2zYElxLgL0mhmQ9fySQLQIK
+iH9ghm4tsNYTmVCrCgsA1U1QGdBXvKWm0K6Ojvy6WGNKI7XUsNQ4+GyYmyyyjBI0
+Mjgm4B2V7MaZxADIF0xN4cunNLYgaHC3hEEZROY9VQKBgQD+rAC2X88eUWDPG3k+
+Cg0qpZsWnRPtvRxnHE+8tNpuXPuERR9T9L5Vg7f3Gg07P1O/hzGsCfbLkVMlSChP
+fv2PFhhoTxHDMg+eCiS96ftLywFCcqSW5LUglTtI9fYfzIEbGeNZkDb57Jkt9mZw
+/+sNOfCO0MvPv66ANW5HxuqEmwKBgQD0y7/r3tVT5lE/gPsAyNa05DIw+SliS4+y
+NDQ/G5r4RpKnAn53aXQpNaH4WH7dcFBXDCK6vBTQ9TzKfFO8xwUQAHKf+devpX1U
+aG0Gej/qhUx+gwx6iSEvp26BxcaY10QOeMcHh+7xDYRkilcySkfjBXoqX9rab5RT
+GzZmm+DI/QKBgGHOCuP/fZqmJCjF41U5JP9Y5GvV3X5zH0JWNCVDy5OQ8CNHLJXg
+q2xKDs++WJCFbJNkx2XL2dUqNaVexeRp39Ug5jTBERBG3IqUWLH690CPcSdkweMV
+aJ5f0YnetCxYLMkMsyyFXyeyfs2REJybHFlTBBjFBVD+y3R/kJ/OO+i7AoGACqr2
+aikD0uwujj3oslgOQ0POjCPPkeEJGhL8U+O4FSm+KlkJedq2nTUhIdl5bdz/I0v8
+F3cq0RBe3dQdMhTaO6BJXn9czuK/W3ZRif652laExt6fJJflQlZhknYz+WUoKhlJ
+UyKxXv/fzSHaOu7Rwyrx7/bNaseCBz0gWchhO2ECgYEA9jsUsIr4Dx9JRY05swe5
+9nV6scLqwTqmyU0GOHY1eVa1Efq+I+0SRDWJfAk6gGDsWxR9fKAZ0mexyCpHUpku
+wblNrYI4C5I2ugrUci4eT6BacETWqDLVc3/t6bcU0JlnItOr5V9V4pUScqfZhtq7
+OHknv5wxoI+6kijqGBLxJfQ=
+-----END PRIVATE KEY-----
--- a/sample/assets/configs/server/00-default.conf
+++ b/sample/assets/configs/server/00-default.conf
@@ -0,0 +1,30 @@
+map $http_upgrade $connection_upgrade { 
+    default upgrade;
+    ''      close;
+}
+
+log_format  proxy  '$remote_addr - $remote_user [$time_local] $scheme $http_host "$request" '
+                   '$status $body_bytes_sent "$http_referer" '
+                   '"$http_user_agent" "$http_x_forwarded_for"';
+
+server {
+    listen       80                   default_server;
+    listen  [::]:80      ipv6only=on  default_server;
+    listen       443 ssl              default_server;
+    listen  [::]:443 ssl ipv6only=on  default_server;
+
+    access_log  /var/log/nginx/access.log  proxy;
+    ssl_certificate      /work/certs/server/server.crt;
+    ssl_certificate_key  /work/certs/server/server.key;
+
+    location ^~ /certs
+    {
+         alias  /work/certs/ca;
+    }
+
+    location /
+    {
+        return 421;
+    }
+}
+
--- a/sample/assets/configs/server/01-kallithea.conf
+++ b/sample/assets/configs/server/01-kallithea.conf
@@ -0,0 +1,33 @@
+
+upstream kallithea-server
+{
+    server kallithea-app-container:5000;
+    keepalive 8;
+}
+server {
+    server_name  kallithea.myserver.home localhost;
+
+    listen       80;
+    listen  [::]:80;
+    listen       443 ssl;
+    listen  [::]:443 ssl;
+
+    ssl_certificate     /work/certs/server/server.crt;
+    ssl_certificate_key /work/certs/server/server.key;
+
+    access_log  /var/log/nginx/access.log  proxy;
+
+    proxy_set_header Host                $http_host;
+    proxy_set_header X-Url-Scheme        $scheme;
+    proxy_set_header X-Real-IP           $remote_addr;
+    proxy_set_header X-Forwarded-For     $proxy_add_x_forwarded_for;
+    proxy_set_header X-Forwarded-Proto   $scheme;
+    proxy_set_header X-Forwarded-Host    $http_host;
+
+    proxy_buffering             off;
+
+    location /
+    {
+        proxy_pass http://kallithea-server/;
+    }
+}
--- a/sample/compose.yml
+++ b/sample/compose.yml
@@ -0,0 +1,80 @@
+services:
+  db:
+    image: postgres:16
+    restart: unless-stopped
+    networks:
+      default:
+        aliases:
+          - kallithea-db-container
+    healthcheck:
+      test: pg_isready --quiet --dbname=$${POSTGRES_DB} --username=$${POSTGRES_USER} || exit 1
+      start_period: 5s
+      interval: 10s
+      timeout: 5s
+      retries: 12
+    volumes:
+      - ./volumes/kallithea/db:/var/lib/postgresql/data
+    environment:
+      - PGDATA=/var/lib/postgresql/data/kallithea-data
+      - POSTGRES_USER=kallithea_user
+      - POSTGRES_PASSWORD=kallithea_secret
+      - POSTGRES_DB=kallithea_store
+
+  app:
+    image: toras9000/kallithea-mp:0.7.0-patched1
+    restart: unless-stopped
+    depends_on:
+      db:
+        condition: service_healthy
+    networks:
+      default:
+      frontend:
+        aliases:
+          - kallithea-app-container
+    healthcheck:
+      test: curl -f http://localhost:5000 || exit 1
+      start_period: 5s
+      interval: 10s
+      timeout: 5s
+      retries: 12
+    volumes:
+      - ./volumes/kallithea/app/config:/kallithea/config
+      - ./volumes/kallithea/app/repos:/kallithea/repos
+      - ./volumes/kallithea/app/host_keys:/kallithea/host_keys
+      - ./volumes/kallithea/app/ssh:/home/kallithea/.ssh
+    environment:
+      - KALLITHEA_DB_PRE_CREATED=FALSE
+      - KALLITHEA_EXTERNAL_DB=postgres://kallithea_user:kallithea_secret@kallithea-db-container/kallithea_store
+      - KALLITHEA_ADMIN_USER=admin
+      - KALLITHEA_ADMIN_PASS=admin123
+      - KALLITHEA_ADMIN_MAIL=admin@example.com
+      - KALLITHEA_LOCALE=ja_JP.UTF-8
+      - KALLITHEA_REMOTE_ADDR_VAR=HTTP_X_FORWARDED_FOR
+      - KALLITHEA_URL_SCHEME_VAR=HTTP_X_FORWARDED_PROTO
+      - KALLITHEA_REPOSORT_IDX=5
+      - KALLITHEA_REPOSORT_ORDER=desc
+      - KALLITHEA_FIX_PERMISSION=TRUE
+      - KALLITHEA_FIX_REPOS_PERMISSION=FALSE
+      - KALLITHEA_DEFAULT_REPO_GIT=TRUE
+      - KALLITHEA_EXTRA_FIELD=TRUE
+      - KALLITHEA_EXTERNAL_SSH_PORT=2222
+#      - KALLITHEA_DB_MIGRATION=TRUE
+
+  proxy:
+    image: nginx:1.25
+    restart: unless-stopped
+    command: sh -c "exec find /work/certs/ca -type f -print0 | xargs -0 chmod 444 && exec nginx -g 'daemon off;'"
+    depends_on:
+      app:
+        condition: service_started
+    networks:
+      frontend:
+    ports:
+      - "443:443"
+      - "80:80"
+    volumes:
+      - ./assets/configs/server:/etc/nginx/conf.d:ro
+      - ./assets/certs:/work/certs
+
+networks:
+  frontend:
				`@@ -0,0 +1 @@`
				`COMPOSE_PROJECT_NAME=docker-kallithea-sample`