From b939c79a490cfd32fd76b45caa9d3e794641d522 Mon Sep 17 00:00:00 2001
From: "DESKTOP-RTLN3BA\\$punk" <vermarohanfinal@gmail.com>
Date: Fri, 13 Feb 2026 16:16:02 -0800
Subject: [PATCH] feat: fixed docker issues

---
 .env.example                                   |  6 ++++++
 docker-compose.yml                             |  4 +++-
 surfsense_backend/Dockerfile                   | 17 ++++++-----------
 surfsense_backend/scripts/docker/entrypoint.sh |  6 ++++++
 4 files changed, 21 insertions(+), 12 deletions(-)

diff --git a/.env.example b/.env.example
index 8dca11ce6..894a989cc 100644
--- a/.env.example
+++ b/.env.example
@@ -11,6 +11,12 @@ NEXT_PUBLIC_FASTAPI_BACKEND_AUTH_TYPE=LOCAL or GOOGLE (Default: LOCAL)
 NEXT_PUBLIC_ETL_SERVICE=UNSTRUCTURED or LLAMACLOUD or DOCLING (Default: DOCLING)
 # Backend Configuration
 BACKEND_PORT=8000
+# Auth type for backend login flow (Default: LOCAL)
+# Set to GOOGLE if using Google OAuth
+AUTH_TYPE=LOCAL
+# Frontend URL used by backend for CORS allowed origins and OAuth redirects
+# Must match the URL your browser uses to access the frontend
+NEXT_FRONTEND_URL=http://localhost:3000
 
 # Database Configuration
 POSTGRES_USER=postgres
diff --git a/docker-compose.yml b/docker-compose.yml
index 8efc0b506..a94cea2e5 100644
--- a/docker-compose.yml
+++ b/docker-compose.yml
@@ -53,6 +53,7 @@ services:
       - DATABASE_URL=postgresql+asyncpg://${POSTGRES_USER:-postgres}:${POSTGRES_PASSWORD:-postgres}@db:5432/${POSTGRES_DB:-surfsense}
       - CELERY_BROKER_URL=redis://redis:${REDIS_PORT:-6379}/0
       - CELERY_RESULT_BACKEND=redis://redis:${REDIS_PORT:-6379}/0
+      - REDIS_APP_URL=redis://redis:${REDIS_PORT:-6379}/0
       # Queue name isolation - prevents task collision if Redis is shared with other apps
       - CELERY_TASK_DEFAULT_QUEUE=surfsense
       - PYTHONPATH=/app
@@ -62,7 +63,8 @@ services:
       - LANGSMITH_TRACING=false
       - ELECTRIC_DB_USER=${ELECTRIC_DB_USER:-electric}
       - ELECTRIC_DB_PASSWORD=${ELECTRIC_DB_PASSWORD:-electric_password}
-      - NEXT_FRONTEND_URL=http://frontend:3000
+      - AUTH_TYPE=${AUTH_TYPE:-LOCAL}
+      - NEXT_FRONTEND_URL=${NEXT_FRONTEND_URL:-http://localhost:3000}
     depends_on:
       - db
       - redis
diff --git a/surfsense_backend/Dockerfile b/surfsense_backend/Dockerfile
index 985d487f0..3605968b3 100644
--- a/surfsense_backend/Dockerfile
+++ b/surfsense_backend/Dockerfile
@@ -22,22 +22,17 @@ RUN apt-get update && apt-get install -y --no-install-recommends \
     git \
     && rm -rf /var/lib/apt/lists/*
 
-# Install Pandoc 3.x from GitHub (apt ships 2.17 which has broken table rendering).
+# Install Pandoc 3.x from GitHub as a fallback for Linux where pypandoc_binary
+# may not bundle pandoc (apt ships 2.17 which has broken table rendering).
+# pypandoc_binary bundles pandoc on Windows/macOS; on Linux it picks this up.
 RUN ARCH=$(dpkg --print-architecture) && \
     wget -qO /tmp/pandoc.deb "https://github.com/jgm/pandoc/releases/download/3.9/pandoc-3.9-1-${ARCH}.deb" && \
     dpkg -i /tmp/pandoc.deb && \
     rm /tmp/pandoc.deb
 
-# Install Typst for PDF rendering (Typst has built-in professional styling
-# for tables, headings, code blocks, etc., no CSS needed).
-RUN ARCH=$(dpkg --print-architecture) && \
-    if [ "$ARCH" = "amd64" ]; then TYPST_ARCH="x86_64-unknown-linux-musl"; \
-    else TYPST_ARCH="aarch64-unknown-linux-musl"; fi && \
-    wget -qO /tmp/typst.tar.xz "https://github.com/typst/typst/releases/download/v0.14.2/typst-${TYPST_ARCH}.tar.xz" && \
-    tar -xf /tmp/typst.tar.xz -C /tmp && \
-    cp /tmp/typst-*/typst /usr/local/bin/typst && \
-    rm -rf /tmp/typst* && \
-    typst --version
+# NOTE: Typst CLI is NOT installed here. PDF rendering uses the `typst` Python
+# library (pip package) which bundles the compiler as a native extension.
+# This avoids architecture-specific binary downloads and works cross-platform.
 
 # Update certificates and install SSL tools
 RUN update-ca-certificates
diff --git a/surfsense_backend/scripts/docker/entrypoint.sh b/surfsense_backend/scripts/docker/entrypoint.sh
index ce0f1ce13..e1a2778fc 100644
--- a/surfsense_backend/scripts/docker/entrypoint.sh
+++ b/surfsense_backend/scripts/docker/entrypoint.sh
@@ -73,6 +73,12 @@ start_worker() {
     QUEUE_ARGS=""
     if [ -n "${CELERY_QUEUES}" ]; then
         QUEUE_ARGS="--queues=${CELERY_QUEUES}"
+    else
+        # When no queues specified, consume from BOTH the default queue and
+        # the connectors queue. Without --queues, Celery only consumes from
+        # the default queue, leaving connector indexing tasks stuck.
+        DEFAULT_Q="${CELERY_TASK_DEFAULT_QUEUE:-surfsense}"
+        QUEUE_ARGS="--queues=${DEFAULT_Q},${DEFAULT_Q}.connectors"
     fi
 
     echo "Starting Celery Worker (autoscale=${CELERY_MAX_WORKERS},${CELERY_MIN_WORKERS}, max-tasks-per-child=${CELERY_MAX_TASKS_PER_CHILD}, queues=${CELERY_QUEUES:-all})..."