Merge branch 'canary' into feat/update-zh-Hans-translation

2025-06-26 18:27:59 +00:00 · 2025-03-15 20:55:16 -06:00
parent 6df0878ed4 f74d02381f
commit 0bc2734925
406 changed files with 8760 additions and 15463 deletions
--- a/packages/server/package.json
+++ b/packages/server/package.json
@@ -36,11 +36,11 @@
    "@ai-sdk/mistral": "^1.0.6",
    "@ai-sdk/openai": "^1.0.12",
    "@ai-sdk/openai-compatible": "^0.0.13",
-    "@better-auth/utils": "0.2.3",
-    "@oslojs/encoding": "1.1.0",
-    "@oslojs/crypto": "1.0.1",
-    "drizzle-dbml-generator": "0.10.0",
-    "better-auth": "1.2.0",
+    "@better-auth/utils":"0.2.3",
+    "@oslojs/encoding":"1.1.0",
+    "@oslojs/crypto":"1.0.1",
+    "drizzle-dbml-generator":"0.10.0",
+    "better-auth":"1.2.4",
    "@faker-js/faker": "^8.4.1",
    "@lucia-auth/adapter-drizzle": "1.0.7",
    "@octokit/auth-app": "^6.0.4",
@@ -75,9 +75,10 @@
    "react-dom": "18.2.0",
    "rotating-file-stream": "3.2.3",
    "slugify": "^1.6.6",
-    "ssh2": "1.15.0",
    "ws": "8.16.0",
-    "zod": "^3.23.4"
+    "zod": "^3.23.4",
+    "ssh2": "1.15.0",
+    "@octokit/rest": "^20.0.2"
  },
  "devDependencies": {
    "@types/micromatch": "4.0.9",
--- a/packages/server/src/db/schema/backups.ts
+++ b/packages/server/src/db/schema/backups.ts
@@ -2,6 +2,7 @@ import { relations } from "drizzle-orm";
 import {
 	type AnyPgColumn,
 	boolean,
+	integer,
 	pgEnum,
 	pgTable,
 	text,
@@ -36,6 +37,8 @@ export const backups = pgTable("backup", {
 		.notNull()
 		.references(() => destinations.destinationId, { onDelete: "cascade" }),

+	keepLatestCount: integer("keepLatestCount"),
+
 	databaseType: databaseType("databaseType").notNull(),
 	postgresId: text("postgresId").references(
 		(): AnyPgColumn => postgres.postgresId,
@@ -87,6 +90,7 @@ const createSchema = createInsertSchema(backups, {
 	prefix: z.string().min(1),
 	database: z.string().min(1),
 	schedule: z.string(),
+	keepLatestCount: z.number().optional(),
 	databaseType: z.enum(["postgres", "mariadb", "mysql", "mongo"]),
 	postgresId: z.string().optional(),
 	mariadbId: z.string().optional(),
@@ -99,6 +103,7 @@ export const apiCreateBackup = createSchema.pick({
 	enabled: true,
 	prefix: true,
 	destinationId: true,
+	keepLatestCount: true,
 	database: true,
 	mariadbId: true,
 	mysqlId: true,
@@ -127,5 +132,6 @@ export const apiUpdateBackup = createSchema
 		backupId: true,
 		destinationId: true,
 		database: true,
+		keepLatestCount: true,
 	})
 	.required();
--- a/packages/server/src/db/schema/utils.ts
+++ b/packages/server/src/db/schema/utils.ts
@@ -1,4 +1,4 @@
-import { generatePassword } from "@dokploy/server/templates/utils";
+import { generatePassword } from "@dokploy/server/templates";
 import { faker } from "@faker-js/faker";
 import { customAlphabet } from "nanoid";

--- a/packages/server/src/index.ts
+++ b/packages/server/src/index.ts
@@ -47,6 +47,7 @@ export * from "./utils/backups/mongo";
 export * from "./utils/backups/mysql";
 export * from "./utils/backups/postgres";
 export * from "./utils/backups/utils";
+export * from "./templates/processors";

 export * from "./utils/notifications/build-error";
 export * from "./utils/notifications/build-success";
--- a/packages/server/src/lib/auth.ts
+++ b/packages/server/src/lib/auth.ts
@@ -28,6 +28,26 @@ const { handler, api } = betterAuth({
 			clientSecret: process.env.GOOGLE_CLIENT_SECRET as string,
 		},
 	},
+	...(!IS_CLOUD && {
+		async trustedOrigins() {
+			const admin = await db.query.member.findFirst({
+				where: eq(schema.member.role, "owner"),
+				with: {
+					user: true,
+				},
+			});
+
+			if (admin) {
+				return [
+					...(admin.user.serverIp
+						? [`http://${admin.user.serverIp}:3000`]
+						: []),
+					...(admin.user.host ? [`https://${admin.user.host}`] : []),
+				];
+			}
+			return [];
+		},
+	}),
 	emailVerification: {
 		sendOnSignUp: true,
 		autoSignInAfterVerification: true,
--- a/packages/server/src/services/application.ts
+++ b/packages/server/src/services/application.ts
@@ -448,7 +448,7 @@ export const deployPreviewApplication = async ({
 			body: `### Dokploy Preview Deployment\n\n${buildingComment}`,
 		});
 		application.appName = previewDeployment.appName;
-		application.env = `${application.previewEnv}\nDOKPLOY_DEPLOY_URL=${previewDeployment?.domain}`;
+		application.env = `${application.previewEnv}\nDOKPLOY_DEPLOY_URL=${previewDeployment?.domain?.host}`;
 		application.buildArgs = application.previewBuildArgs;

 		// const admin = await findUserById(application.project.userId);
@@ -561,7 +561,7 @@ export const deployRemotePreviewApplication = async ({
 			body: `### Dokploy Preview Deployment\n\n${buildingComment}`,
 		});
 		application.appName = previewDeployment.appName;
-		application.env = `${application.previewEnv}\nDOKPLOY_DEPLOY_URL=${previewDeployment?.domain}`;
+		application.env = `${application.previewEnv}\nDOKPLOY_DEPLOY_URL=${previewDeployment?.domain?.host}`;
 		application.buildArgs = application.previewBuildArgs;

 		if (application.serverId) {
--- a/packages/server/src/services/compose.ts
+++ b/packages/server/src/services/compose.ts
@@ -289,11 +289,11 @@ export const rebuildCompose = async ({
 		// if (admin.cleanupCacheOnCompose) {
 		// 	await cleanupFullDocker(compose?.serverId);
 		// }
-		if (compose.serverId) {
-			await getBuildComposeCommand(compose, deployment.logPath);
-		} else {
-			await buildCompose(compose, deployment.logPath);
+
+		if (compose.sourceType === "raw") {
+			await createComposeFile(compose, deployment.logPath);
 		}
+		await buildCompose(compose, deployment.logPath);

 		await updateDeploymentStatus(deployment.deploymentId, "done");
 		await updateCompose(composeId, {
@@ -433,6 +433,10 @@ export const rebuildRemoteCompose = async ({
 		// if (admin.cleanupCacheOnCompose) {
 		// 	await cleanupFullDocker(compose?.serverId);
 		// }
+		if (compose.sourceType === "raw") {
+			const command = getCreateComposeFileCommand(compose, deployment.logPath);
+			await execAsyncRemote(compose.serverId, command);
+		}
 		if (compose.serverId) {
 			await getBuildComposeCommand(compose, deployment.logPath);
 		}
--- a/packages/server/src/services/docker.ts
+++ b/packages/server/src/services/docker.ts
@@ -136,26 +136,24 @@ export const getContainersByAppNameMatch = async (
 			result = stdout.trim().split("\n");
 		}

-		const containers = result
-			.map((line) => {
-				const parts = line.split(" | ");
-				const containerId = parts[0]
-					? parts[0].replace("CONTAINER ID : ", "").trim()
-					: "No container id";
-				const name = parts[1]
-					? parts[1].replace("Name: ", "").trim()
-					: "No container name";
+		const containers = result.map((line) => {
+			const parts = line.split(" | ");
+			const containerId = parts[0]
+				? parts[0].replace("CONTAINER ID : ", "").trim()
+				: "No container id";
+			const name = parts[1]
+				? parts[1].replace("Name: ", "").trim()
+				: "No container name";

-				const state = parts[2]
-					? parts[2].replace("State: ", "").trim()
-					: "No state";
-				return {
-					containerId,
-					name,
-					state,
-				};
-			})
-			.sort((a, b) => a.name.localeCompare(b.name));
+			const state = parts[2]
+				? parts[2].replace("State: ", "").trim()
+				: "No state";
+			return {
+				containerId,
+				name,
+				state,
+			};
+		});

 		return containers || [];
 	} catch (_error) {}
@@ -192,30 +190,28 @@ export const getStackContainersByAppName = async (
 			result = stdout.trim().split("\n");
 		}

-		const containers = result
-			.map((line) => {
-				const parts = line.split(" | ");
-				const containerId = parts[0]
-					? parts[0].replace("CONTAINER ID : ", "").trim()
-					: "No container id";
-				const name = parts[1]
-					? parts[1].replace("Name: ", "").trim()
-					: "No container name";
+		const containers = result.map((line) => {
+			const parts = line.split(" | ");
+			const containerId = parts[0]
+				? parts[0].replace("CONTAINER ID : ", "").trim()
+				: "No container id";
+			const name = parts[1]
+				? parts[1].replace("Name: ", "").trim()
+				: "No container name";

-				const state = parts[2]
-					? parts[2].replace("State: ", "").trim().toLowerCase()
-					: "No state";
-				const node = parts[3]
-					? parts[3].replace("Node: ", "").trim()
-					: "No specific node";
-				return {
-					containerId,
-					name,
-					state,
-					node,
-				};
-			})
-			.sort((a, b) => a.name.localeCompare(b.name));
+			const state = parts[2]
+				? parts[2].replace("State: ", "").trim().toLowerCase()
+				: "No state";
+			const node = parts[3]
+				? parts[3].replace("Node: ", "").trim()
+				: "No specific node";
+			return {
+				containerId,
+				name,
+				state,
+				node,
+			};
+		});

 		return containers || [];
 	} catch (_error) {}
@@ -253,31 +249,29 @@ export const getServiceContainersByAppName = async (
 			result = stdout.trim().split("\n");
 		}

-		const containers = result
-			.map((line) => {
-				const parts = line.split(" | ");
-				const containerId = parts[0]
-					? parts[0].replace("CONTAINER ID : ", "").trim()
-					: "No container id";
-				const name = parts[1]
-					? parts[1].replace("Name: ", "").trim()
-					: "No container name";
+		const containers = result.map((line) => {
+			const parts = line.split(" | ");
+			const containerId = parts[0]
+				? parts[0].replace("CONTAINER ID : ", "").trim()
+				: "No container id";
+			const name = parts[1]
+				? parts[1].replace("Name: ", "").trim()
+				: "No container name";

-				const state = parts[2]
-					? parts[2].replace("State: ", "").trim().toLowerCase()
-					: "No state";
+			const state = parts[2]
+				? parts[2].replace("State: ", "").trim().toLowerCase()
+				: "No state";

-				const node = parts[3]
-					? parts[3].replace("Node: ", "").trim()
-					: "No specific node";
-				return {
-					containerId,
-					name,
-					state,
-					node,
-				};
-			})
-			.sort((a, b) => a.name.localeCompare(b.name));
+			const node = parts[3]
+				? parts[3].replace("Node: ", "").trim()
+				: "No specific node";
+			return {
+				containerId,
+				name,
+				state,
+				node,
+			};
+		});

 		return containers || [];
 	} catch (_error) {}
@@ -287,13 +281,19 @@ export const getServiceContainersByAppName = async (

 export const getContainersByAppLabel = async (
 	appName: string,
+	type: "standalone" | "swarm",
 	serverId?: string,
 ) => {
 	try {
 		let stdout = "";
 		let stderr = "";

-		const command = `docker ps --filter "label=com.docker.swarm.service.name=${appName}" --format 'CONTAINER ID : {{.ID}} | Name: {{.Names}} | State: {{.State}}'`;
+		const command =
+			type === "swarm"
+				? `docker ps --filter "label=com.docker.swarm.service.name=${appName}" --format 'CONTAINER ID : {{.ID}} | Name: {{.Names}} | State: {{.State}}'`
+				: type === "standalone"
+					? `docker ps --filter "name=${appName}" --format 'CONTAINER ID : {{.ID}} | Name: {{.Names}} | State: {{.State}}'`
+					: `docker ps --filter "label=com.docker.compose.project=${appName}" --format 'CONTAINER ID : {{.ID}} | Name: {{.Names}} | State: {{.State}}'`;
 		if (serverId) {
 			const result = await execAsyncRemote(serverId, command);
 			stdout = result.stdout;
@@ -312,25 +312,23 @@ export const getContainersByAppLabel = async (

 		const lines = stdout.trim().split("\n");

-		const containers = lines
-			.map((line) => {
-				const parts = line.split(" | ");
-				const containerId = parts[0]
-					? parts[0].replace("CONTAINER ID : ", "").trim()
-					: "No container id";
-				const name = parts[1]
-					? parts[1].replace("Name: ", "").trim()
-					: "No container name";
-				const state = parts[2]
-					? parts[2].replace("State: ", "").trim()
-					: "No state";
-				return {
-					containerId,
-					name,
-					state,
-				};
-			})
-			.sort((a, b) => a.name.localeCompare(b.name));
+		const containers = lines.map((line) => {
+			const parts = line.split(" | ");
+			const containerId = parts[0]
+				? parts[0].replace("CONTAINER ID : ", "").trim()
+				: "No container id";
+			const name = parts[1]
+				? parts[1].replace("Name: ", "").trim()
+				: "No container name";
+			const state = parts[2]
+				? parts[2].replace("State: ", "").trim()
+				: "No state";
+			return {
+				containerId,
+				name,
+				state,
+			};
+		});

 		return containers || [];
 	} catch (_error) {}
--- a/packages/server/src/services/domain.ts
+++ b/packages/server/src/services/domain.ts
@@ -1,5 +1,5 @@
 import { db } from "@dokploy/server/db";
-import { generateRandomDomain } from "@dokploy/server/templates/utils";
+import { generateRandomDomain } from "@dokploy/server/templates";
 import { manageDomain } from "@dokploy/server/utils/traefik/domain";
 import { TRPCError } from "@trpc/server";
 import { eq } from "drizzle-orm";
--- a/packages/server/src/services/mariadb.ts
+++ b/packages/server/src/services/mariadb.ts
@@ -5,7 +5,7 @@ import {
 	mariadb,
 } from "@dokploy/server/db/schema";
 import { buildAppName } from "@dokploy/server/db/schema";
-import { generatePassword } from "@dokploy/server/templates/utils";
+import { generatePassword } from "@dokploy/server/templates";
 import { buildMariadb } from "@dokploy/server/utils/databases/mariadb";
 import { pullImage } from "@dokploy/server/utils/docker/utils";
 import { TRPCError } from "@trpc/server";
--- a/packages/server/src/services/mongo.ts
+++ b/packages/server/src/services/mongo.ts
@@ -1,7 +1,7 @@
 import { db } from "@dokploy/server/db";
 import { type apiCreateMongo, backups, mongo } from "@dokploy/server/db/schema";
 import { buildAppName } from "@dokploy/server/db/schema";
-import { generatePassword } from "@dokploy/server/templates/utils";
+import { generatePassword } from "@dokploy/server/templates";
 import { buildMongo } from "@dokploy/server/utils/databases/mongo";
 import { pullImage } from "@dokploy/server/utils/docker/utils";
 import { TRPCError } from "@trpc/server";
--- a/packages/server/src/services/mysql.ts
+++ b/packages/server/src/services/mysql.ts
@@ -1,7 +1,7 @@
 import { db } from "@dokploy/server/db";
 import { type apiCreateMySql, backups, mysql } from "@dokploy/server/db/schema";
 import { buildAppName } from "@dokploy/server/db/schema";
-import { generatePassword } from "@dokploy/server/templates/utils";
+import { generatePassword } from "@dokploy/server/templates";
 import { buildMysql } from "@dokploy/server/utils/databases/mysql";
 import { pullImage } from "@dokploy/server/utils/docker/utils";
 import { TRPCError } from "@trpc/server";
--- a/packages/server/src/services/postgres.ts
+++ b/packages/server/src/services/postgres.ts
@@ -5,7 +5,7 @@ import {
 	postgres,
 } from "@dokploy/server/db/schema";
 import { buildAppName } from "@dokploy/server/db/schema";
-import { generatePassword } from "@dokploy/server/templates/utils";
+import { generatePassword } from "@dokploy/server/templates";
 import { buildPostgres } from "@dokploy/server/utils/databases/postgres";
 import { pullImage } from "@dokploy/server/utils/docker/utils";
 import { TRPCError } from "@trpc/server";
--- a/packages/server/src/services/preview-deployment.ts
+++ b/packages/server/src/services/preview-deployment.ts
@@ -7,7 +7,7 @@ import {
 } from "@dokploy/server/db/schema";
 import { TRPCError } from "@trpc/server";
 import { and, desc, eq } from "drizzle-orm";
-import { generatePassword } from "../templates/utils";
+import { generatePassword } from "../templates";
 import { removeService } from "../utils/docker/utils";
 import { removeDirectoryCode } from "../utils/filesystem/directory";
 import { authGithub } from "../utils/providers/github";
--- a/packages/server/src/services/redis.ts
+++ b/packages/server/src/services/redis.ts
@@ -1,7 +1,7 @@
 import { db } from "@dokploy/server/db";
 import { type apiCreateRedis, redis } from "@dokploy/server/db/schema";
 import { buildAppName } from "@dokploy/server/db/schema";
-import { generatePassword } from "@dokploy/server/templates/utils";
+import { generatePassword } from "@dokploy/server/templates";
 import { buildRedis } from "@dokploy/server/utils/databases/redis";
 import { pullImage } from "@dokploy/server/utils/docker/utils";
 import { TRPCError } from "@trpc/server";
--- a/packages/server/src/setup/server-setup.ts
+++ b/packages/server/src/setup/server-setup.ts
@@ -9,6 +9,7 @@ import {
 	TRAEFIK_PORT,
 	TRAEFIK_SSL_PORT,
 	TRAEFIK_VERSION,
+	TRAEFIK_HTTP3_PORT,
 	getDefaultMiddlewares,
 	getDefaultServerTraefikConfig,
 } from "@dokploy/server/setup/traefik-setup";
@@ -542,22 +543,28 @@ export const installRClone = () => `
 export const createTraefikInstance = () => {
 	const command = `
 	    # Check if dokpyloy-traefik exists
-		if docker service ls | grep -q 'dokploy-traefik'; then
+		if docker service inspect dokploy-traefik > /dev/null 2>&1; then
+			echo "Migrating Traefik to Standalone..."
+			docker service rm dokploy-traefik
+			sleep 8
+			echo "Traefik migrated to Standalone ✅"
+		fi
+			
+		if docker inspect dokploy-traefik > /dev/null 2>&1; then
 			echo "Traefik already exists ✅"
 		else
-			# Create the dokploy-traefik service
+			# Create the dokploy-traefik container
 			TRAEFIK_VERSION=${TRAEFIK_VERSION}
-			docker service create \
+			docker run -d \
 				--name dokploy-traefik \
-				--replicas 1 \
-				--constraint 'node.role==manager' \
 				--network dokploy-network \
-				--mount type=bind,src=/etc/dokploy/traefik/traefik.yml,dst=/etc/traefik/traefik.yml \
-				--mount type=bind,src=/etc/dokploy/traefik/dynamic,dst=/etc/dokploy/traefik/dynamic \
-				--mount type=bind,src=/var/run/docker.sock,dst=/var/run/docker.sock \
-				--label traefik.enable=true \
-				--publish mode=host,target=${TRAEFIK_SSL_PORT},published=${TRAEFIK_SSL_PORT} \
-				--publish mode=host,target=${TRAEFIK_PORT},published=${TRAEFIK_PORT} \
+				--restart unless-stopped \
+				-v /etc/dokploy/traefik/traefik.yml:/etc/traefik/traefik.yml \
+				-v /etc/dokploy/traefik/dynamic:/etc/dokploy/traefik/dynamic \
+				-v /var/run/docker.sock:/var/run/docker.sock \
+				-p ${TRAEFIK_SSL_PORT}:${TRAEFIK_SSL_PORT} \
+				-p ${TRAEFIK_PORT}:${TRAEFIK_PORT} \
+				-p ${TRAEFIK_HTTP3_PORT}:${TRAEFIK_HTTP3_PORT}/udp \
 				traefik:v$TRAEFIK_VERSION
 			echo "Traefik version $TRAEFIK_VERSION installed ✅"
 		fi
--- a/packages/server/src/setup/traefik-setup.ts
+++ b/packages/server/src/setup/traefik-setup.ts
@@ -1,9 +1,8 @@
 import { chmodSync, existsSync, mkdirSync, writeFileSync } from "node:fs";
 import path from "node:path";
-import type { ContainerTaskSpec, CreateServiceOptions } from "dockerode";
+import type { ContainerCreateOptions } from "dockerode";
 import { dump } from "js-yaml";
 import { paths } from "../constants";
-import { pullImage, pullRemoteImage } from "../utils/docker/utils";
 import { getRemoteDocker } from "../utils/servers/remote-docker";
 import type { FileConfig } from "../utils/traefik/file-types";
 import type { MainTraefikConfig } from "../utils/traefik/types";
@@ -12,6 +11,8 @@ export const TRAEFIK_SSL_PORT =
 	Number.parseInt(process.env.TRAEFIK_SSL_PORT!, 10) || 443;
 export const TRAEFIK_PORT =
 	Number.parseInt(process.env.TRAEFIK_PORT!, 10) || 80;
+export const TRAEFIK_HTTP3_PORT =
+	Number.parseInt(process.env.TRAEFIK_HTTP3_PORT!, 10) || 443;
 export const TRAEFIK_VERSION = process.env.TRAEFIK_VERSION || "3.1.2";

 interface TraefikOptions {
@@ -23,6 +24,7 @@ interface TraefikOptions {
 		publishedPort: number;
 		publishMode?: "ingress" | "host";
 	}[];
+	force?: boolean;
 }

 export const initializeTraefik = async ({
@@ -30,113 +32,119 @@ export const initializeTraefik = async ({
 	env,
 	serverId,
 	additionalPorts = [],
+	force = false,
 }: TraefikOptions = {}) => {
 	const { MAIN_TRAEFIK_PATH, DYNAMIC_TRAEFIK_PATH } = paths(!!serverId);
 	const imageName = `traefik:v${TRAEFIK_VERSION}`;
 	const containerName = "dokploy-traefik";
-	const settings: CreateServiceOptions = {
-		Name: containerName,
-		TaskTemplate: {
-			ContainerSpec: {
-				Image: imageName,
-				Env: env,
-				Mounts: [
-					{
-						Type: "bind",
-						Source: `${MAIN_TRAEFIK_PATH}/traefik.yml`,
-						Target: "/etc/traefik/traefik.yml",
-					},
-					{
-						Type: "bind",
-						Source: DYNAMIC_TRAEFIK_PATH,
-						Target: "/etc/dokploy/traefik/dynamic",
-					},
-					{
-						Type: "bind",
-						Source: "/var/run/docker.sock",
-						Target: "/var/run/docker.sock",
-					},
-				],
-			},
-			Networks: [{ Target: "dokploy-network" }],
-			Placement: {
-				Constraints: ["node.role==manager"],
-			},
-		},
-		Mode: {
-			Replicated: {
-				Replicas: 1,
-			},
-		},
-		EndpointSpec: {
-			Ports: [
-				{
-					TargetPort: 443,
-					PublishedPort: TRAEFIK_SSL_PORT,
-					PublishMode: "host",
-				},
-				{
-					TargetPort: 80,
-					PublishedPort: TRAEFIK_PORT,
-					PublishMode: "host",
-				},
-				...(enableDashboard
-					? [
-							{
-								TargetPort: 8080,
-								PublishedPort: 8080,
-								PublishMode: "host" as const,
-							},
-						]
-					: []),
-				...additionalPorts.map((port) => ({
-					TargetPort: port.targetPort,
-					PublishedPort: port.publishedPort,
-					PublishMode: port.publishMode || ("host" as const),
-				})),
-			],
-		},
+
+	const exposedPorts: Record<string, {}> = {
+		[`${TRAEFIK_PORT}/tcp`]: {},
+		[`${TRAEFIK_SSL_PORT}/tcp`]: {},
+		[`${TRAEFIK_HTTP3_PORT}/udp`]: {},
 	};
+
+	const portBindings: Record<string, Array<{ HostPort: string }>> = {
+		[`${TRAEFIK_PORT}/tcp`]: [{ HostPort: TRAEFIK_PORT.toString() }],
+		[`${TRAEFIK_SSL_PORT}/tcp`]: [{ HostPort: TRAEFIK_SSL_PORT.toString() }],
+		[`${TRAEFIK_HTTP3_PORT}/udp`]: [
+			{ HostPort: TRAEFIK_HTTP3_PORT.toString() },
+		],
+	};
+
+	if (enableDashboard) {
+		exposedPorts["8080/tcp"] = {};
+		portBindings["8080/tcp"] = [{ HostPort: "8080" }];
+	}
+
+	for (const port of additionalPorts) {
+		const portKey = `${port.targetPort}/tcp`;
+		exposedPorts[portKey] = {};
+		portBindings[portKey] = [{ HostPort: port.publishedPort.toString() }];
+	}
+
+	const settings: ContainerCreateOptions = {
+		name: containerName,
+		Image: imageName,
+		NetworkingConfig: {
+			EndpointsConfig: {
+				"dokploy-network": {},
+			},
+		},
+		ExposedPorts: exposedPorts,
+		HostConfig: {
+			RestartPolicy: {
+				Name: "always",
+			},
+			Binds: [
+				`${MAIN_TRAEFIK_PATH}/traefik.yml:/etc/traefik/traefik.yml`,
+				`${DYNAMIC_TRAEFIK_PATH}:/etc/dokploy/traefik/dynamic`,
+				"/var/run/docker.sock:/var/run/docker.sock",
+			],
+			PortBindings: portBindings,
+		},
+		Env: env,
+	};
+
 	const docker = await getRemoteDocker(serverId);
 	try {
-		if (serverId) {
-			await pullRemoteImage(imageName, serverId);
-		} else {
-			await pullImage(imageName);
-		}
-
-		const service = docker.getService(containerName);
-		const inspect = await service.inspect();
-
-		const existingEnv = inspect.Spec.TaskTemplate.ContainerSpec.Env || [];
-		const updatedEnv = !env ? existingEnv : env;
-
-		const updatedSettings = {
-			...settings,
-			TaskTemplate: {
-				...settings.TaskTemplate,
-				ContainerSpec: {
-					...(settings?.TaskTemplate as ContainerTaskSpec).ContainerSpec,
-					Env: updatedEnv,
-				},
-			},
-		};
-		await service.update({
-			version: Number.parseInt(inspect.Version.Index),
-			...updatedSettings,
-		});
-
-		console.log("Traefik Started ✅");
-	} catch (_) {
 		try {
-			await docker.createService(settings);
-		} catch (error: any) {
-			if (error?.statusCode !== 409) {
-				throw error;
+			const service = docker.getService("dokploy-traefik");
+			await service?.remove({ force: true });
+
+			let attempts = 0;
+			const maxAttempts = 5;
+			while (attempts < maxAttempts) {
+				try {
+					await docker.listServices({
+						filters: { name: ["dokploy-traefik"] },
+					});
+					console.log("Waiting for service cleanup...");
+					await new Promise((resolve) => setTimeout(resolve, 5000));
+					attempts++;
+				} catch (e) {
+					break;
+				}
 			}
-			console.log("Traefik service already exists, continuing...");
+		} catch (err) {
+			console.log("No existing service to remove");
 		}
-		console.log("Traefik Not Found: Starting ✅");
+
+		// Then try to remove any existing container
+		const container = docker.getContainer(containerName);
+		try {
+			const inspect = await container.inspect();
+			if (inspect.State.Status === "running" && !force) {
+				console.log("Traefik already running");
+				return;
+			}
+
+			await container.remove({ force: true });
+			await new Promise((resolve) => setTimeout(resolve, 5000));
+		} catch (error) {
+			console.log("No existing container to remove");
+		}
+
+		// Create and start the new container
+		try {
+			await docker.createContainer(settings);
+			const newContainer = docker.getContainer(containerName);
+			await newContainer.start();
+			console.log("Traefik container started successfully");
+		} catch (error: any) {
+			if (error?.json?.message?.includes("port is already allocated")) {
+				console.log("Ports still in use, waiting longer for cleanup...");
+				await new Promise((resolve) => setTimeout(resolve, 10000));
+				// Try one more time
+				await docker.createContainer(settings);
+				const newContainer = docker.getContainer(containerName);
+				await newContainer.start();
+				console.log("Traefik container started successfully after retry");
+			}
+		}
+	} catch (error) {
+		console.error("Failed to initialize Traefik:", error);
+		throw error;
 	}
 };

@@ -212,6 +220,9 @@ export const getDefaultTraefikConfig = () => {
 			},
 			websecure: {
 				address: `:${TRAEFIK_SSL_PORT}`,
+				http3: {
+					advertisedPort: TRAEFIK_HTTP3_PORT,
+				},
 				...(process.env.NODE_ENV === "production" && {
 					http: {
 						tls: {
@@ -267,6 +278,9 @@ export const getDefaultServerTraefikConfig = () => {
 			},
 			websecure: {
 				address: `:${TRAEFIK_SSL_PORT}`,
+				http3: {
+					advertisedPort: TRAEFIK_HTTP3_PORT,
+				},
 				http: {
 					tls: {
 						certResolver: "letsencrypt",
--- a/packages/server/src/templates/github.ts
+++ b/packages/server/src/templates/github.ts
@@ -0,0 +1,109 @@
+import { load } from "js-yaml";
+
+/**
+ * Complete template interface that includes both metadata and configuration
+ */
+export interface CompleteTemplate {
+	metadata: {
+		id: string;
+		name: string;
+		description: string;
+		tags: string[];
+		version: string;
+		logo: string;
+		links: {
+			github: string;
+			website?: string;
+			docs?: string;
+		};
+	};
+	variables: {
+		[key: string]: string;
+	};
+	config: {
+		domains: Array<{
+			serviceName: string;
+			port: number;
+			path?: string;
+			host?: string;
+		}>;
+		env: Record<string, string>;
+		mounts?: Array<{
+			filePath: string;
+			content: string;
+		}>;
+	};
+}
+
+interface TemplateMetadata {
+	id: string;
+	name: string;
+	description: string;
+	version: string;
+	logo: string;
+	links: {
+		github: string;
+		website?: string;
+		docs?: string;
+	};
+	tags: string[];
+}
+
+/**
+ * Fetches the list of available templates from meta.json
+ */
+export async function fetchTemplatesList(
+	baseUrl = "https://templates.dokploy.com",
+): Promise<TemplateMetadata[]> {
+	try {
+		const response = await fetch(`${baseUrl}/meta.json`);
+		if (!response.ok) {
+			throw new Error(`Failed to fetch templates: ${response.statusText}`);
+		}
+		const templates = (await response.json()) as TemplateMetadata[];
+		return templates.map((template) => ({
+			id: template.id,
+			name: template.name,
+			description: template.description,
+			version: template.version,
+			logo: template.logo,
+			links: template.links,
+			tags: template.tags,
+		}));
+	} catch (error) {
+		console.error("Error fetching templates list:", error);
+		throw error;
+	}
+}
+
+/**
+ * Fetches a specific template's files
+ */
+export async function fetchTemplateFiles(
+	templateId: string,
+	baseUrl = "https://templates.dokploy.com",
+): Promise<{ config: CompleteTemplate; dockerCompose: string }> {
+	try {
+		// Fetch both files in parallel
+		const [templateYmlResponse, dockerComposeResponse] = await Promise.all([
+			fetch(`${baseUrl}/blueprints/${templateId}/template.yml`),
+			fetch(`${baseUrl}/blueprints/${templateId}/docker-compose.yml`),
+		]);
+
+		if (!templateYmlResponse.ok || !dockerComposeResponse.ok) {
+			throw new Error("Template files not found");
+		}
+
+		const [templateYml, dockerCompose] = await Promise.all([
+			templateYmlResponse.text(),
+			dockerComposeResponse.text(),
+		]);
+
+		const config = load(templateYml) as CompleteTemplate;
+
+		return { config, dockerCompose };
+	} catch (error) {
+		console.error(`Error fetching template ${templateId}:`, error);
+		throw error;
+	}
+}
--- a/packages/server/src/templates/index.ts
+++ b/packages/server/src/templates/index.ts
@@ -0,0 +1,120 @@
+import { randomBytes } from "node:crypto";
+import { existsSync } from "node:fs";
+import { mkdir, readFile, writeFile } from "node:fs/promises";
+import { join } from "node:path";
+import type { Domain } from "@dokploy/server/services/domain";
+import { TRPCError } from "@trpc/server";
+import { fetchTemplateFiles } from "./github";
+
+export interface Schema {
+	serverIp: string;
+	projectName: string;
+}
+
+export type DomainSchema = Pick<Domain, "host" | "port" | "serviceName"> & {
+	path?: string;
+};
+
+export interface Template {
+	envs: string[];
+	mounts: Array<{
+		filePath: string;
+		content: string;
+	}>;
+	domains: DomainSchema[];
+}
+
+export const generateRandomDomain = ({
+	serverIp,
+	projectName,
+}: Schema): string => {
+	const hash = randomBytes(3).toString("hex");
+	const slugIp = serverIp.replaceAll(".", "-");
+
+	return `${projectName}-${hash}${slugIp === "" ? "" : `-${slugIp}`}.traefik.me`;
+};
+
+export const generateHash = (length = 8): string => {
+	return randomBytes(Math.ceil(length / 2))
+		.toString("hex")
+		.substring(0, length);
+};
+
+export const generatePassword = (quantity = 16): string => {
+	const characters =
+		"ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789";
+	let password = "";
+	for (let i = 0; i < quantity; i++) {
+		password += characters.charAt(
+			Math.floor(Math.random() * characters.length),
+		);
+	}
+	return password.toLowerCase();
+};
+
+/**
+ * Generate a random base64 string from N random bytes
+ * @param bytes Number of random bytes to generate before base64 encoding (default: 32)
+ * @returns base64 encoded string of the random bytes
+ */
+export function generateBase64(bytes = 32): string {
+	return randomBytes(bytes).toString("base64");
+}
+
+export function generateJwt(length = 256): string {
+	return randomBytes(length).toString("hex");
+}
+
+/**
+ * Reads a template's docker-compose.yml file
+ * First tries to fetch from GitHub, falls back to local cache if fetch fails
+ */
+export const readTemplateComposeFile = async (id: string) => {
+	// First try to fetch from GitHub
+	try {
+		const { dockerCompose } = await fetchTemplateFiles(id);
+
+		// Cache the file for future use
+		const cwd = process.cwd();
+		const templatePath = join(cwd, ".next", "templates", id);
+		const composeFilePath = join(templatePath, "docker-compose.yml");
+
+		// Ensure the template directory exists
+		if (!existsSync(templatePath)) {
+			await mkdir(templatePath, { recursive: true });
+		}
+
+		// Cache the file for future use
+		await writeFile(composeFilePath, dockerCompose, "utf8");
+
+		return dockerCompose;
+	} catch (error) {
+		console.warn(`Failed to fetch template ${id} from GitHub:`, error);
+
+		// Try to use cached version as fallback
+		const cwd = process.cwd();
+		const composeFilePath = join(
+			cwd,
+			".next",
+			"templates",
+			id,
+			"docker-compose.yml",
+		);
+
+		if (existsSync(composeFilePath)) {
+			console.warn(`Using cached version of template ${id}`);
+			return await readFile(composeFilePath, "utf8");
+		}
+
+		console.error(`Error: Template ${id} not found in GitHub or cache`);
+		throw new TRPCError({
+			code: "NOT_FOUND",
+			message: `Template ${id} not found or could not be fetched`,
+		});
+	}
+};
+
+/**
+ * Loads a template module from GitHub or local cache
+ * First tries to fetch from GitHub, falls back to local cache if fetch fails
+ */
--- a/packages/server/src/templates/processors.ts
+++ b/packages/server/src/templates/processors.ts
@@ -0,0 +1,247 @@
+import type { Schema } from "./index";
+import {
+	generateBase64,
+	generateHash,
+	generateJwt,
+	generatePassword,
+	generateRandomDomain,
+} from "./index";
+
+/**
+ * Domain configuration
+ */
+interface DomainConfig {
+	serviceName: string;
+	port: number;
+	path?: string;
+	host?: string;
+}
+
+/**
+ * Mount configuration
+ */
+interface MountConfig {
+	filePath: string;
+	content: string;
+}
+
+/**
+ * Complete template interface that includes both metadata and configuration
+ */
+export interface CompleteTemplate {
+	metadata: {
+		id: string;
+		name: string;
+		description: string;
+		tags: string[];
+		version: string;
+		logo: string;
+		links: {
+			github: string;
+			website?: string;
+			docs?: string;
+		};
+	};
+	variables: Record<string, string>;
+	config: {
+		domains: DomainConfig[];
+		env: Record<string, string> | string[];
+		mounts?: MountConfig[];
+	};
+}
+
+/**
+ * Processed template output
+ */
+export interface Template {
+	domains: Array<DomainConfig>;
+	envs: string[];
+	mounts: MountConfig[];
+}
+
+/**
+ * Process a string value and replace variables
+ */
+function processValue(
+	value: string,
+	variables: Record<string, string>,
+	schema: Schema,
+): string {
+	// First replace utility functions
+	let processedValue = value.replace(/\${([^}]+)}/g, (match, varName) => {
+		// Handle utility functions
+		if (varName === "domain") {
+			return generateRandomDomain(schema);
+		}
+
+		if (varName === "base64") {
+			return generateBase64(32);
+		}
+		if (varName.startsWith("base64:")) {
+			const length = Number.parseInt(varName.split(":")[1], 10) || 32;
+			return generateBase64(length);
+		}
+		if (varName.startsWith("password:")) {
+			const length = Number.parseInt(varName.split(":")[1], 10) || 16;
+			return generatePassword(length);
+		}
+
+		if (varName === "password") {
+			return generatePassword(16);
+		}
+
+		if (varName.startsWith("hash:")) {
+			const length = Number.parseInt(varName.split(":")[1], 10) || 8;
+			return generateHash(length);
+		}
+		if (varName === "uuid") {
+			return crypto.randomUUID();
+		}
+
+		if (varName === "timestamp") {
+			return Date.now().toString();
+		}
+
+		if (varName === "randomPort") {
+			return Math.floor(Math.random() * 65535).toString();
+		}
+
+		if (varName === "jwt") {
+			return generateJwt();
+		}
+
+		if (varName.startsWith("jwt:")) {
+			const length = Number.parseInt(varName.split(":")[1], 10) || 256;
+			return generateJwt(length);
+		}
+
+		// If not a utility function, try to get from variables
+		return variables[varName] || match;
+	});
+
+	// Then replace any remaining ${var} with their values from variables
+	processedValue = processedValue.replace(/\${([^}]+)}/g, (match, varName) => {
+		return variables[varName] || match;
+	});
+
+	return processedValue;
+}
+
+/**
+ * Process variables in a template
+ */
+export function processVariables(
+	template: CompleteTemplate,
+	schema: Schema,
+): Record<string, string> {
+	const variables: Record<string, string> = {};
+
+	// First pass: Process variables that don't depend on other variables
+	for (const [key, value] of Object.entries(template.variables)) {
+		if (typeof value !== "string") continue;
+
+		if (value === "${domain}") {
+			variables[key] = generateRandomDomain(schema);
+		} else if (value.startsWith("${base64:")) {
+			const match = value.match(/\${base64:(\d+)}/);
+			const length = match?.[1] ? Number.parseInt(match[1], 10) : 32;
+			variables[key] = generateBase64(length);
+		} else if (value.startsWith("${password:")) {
+			const match = value.match(/\${password:(\d+)}/);
+			const length = match?.[1] ? Number.parseInt(match[1], 10) : 16;
+			variables[key] = generatePassword(length);
+		} else if (value.startsWith("${hash:")) {
+			const match = value.match(/\${hash:(\d+)}/);
+			const length = match?.[1] ? Number.parseInt(match[1], 10) : 8;
+			variables[key] = generateHash(length);
+		} else {
+			variables[key] = value;
+		}
+	}
+
+	// Second pass: Process variables that reference other variables
+	for (const [key, value] of Object.entries(variables)) {
+		variables[key] = processValue(value, variables, schema);
+	}
+
+	return variables;
+}
+
+/**
+ * Process domains in a template
+ */
+export function processDomains(
+	template: CompleteTemplate,
+	variables: Record<string, string>,
+	schema: Schema,
+): Template["domains"] {
+	if (!template?.config?.domains) return [];
+	return template?.config?.domains?.map((domain: DomainConfig) => ({
+		...domain,
+		host: domain.host
+			? processValue(domain.host, variables, schema)
+			: generateRandomDomain(schema),
+	}));
+}
+
+/**
+ * Process environment variables in a template
+ */
+export function processEnvVars(
+	template: CompleteTemplate,
+	variables: Record<string, string>,
+	schema: Schema,
+): Template["envs"] {
+	if (!template?.config?.env) return [];
+
+	// Handle array of env vars
+	if (Array.isArray(template.config.env)) {
+		return template.config.env.map((env) => {
+			if (typeof env === "string") {
+				return processValue(env, variables, schema);
+			}
+			return env;
+		});
+	}
+
+	// Handle object of env vars
+	return Object.entries(template.config.env).map(
+		([key, value]: [string, string]) => {
+			const processedValue = processValue(value, variables, schema);
+			return `${key}=${processedValue}`;
+		},
+	);
+}
+
+/**
+ * Process mounts in a template
+ */
+export function processMounts(
+	template: CompleteTemplate,
+	variables: Record<string, string>,
+	schema: Schema,
+): Template["mounts"] {
+	if (!template?.config?.mounts) return [];
+
+	return template?.config?.mounts?.map((mount: MountConfig) => ({
+		filePath: processValue(mount.filePath, variables, schema),
+		content: processValue(mount.content, variables, schema),
+	}));
+}
+
+/**
+ * Process a complete template
+ */
+export function processTemplate(
+	template: CompleteTemplate,
+	schema: Schema,
+): Template {
+	// First process variables as they might be referenced by other sections
+	const variables = processVariables(template, schema);
+
+	return {
+		domains: processDomains(template, variables, schema),
+		envs: processEnvVars(template, variables, schema),
+		mounts: processMounts(template, variables, schema),
+	};
+}
--- a/packages/server/src/templates/utils/index.ts
+++ b/packages/server/src/templates/utils/index.ts
@@ -1,61 +0,0 @@
-import { randomBytes } from "node:crypto";
-import { readFile } from "node:fs/promises";
-import { join } from "node:path";
-import type { Domain } from "@dokploy/server/services/domain";
-
-export interface Schema {
-	serverIp: string;
-	projectName: string;
-}
-
-export type DomainSchema = Pick<Domain, "host" | "port" | "serviceName">;
-
-export interface Template {
-	envs?: string[];
-	mounts?: {
-		filePath: string;
-		content?: string;
-	}[];
-	domains?: DomainSchema[];
-}
-
-export const generateRandomDomain = ({
-	serverIp,
-	projectName,
-}: Schema): string => {
-	const hash = randomBytes(3).toString("hex");
-	const slugIp = serverIp.replaceAll(".", "-");
-
-	return `${projectName}-${hash}${slugIp === "" ? "" : `-${slugIp}`}.traefik.me`;
-};
-
-export const generateHash = (projectName: string, quantity = 3): string => {
-	const hash = randomBytes(quantity).toString("hex");
-	return `${projectName}-${hash}`;
-};
-
-export const generatePassword = (quantity = 16): string => {
-	const characters =
-		"ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789";
-	let password = "";
-	for (let i = 0; i < quantity; i++) {
-		password += characters.charAt(
-			Math.floor(Math.random() * characters.length),
-		);
-	}
-	return password.toLowerCase();
-};
-
-export const generateBase64 = (bytes = 32): string => {
-	return randomBytes(bytes).toString("base64");
-};
-
-export const readTemplateComposeFile = async (id: string) => {
-	const cwd = process.cwd();
-	const composeFile = await readFile(
-		join(cwd, ".next", "templates", id, "docker-compose.yml"),
-		"utf8",
-	);
-
-	return composeFile;
-};
--- a/packages/server/src/types/template.ts
+++ b/packages/server/src/types/template.ts
@@ -0,0 +1,44 @@
+export interface TemplateConfig {
+	variables: Record<string, string>;
+	domains: Array<{
+		serviceName: string;
+		port: number;
+		path?: string;
+		host?: string;
+	}>;
+	env: Record<string, string>;
+	mounts: Array<{
+		filePath: string;
+		content: string;
+	}>;
+}
+
+export interface Template {
+	metadata: {
+		id: string;
+		name: string;
+		description: string;
+		version: string;
+		logo: string;
+		links: {
+			github: string;
+			website?: string;
+			docs?: string;
+		};
+		tags: string[];
+	};
+	variables: Record<string, string>;
+	config: {
+		domains: Array<{
+			serviceName: string;
+			port: number;
+			path?: string;
+			host?: string;
+		}>;
+		env: Record<string, string>;
+		mounts?: Array<{
+			filePath: string;
+			content: string;
+		}>;
+	};
+}
--- a/packages/server/src/utils/backups/index.ts
+++ b/packages/server/src/utils/backups/index.ts
@@ -1,3 +1,4 @@
+import path from "node:path";
 import { getAllServers } from "@dokploy/server/services/server";
 import { scheduleJob } from "node-schedule";
 import { db } from "../../db/index";
@@ -12,6 +13,10 @@ import { runMongoBackup } from "./mongo";
 import { runMySqlBackup } from "./mysql";
 import { runPostgresBackup } from "./postgres";
 import { findAdmin } from "../../services/admin";
+import { getS3Credentials } from "./utils";
+import { execAsync, execAsyncRemote } from "../process/execAsync";
+
+import type { BackupSchedule } from "@dokploy/server/services/backup";
 import { startLogCleanup } from "../access-log/handler";

 export const initCronJobs = async () => {
@@ -174,3 +179,38 @@ export const initCronJobs = async () => {
 		await startLogCleanup(admin.user.logCleanupCron);
 	}
 };
+
+export const keepLatestNBackups = async (
+	backup: BackupSchedule,
+	serverId?: string | null,
+) => {
+	// 0 also immediately returns which is good as the empty "keep latest" field in the UI
+	// is saved as 0 in the database
+	if (!backup.keepLatestCount) return;
+
+	try {
+		const rcloneFlags = getS3Credentials(backup.destination);
+		const backupFilesPath = path.join(
+			`:s3:${backup.destination.bucket}`,
+			backup.prefix,
+		);
+
+		// --include "*.sql.gz" ensures nothing else other than the db backup files are touched by rclone
+		const rcloneList = `rclone lsf ${rcloneFlags.join(" ")} --include "*.sql.gz" ${backupFilesPath}`;
+		// when we pipe the above command with this one, we only get the list of files we want to delete
+		const sortAndPickUnwantedBackups = `sort -r | tail -n +$((${backup.keepLatestCount}+1)) | xargs -I{}`;
+		// this command deletes the files
+		// to test the deletion before actually deleting we can add --dry-run before ${backupFilesPath}/{}
+		const rcloneDelete = `rclone delete ${rcloneFlags.join(" ")} ${backupFilesPath}/{}`;
+
+		const rcloneCommand = `${rcloneList} | ${sortAndPickUnwantedBackups} ${rcloneDelete}`;
+
+		if (serverId) {
+			await execAsyncRemote(serverId, rcloneCommand);
+		} else {
+			await execAsync(rcloneCommand);
+		}
+	} catch (error) {
+		console.error(error);
+	}
+};
--- a/packages/server/src/utils/backups/utils.ts
+++ b/packages/server/src/utils/backups/utils.ts
@@ -5,6 +5,7 @@ import { runMariadbBackup } from "./mariadb";
 import { runMongoBackup } from "./mongo";
 import { runMySqlBackup } from "./mysql";
 import { runPostgresBackup } from "./postgres";
+import { keepLatestNBackups } from ".";

 export const scheduleBackup = (backup: BackupSchedule) => {
 	const { schedule, backupId, databaseType, postgres, mysql, mongo, mariadb } =
@@ -12,12 +13,16 @@ export const scheduleBackup = (backup: BackupSchedule) => {
 	scheduleJob(backupId, schedule, async () => {
 		if (databaseType === "postgres" && postgres) {
 			await runPostgresBackup(postgres, backup);
+			await keepLatestNBackups(backup, postgres.serverId);
 		} else if (databaseType === "mysql" && mysql) {
 			await runMySqlBackup(mysql, backup);
+			await keepLatestNBackups(backup, mysql.serverId);
 		} else if (databaseType === "mongo" && mongo) {
 			await runMongoBackup(mongo, backup);
+			await keepLatestNBackups(backup, mongo.serverId);
 		} else if (databaseType === "mariadb" && mariadb) {
 			await runMariadbBackup(mariadb, backup);
+			await keepLatestNBackups(backup, mariadb.serverId);
 		}
 	});
 };
--- a/packages/server/src/utils/builders/railpack.ts
+++ b/packages/server/src/utils/builders/railpack.ts
@@ -3,7 +3,6 @@ import type { ApplicationNested } from ".";
 import { prepareEnvironmentVariables } from "../docker/utils";
 import { getBuildAppDirectory } from "../filesystem/directory";
 import { spawnAsync } from "../process/spawnAsync";
-import { execAsync } from "../process/execAsync";

 export const buildRailpack = async (
 	application: ApplicationNested,
@@ -17,32 +16,62 @@ export const buildRailpack = async (
 	);

 	try {
-		// Ensure buildkit container is running, create if it doesn't exist
-		await execAsync(
-			"docker container inspect buildkit >/dev/null 2>&1 || docker run --rm --privileged -d --name buildkit moby/buildkit",
-		);
+		// First prepare the build plan and info
+		const prepareArgs = [
+			"prepare",
+			buildAppDirectory,
+			"--plan-out",
+			`${buildAppDirectory}/railpack-plan.json`,
+			"--info-out",
+			`${buildAppDirectory}/railpack-info.json`,
+		];

-		// Build the application using railpack
-		const args = ["build", buildAppDirectory, "--name", appName];
-
-		// Add environment variables
+		// Add environment variables to prepare command
 		for (const env of envVariables) {
-			args.push("--env", env);
+			prepareArgs.push("--env", env);
 		}

+		// Run prepare command
+		await spawnAsync("railpack", prepareArgs, (data) => {
+			if (writeStream.writable) {
+				writeStream.write(data);
+			}
+		});
+
+		// Build with BuildKit using the Railpack frontend
+		const buildArgs = [
+			"buildx",
+			"build",
+			"--build-arg",
+			"BUILDKIT_SYNTAX=ghcr.io/railwayapp/railpack-frontend:v0.0.55",
+			"-f",
+			`${buildAppDirectory}/railpack-plan.json`,
+			"--output",
+			`type=docker,name=${appName}`,
+		];
+
+		// Add secrets properly formatted
+		const env: { [key: string]: string } = {};
+		for (const envVar of envVariables) {
+			const [key, value] = envVar.split("=");
+			if (key && value) {
+				buildArgs.push("--secret", `id=${key},env=${key}`);
+				env[key] = value;
+			}
+		}
+
+		buildArgs.push(buildAppDirectory);
+
 		await spawnAsync(
-			"railpack",
-			args,
+			"docker",
+			buildArgs,
 			(data) => {
 				if (writeStream.writable) {
 					writeStream.write(data);
 				}
 			},
 			{
-				env: {
-					...process.env,
-					BUILDKIT_HOST: "docker-container://buildkit",
-				},
+				env: { ...process.env, ...env },
 			},
 		);

@@ -63,25 +92,65 @@ export const getRailpackCommand = (
 		application.project.env,
 	);

-	// Build the application using railpack
-	const args = ["build", buildAppDirectory, "--name", appName];
+	// Prepare command
+	const prepareArgs = [
+		"prepare",
+		buildAppDirectory,
+		"--plan-out",
+		`${buildAppDirectory}/railpack-plan.json`,
+		"--info-out",
+		`${buildAppDirectory}/railpack-info.json`,
+	];

-	// Add environment variables
 	for (const env of envVariables) {
-		args.push("--env", env);
+		prepareArgs.push("--env", env);
 	}

-	const command = `railpack ${args.join(" ")}`;
+	// Build command
+	const buildArgs = [
+		"buildx",
+		"build",
+		"--build-arg",
+		"BUILDKIT_SYNTAX=ghcr.io/railwayapp/railpack-frontend:v0.0.55",
+		"-f",
+		`${buildAppDirectory}/railpack-plan.json`,
+		"--output",
+		`type=docker,name=${appName}`,
+	];
+
+	// Add secrets properly formatted
+	const exportEnvs = [];
+	for (const envVar of envVariables) {
+		const [key, value] = envVar.split("=");
+		if (key && value) {
+			buildArgs.push("--secret", `id=${key},env=${key}`);
+			exportEnvs.push(`export ${key}=${value}`);
+		}
+	}
+
+	buildArgs.push(buildAppDirectory);
+
 	const bashCommand = `
-	echo "Building with Railpack..." >> "${logPath}";
-	docker container inspect buildkit >/dev/null 2>&1 || docker run --rm --privileged -d --name buildkit moby/buildkit;
-	export BUILDKIT_HOST=docker-container://buildkit;
-	${command} >> ${logPath} 2>> ${logPath} || { 
-		echo "❌ Railpack build failed" >> ${logPath};
-		exit 1;
-	  }
-	echo "✅ Railpack build completed." >> ${logPath};
-	`;
+# Ensure we have a builder with containerd
+docker buildx create --use --name builder-containerd --driver docker-container || true
+docker buildx use builder-containerd
+
+echo "Preparing Railpack build plan..." >> "${logPath}";
+railpack ${prepareArgs.join(" ")} >> ${logPath} 2>> ${logPath} || { 
+	echo "❌ Railpack prepare failed" >> ${logPath};
+	exit 1;
+}
+echo "✅ Railpack prepare completed." >> ${logPath};
+
+echo "Building with Railpack frontend..." >> "${logPath}";
+# Export environment variables for secrets
+${exportEnvs.join("\n")}
+docker ${buildArgs.join(" ")} >> ${logPath} 2>> ${logPath} || { 
+	echo "❌ Railpack build failed" >> ${logPath};
+	exit 1;
+}
+echo "✅ Railpack build completed." >> ${logPath};
+`;

 	return bashCommand;
 };
--- a/packages/server/src/utils/docker/domain.ts
+++ b/packages/server/src/utils/docker/domain.ts
@@ -238,9 +238,9 @@ export const addDomainToCompose = async (

 		if (Array.isArray(labels)) {
 			if (!labels.includes("traefik.enable=true")) {
-				labels.push("traefik.enable=true");
+				labels.unshift("traefik.enable=true");
 			}
-			labels.push(...httpLabels);
+			labels.unshift(...httpLabels);
 		}

 		if (!compose.isolatedDeployment) {