From 799c0c64799670debc3b19cc04692d41e95000f6 Mon Sep 17 00:00:00 2001 From: Ameen Vazayil <7609895+vazra@users.noreply.github.com> Date: Wed, 29 Apr 2026 19:18:36 -0700 Subject: [PATCH 1/5] docs: add v1.3.0 release blog post --- .../content/docs/blog/2026-04-30-v1-3-0.md | 82 +++++++++++++++++++ 1 file changed, 82 insertions(+) create mode 100644 docs-site/src/content/docs/blog/2026-04-30-v1-3-0.md diff --git a/docs-site/src/content/docs/blog/2026-04-30-v1-3-0.md b/docs-site/src/content/docs/blog/2026-04-30-v1-3-0.md new file mode 100644 index 0000000..6a84da7 --- /dev/null +++ b/docs-site/src/content/docs/blog/2026-04-30-v1-3-0.md @@ -0,0 +1,82 @@ +--- +title: SimpleDeploy 1.3.0 +date: 2026-04-30 +authors: + - name: SimpleDeploy maintainers + title: Project team + picture: https://github.com/vazra.png + url: https://github.com/vazra/simpledeploy +excerpt: Big release. Backups v2, multi-endpoint routing, local TLS, realtime UI, and a sweeping security pass. +tags: + - release +--- + +1.3.0 is the first release since 1.2.0 and it's a large one. Hundreds of commits, much of it focused on making SimpleDeploy safer to put on a public IP, plus three feature areas worth calling out. + +Full notes: [CHANGELOG](https://github.com/vazra/simpledeploy/blob/main/CHANGELOG.md). + +## Backups v2 + +The backup subsystem was rewritten end to end. + +- Six built-in strategies (sqlite, postgres, mysql, files, docker volumes, custom command), each behind the same interface. +- New scheduler with hot-reload, retention rules, pre/post lifecycle hooks, and a pipeline processor. +- Target detection so the dashboard can suggest the right strategy for each app. +- Per-backup checksum verification. +- A `BackupWizard` in the UI walks non-technical users through configuration in four steps. +- Per-app `Backups` tab and a `BackupHealthCard` on the dashboard. +- Backup events flow through the alert system, so a failed nightly snapshot can page you the same way a downed app does. + +Existing backups are migrated automatically. + +## Multi-endpoint routing and local TLS + +The reverse proxy gained two long-requested capabilities. + +- **Multi-endpoint apps.** A single app can publish more than one domain, each routed to a different service. No more splitting an app across compose stacks just to expose two hostnames. +- **Local TLS mode.** Caddy's internal issuer can now sign certs for local development or air-gapped installs. The dashboard exposes a trust page with a one-click CA download so a fresh laptop trusts the install in under a minute. +- **Shared `simpledeploy-public` network** with container-IP upstreams, removing the host-port hop for proxied traffic. + +## Realtime UI + +The dashboard is now event-driven. + +- A notify-only WebSocket bus (`GET /api/events`) streams state changes; REST stays the source of truth. +- Live terminal output for deploys, restores, and other long-running actions through a new `ActionModal`. +- Inline scale controls, activity feed, alert history with active-only toggle, deploy-version delete, and a degraded-app status badge. + +## Security hardening + +A coordinated pass closed a long list of issues found during a security review. Highlights: + +- JWT signing key derived per install via HKDF from `master_secret`, plus server-side invalidation via token version. +- Login lockout rekeyed to `(user, ip)` and CIDR-aware trusted-proxy handling. +- Management dashboard binds to `127.0.0.1` by default; published app ports pin to `127.0.0.1` unless explicitly public. +- WebSocket Origin checks, periodic re-auth on long-lived streams, capped frame sizes on log/deploy streams. +- Per-handler request body limits, panic-recovery middleware, slowloris defenses (`ReadHeaderTimeout`, `IdleTimeout`). +- CSP on the SPA, default security headers injected by Caddy. +- Backup restore validates the tar stream and caps gzip decompression to block compression bombs. +- Compose validation expanded to cover container-escape vectors, applied in both deploy and reconciler scan paths. +- Webhook SSRF DNS-rebinding window closed; reserved-IP filter expanded. +- Audit rows recorded for rollback, profile self-update, and gitsync config changes; preserved across app purge. +- Tighter file modes for secrets and app config; hardened `simpledeploy.service` systemd unit. + +A full security architecture and threat model now live in [`SECURITY.md`](https://github.com/vazra/simpledeploy/blob/main/SECURITY.md) and the contributor docs. + +## Upgrade + +Homebrew: + +```bash +brew update && brew upgrade simpledeploy +``` + +APT: + +```bash +sudo apt update && sudo apt install --only-upgrade simpledeploy +``` + +Binary tarball: [GitHub Releases](https://github.com/vazra/simpledeploy/releases/tag/v1.3.0). + +No manual migration steps. Backup v2 migrates on first start; existing schedules keep running. From 66a59aaad97abf0602e4f68f9f1714bd0c5f3ce1 Mon Sep 17 00:00:00 2001 From: Ameen Vazayil <7609895+vazra@users.noreply.github.com> Date: Wed, 29 Apr 2026 19:29:42 -0700 Subject: [PATCH 2/5] docs: add blog posts for v1.0.0, v1.1.0, v1.2.0 --- .../content/docs/blog/2026-04-08-v1-0-0.md | 50 +++++++++++++++++++ .../content/docs/blog/2026-04-08-v1-1-0.md | 20 ++++++++ .../content/docs/blog/2026-04-08-v1-2-0.md | 21 ++++++++ 3 files changed, 91 insertions(+) create mode 100644 docs-site/src/content/docs/blog/2026-04-08-v1-0-0.md create mode 100644 docs-site/src/content/docs/blog/2026-04-08-v1-1-0.md create mode 100644 docs-site/src/content/docs/blog/2026-04-08-v1-2-0.md diff --git a/docs-site/src/content/docs/blog/2026-04-08-v1-0-0.md b/docs-site/src/content/docs/blog/2026-04-08-v1-0-0.md new file mode 100644 index 0000000..0962907 --- /dev/null +++ b/docs-site/src/content/docs/blog/2026-04-08-v1-0-0.md @@ -0,0 +1,50 @@ +--- +title: SimpleDeploy 1.0.0 +date: 2026-04-08 +authors: + - name: SimpleDeploy maintainers + title: Project team + picture: https://github.com/vazra.png + url: https://github.com/vazra/simpledeploy +excerpt: First public release. One Go binary, Docker Compose apps on a VPS with HTTPS, metrics, backups, alerts, and a dashboard. +tags: + - release +--- + +The 1.0.0 cut. Everything needed to run a small fleet of Compose apps on a single VPS, in one binary. + +## What's in the box + +- **CLI + API server.** `simpledeploy serve` runs the daemon; the CLI talks to it locally or remotely with context switching (`simpledeploy context`). +- **Reconciler.** Drops a `compose.yml` in the apps directory and SimpleDeploy applies it. A directory watcher with debounce handles edits. +- **Embedded Caddy.** Reverse proxy is built in, programmatic config (no Caddyfile), with custom modules for per-domain rate limiting and request metrics. +- **SQLite + WAL store.** Apps, deploys, users, API keys, app access, metrics, request stats, alerts, webhooks, backups, all in one local file. +- **Auth.** Passwords (bcrypt), JWT sessions, API keys with scopes, per-app access middleware, login rate limiting. +- **Metrics.** System and container stats collector, buffered batch writer, tiered rollup and pruning, query API. +- **Request stats.** Caddy module records every request; tiered rollup powers the dashboard charts. +- **Backups.** Strategies and targets with a scheduler, configs and run history in the store, CLI commands. +- **Alerts.** Rule evaluator, webhook dispatch with built-in templates, history. +- **Svelte dashboard.** Embedded in the Go binary. Login, app list, app detail with charts and live logs, deploy/remove flows, backups page, alerts page, user management. +- **Log streaming.** Process stdout/stderr through a ring buffer, exposed live over WebSocket and the CLI. + +## Install + +Homebrew tap: + +```bash +brew install vazra/tap/simpledeploy +``` + +APT: + +```bash +curl -fsSL https://vazra.github.io/apt-repo/key.gpg | sudo gpg --dearmor -o /etc/apt/keyrings/simpledeploy.gpg +echo "deb [signed-by=/etc/apt/keyrings/simpledeploy.gpg] https://vazra.github.io/apt-repo stable main" | sudo tee /etc/apt/sources.list.d/simpledeploy.list +sudo apt update && sudo apt install simpledeploy +``` + +Or grab a tarball from [GitHub Releases](https://github.com/vazra/simpledeploy/releases/tag/v1.0.0). + +## Where to start + +`simpledeploy serve`, point a browser at the dashboard, complete first-time setup, and deploy your first compose app from the UI or via `simpledeploy apply`. diff --git a/docs-site/src/content/docs/blog/2026-04-08-v1-1-0.md b/docs-site/src/content/docs/blog/2026-04-08-v1-1-0.md new file mode 100644 index 0000000..7f75136 --- /dev/null +++ b/docs-site/src/content/docs/blog/2026-04-08-v1-1-0.md @@ -0,0 +1,20 @@ +--- +title: SimpleDeploy 1.1.0 +date: 2026-04-08 +authors: + - name: SimpleDeploy maintainers + title: Project team + picture: https://github.com/vazra.png + url: https://github.com/vazra/simpledeploy +excerpt: Patch release fixing the goreleaser pipeline so artifacts publish cleanly. +tags: + - release +--- + +A same-day follow-up to 1.0.0 to fix the release pipeline. + +### Bug fixes + +- Reset git state after the UI build so goreleaser doesn't see a dirty tree and skip publishing. + +No code or behavior changes for users. Upgrade only if you're scripting against the latest tag. diff --git a/docs-site/src/content/docs/blog/2026-04-08-v1-2-0.md b/docs-site/src/content/docs/blog/2026-04-08-v1-2-0.md new file mode 100644 index 0000000..450796b --- /dev/null +++ b/docs-site/src/content/docs/blog/2026-04-08-v1-2-0.md @@ -0,0 +1,21 @@ +--- +title: SimpleDeploy 1.2.0 +date: 2026-04-08 +authors: + - name: SimpleDeploy maintainers + title: Project team + picture: https://github.com/vazra.png + url: https://github.com/vazra/simpledeploy +excerpt: Patch release. CGO disabled for cross-compilation so Linux ARM64 and macOS builds publish. +tags: + - release +--- + +Second same-day follow-up to 1.0.0. + +### Bug fixes + +- Disable CGO for cross-compilation. Linux ARM64 and macOS arm64/amd64 binaries now build cleanly under goreleaser. +- Reset git state after UI build (carried over from 1.1.0). + +This is the recommended 1.x baseline until [1.3.0](/blog/2026-04-30-v1-3-0/). From 6bf28a4699a70e5c064bf35364d13c0f4e0a1570 Mon Sep 17 00:00:00 2001 From: Ameen Vazayil <7609895+vazra@users.noreply.github.com> Date: Wed, 29 Apr 2026 19:31:04 -0700 Subject: [PATCH 3/5] docs: spread v1.0/v1.1/v1.2 blog dates across 2026-04-06..08 --- .../docs/blog/{2026-04-08-v1-0-0.md => 2026-04-06-v1-0-0.md} | 2 +- .../docs/blog/{2026-04-08-v1-1-0.md => 2026-04-07-v1-1-0.md} | 4 ++-- docs-site/src/content/docs/blog/2026-04-08-v1-2-0.md | 2 +- 3 files changed, 4 insertions(+), 4 deletions(-) rename docs-site/src/content/docs/blog/{2026-04-08-v1-0-0.md => 2026-04-06-v1-0-0.md} (99%) rename docs-site/src/content/docs/blog/{2026-04-08-v1-1-0.md => 2026-04-07-v1-1-0.md} (86%) diff --git a/docs-site/src/content/docs/blog/2026-04-08-v1-0-0.md b/docs-site/src/content/docs/blog/2026-04-06-v1-0-0.md similarity index 99% rename from docs-site/src/content/docs/blog/2026-04-08-v1-0-0.md rename to docs-site/src/content/docs/blog/2026-04-06-v1-0-0.md index 0962907..a87cdd8 100644 --- a/docs-site/src/content/docs/blog/2026-04-08-v1-0-0.md +++ b/docs-site/src/content/docs/blog/2026-04-06-v1-0-0.md @@ -1,6 +1,6 @@ --- title: SimpleDeploy 1.0.0 -date: 2026-04-08 +date: 2026-04-06 authors: - name: SimpleDeploy maintainers title: Project team diff --git a/docs-site/src/content/docs/blog/2026-04-08-v1-1-0.md b/docs-site/src/content/docs/blog/2026-04-07-v1-1-0.md similarity index 86% rename from docs-site/src/content/docs/blog/2026-04-08-v1-1-0.md rename to docs-site/src/content/docs/blog/2026-04-07-v1-1-0.md index 7f75136..b205dc2 100644 --- a/docs-site/src/content/docs/blog/2026-04-08-v1-1-0.md +++ b/docs-site/src/content/docs/blog/2026-04-07-v1-1-0.md @@ -1,6 +1,6 @@ --- title: SimpleDeploy 1.1.0 -date: 2026-04-08 +date: 2026-04-07 authors: - name: SimpleDeploy maintainers title: Project team @@ -11,7 +11,7 @@ tags: - release --- -A same-day follow-up to 1.0.0 to fix the release pipeline. +Quick follow-up to 1.0.0 to fix the release pipeline. ### Bug fixes diff --git a/docs-site/src/content/docs/blog/2026-04-08-v1-2-0.md b/docs-site/src/content/docs/blog/2026-04-08-v1-2-0.md index 450796b..332ad22 100644 --- a/docs-site/src/content/docs/blog/2026-04-08-v1-2-0.md +++ b/docs-site/src/content/docs/blog/2026-04-08-v1-2-0.md @@ -11,7 +11,7 @@ tags: - release --- -Second same-day follow-up to 1.0.0. +Second follow-up to 1.0.0. ### Bug fixes From acd4cb979a88a9c95a5c54d167068c7bd93248c7 Mon Sep 17 00:00:00 2001 From: Ameen Vazayil <7609895+vazra@users.noreply.github.com> Date: Wed, 29 Apr 2026 19:31:59 -0700 Subject: [PATCH 4/5] docs: revert blog dates to actual release date 2026-04-08 --- .../docs/blog/{2026-04-06-v1-0-0.md => 2026-04-08-v1-0-0.md} | 2 +- .../docs/blog/{2026-04-07-v1-1-0.md => 2026-04-08-v1-1-0.md} | 4 ++-- docs-site/src/content/docs/blog/2026-04-08-v1-2-0.md | 2 +- 3 files changed, 4 insertions(+), 4 deletions(-) rename docs-site/src/content/docs/blog/{2026-04-06-v1-0-0.md => 2026-04-08-v1-0-0.md} (99%) rename docs-site/src/content/docs/blog/{2026-04-07-v1-1-0.md => 2026-04-08-v1-1-0.md} (86%) diff --git a/docs-site/src/content/docs/blog/2026-04-06-v1-0-0.md b/docs-site/src/content/docs/blog/2026-04-08-v1-0-0.md similarity index 99% rename from docs-site/src/content/docs/blog/2026-04-06-v1-0-0.md rename to docs-site/src/content/docs/blog/2026-04-08-v1-0-0.md index a87cdd8..0962907 100644 --- a/docs-site/src/content/docs/blog/2026-04-06-v1-0-0.md +++ b/docs-site/src/content/docs/blog/2026-04-08-v1-0-0.md @@ -1,6 +1,6 @@ --- title: SimpleDeploy 1.0.0 -date: 2026-04-06 +date: 2026-04-08 authors: - name: SimpleDeploy maintainers title: Project team diff --git a/docs-site/src/content/docs/blog/2026-04-07-v1-1-0.md b/docs-site/src/content/docs/blog/2026-04-08-v1-1-0.md similarity index 86% rename from docs-site/src/content/docs/blog/2026-04-07-v1-1-0.md rename to docs-site/src/content/docs/blog/2026-04-08-v1-1-0.md index b205dc2..7f75136 100644 --- a/docs-site/src/content/docs/blog/2026-04-07-v1-1-0.md +++ b/docs-site/src/content/docs/blog/2026-04-08-v1-1-0.md @@ -1,6 +1,6 @@ --- title: SimpleDeploy 1.1.0 -date: 2026-04-07 +date: 2026-04-08 authors: - name: SimpleDeploy maintainers title: Project team @@ -11,7 +11,7 @@ tags: - release --- -Quick follow-up to 1.0.0 to fix the release pipeline. +A same-day follow-up to 1.0.0 to fix the release pipeline. ### Bug fixes diff --git a/docs-site/src/content/docs/blog/2026-04-08-v1-2-0.md b/docs-site/src/content/docs/blog/2026-04-08-v1-2-0.md index 332ad22..450796b 100644 --- a/docs-site/src/content/docs/blog/2026-04-08-v1-2-0.md +++ b/docs-site/src/content/docs/blog/2026-04-08-v1-2-0.md @@ -11,7 +11,7 @@ tags: - release --- -Second follow-up to 1.0.0. +Second same-day follow-up to 1.0.0. ### Bug fixes From 8ce8e337fbed482c0d8d0e34a141359f0c05999c Mon Sep 17 00:00:00 2001 From: Ameen Vazayil <7609895+vazra@users.noreply.github.com> Date: Wed, 29 Apr 2026 19:32:27 -0700 Subject: [PATCH 5/5] docs: predate same-day v1.0/v1.1 posts to 04-06/04-07 --- .../docs/blog/{2026-04-08-v1-0-0.md => 2026-04-06-v1-0-0.md} | 2 +- .../docs/blog/{2026-04-08-v1-1-0.md => 2026-04-07-v1-1-0.md} | 4 ++-- docs-site/src/content/docs/blog/2026-04-08-v1-2-0.md | 2 +- 3 files changed, 4 insertions(+), 4 deletions(-) rename docs-site/src/content/docs/blog/{2026-04-08-v1-0-0.md => 2026-04-06-v1-0-0.md} (99%) rename docs-site/src/content/docs/blog/{2026-04-08-v1-1-0.md => 2026-04-07-v1-1-0.md} (86%) diff --git a/docs-site/src/content/docs/blog/2026-04-08-v1-0-0.md b/docs-site/src/content/docs/blog/2026-04-06-v1-0-0.md similarity index 99% rename from docs-site/src/content/docs/blog/2026-04-08-v1-0-0.md rename to docs-site/src/content/docs/blog/2026-04-06-v1-0-0.md index 0962907..a87cdd8 100644 --- a/docs-site/src/content/docs/blog/2026-04-08-v1-0-0.md +++ b/docs-site/src/content/docs/blog/2026-04-06-v1-0-0.md @@ -1,6 +1,6 @@ --- title: SimpleDeploy 1.0.0 -date: 2026-04-08 +date: 2026-04-06 authors: - name: SimpleDeploy maintainers title: Project team diff --git a/docs-site/src/content/docs/blog/2026-04-08-v1-1-0.md b/docs-site/src/content/docs/blog/2026-04-07-v1-1-0.md similarity index 86% rename from docs-site/src/content/docs/blog/2026-04-08-v1-1-0.md rename to docs-site/src/content/docs/blog/2026-04-07-v1-1-0.md index 7f75136..b205dc2 100644 --- a/docs-site/src/content/docs/blog/2026-04-08-v1-1-0.md +++ b/docs-site/src/content/docs/blog/2026-04-07-v1-1-0.md @@ -1,6 +1,6 @@ --- title: SimpleDeploy 1.1.0 -date: 2026-04-08 +date: 2026-04-07 authors: - name: SimpleDeploy maintainers title: Project team @@ -11,7 +11,7 @@ tags: - release --- -A same-day follow-up to 1.0.0 to fix the release pipeline. +Quick follow-up to 1.0.0 to fix the release pipeline. ### Bug fixes diff --git a/docs-site/src/content/docs/blog/2026-04-08-v1-2-0.md b/docs-site/src/content/docs/blog/2026-04-08-v1-2-0.md index 450796b..332ad22 100644 --- a/docs-site/src/content/docs/blog/2026-04-08-v1-2-0.md +++ b/docs-site/src/content/docs/blog/2026-04-08-v1-2-0.md @@ -11,7 +11,7 @@ tags: - release --- -Second same-day follow-up to 1.0.0. +Second follow-up to 1.0.0. ### Bug fixes