Skip to content

Releases: kossakovsky/selfhost-ai

v1.7.1

Choose a tag to compare

@kossakovsky kossakovsky released this 09 Jul 22:19
9817f3e

Changed

  • Project renamed to Selfhost AI — The repository moved from kossakovsky/n8n-install to kossakovsky/selfhost-ai to reflect that the stack has grown well beyond n8n. GitHub redirects all old links and git remotes automatically, so existing installations keep working without changes. On the next make update, remotes still pointing at an old URL are repointed to the new one automatically (protocol preserved; fork remotes are never touched — only remotes targeting the canonical kossakovsky/n8n-install or the project's original name kossakovsky/n8n-installer are rewritten). The installer handles clones under all three directory names.

Fixed

  • Installer — The nested-clone cleanup in install.sh now verifies that the parent directory is actually a copy of this repository before removing anything. Previously, cloning into a same-named plain folder (e.g. ~/selfhost-ai/selfhost-ai) made the installer delete the fresh clone (including .env with generated secrets on re-runs) and exit silently.

Upgrade

make update

Nothing else is required. Existing installations update in place through GitHub's redirect, and the updater repoints your git remote to the new URL automatically (forks are untouched). If you prefer migrating to a fresh clone instead, copy .env and the supabase//dify/ directories from the old checkout — Docker volumes are reused automatically (-p localai), but secrets and external-stack data live in those files.

Full Changelog: v1.7.0...v1.7.1

v1.7.0

Choose a tag to compare

@kossakovsky kossakovsky released this 09 Jul 17:49
f0a0741

Added

  • InvokeAI — Professional Stable Diffusion studio with web UI, workflow editor, and REST API. Selectable NVIDIA/AMD/CPU hardware profiles (invokeai-nvidia, invokeai-amd, invokeai-cpu), protected by Caddy basic auth; models and outputs stored in ./invokeai (#72).
  • Hermes Agent — Autonomous AI agent platform by Nous Research (skills, persistent memory, MCP, multi-agent workflows) as an optional hermes profile. Web dashboard at HERMES_HOSTNAME (protected by Hermes's built-in basic auth with generated credentials) and OpenAI-compatible API at HERMES_API_HOSTNAME / http://hermes:8642/v1 (Bearer HERMES_API_SERVER_KEY), so n8n workflows can call it like any OpenAI endpoint. Persistent data lives in ./hermes (gitignored) for direct editing of .env, config.yaml, skills, and memories (#71).
  • Cloudflare Tunnel — Configurable transport protocol via CLOUDFLARE_TUNNEL_PROTOCOL in .env: auto (default, prefers QUIC with HTTP/2 fallback), quic, or http2. Set http2 if your ISP or firewall blocks UDP and the tunnel is unstable (#69).

Changed

  • Docker Compose — Wrap all ${VARIABLE} interpolations in double quotes to guard against YAML parsing issues with special characters in inline default values and keep the quoting style consistent across the file. No functional change: the rendered docker compose config output is identical (#70).

Fixed

  • Installer — Fail fast with a clear error when bcrypt hash generation fails during secret generation (affects all services behind Caddy basic auth). Previously an empty hash was written silently, which either broke Caddy config parsing on startup (taking down every service) or left the service behind a deny-all basic auth with no error surfaced.
  • Hermes Agent — Add the missing make update-preview entry and Cloudflare Tunnel routing rows for the Hermes hostnames; make doctor now reports an error when the hermes profile is active but HERMES_API_SERVER_KEY is empty (the API server refuses to start without it).

Upgrade

make update

The update re-runs the service selection wizard — pick InvokeAI (choosing NVIDIA/AMD/CPU hardware in the follow-up dialog) and/or Hermes Agent there, then point DNS at the new hostnames (invokeai., hermes., hermes-api.yourdomain.com). Credentials are auto-generated and shown on the Welcome Page. For Hermes, configure an LLM provider once with docker compose -p localai run --rm hermes setup. If your Cloudflare tunnel is unstable, set CLOUDFLARE_TUNNEL_PROTOCOL=http2 in .env.

Full Changelog: v1.6.0...v1.7.0

v1.6.0

Choose a tag to compare

@kossakovsky kossakovsky released this 01 Jul 19:13
915d2e6

Added

  • Ollama — Optionally expose the Ollama API through Caddy under OLLAMA_HOSTNAME, protected by a generated Bearer token (OLLAMA_CADDY_API_TOKEN). Lets external tools reach locally-hosted models (native /api/* and OpenAI-compatible /v1/* endpoints); point DNS at the hostname to activate. Requests must send Authorization: Bearer <token>; unauthorized requests get 401. A leaked token grants full control (including pulling/deleting models), so make doctor now reports an error if the hostname is set but the token is empty (#67).

Upgrade

make update

After updating, expose the API by setting OLLAMA_HOSTNAME to a real subdomain (e.g. ollama.yourdomain.com) and pointing DNS at your server. Every request must send Authorization: Bearer <OLLAMA_CADDY_API_TOKEN> — the token is auto-generated on update and is shown on the Welcome Page as API Token. Leave OLLAMA_HOSTNAME at its placeholder to keep Ollama internal-only.

Full Changelog: v1.5.2...v1.6.0

v1.5.2

Choose a tag to compare

@kossakovsky kossakovsky released this 27 Jun 19:54
0274e79

Fixed

  • n8n — Fix ERR_ERL_UNEXPECTED_X_FORWARDED_FOR thrown by express-rate-limit behind the Caddy reverse proxy. The compose file set N8N_TRUST_PROXY: true, which n8n does not recognize, so Express trust proxy stayed false. Replaced it with the correct N8N_PROXY_HOPS (number of reverse proxy hops, default 1, overridable via .env for multi-proxy setups) (#65).

Upgrade

make update

After updating, the ERR_ERL_UNEXPECTED_X_FORWARDED_FOR log spam stops and n8n derives the real client IP from X-Forwarded-For instead of Caddy's container IP. The default N8N_PROXY_HOPS=1 matches the bundled Caddy proxy; raise it by one per extra trusted proxy you place in front of Caddy. No .env changes are required — the compose default applies automatically.

Full Changelog: v1.5.1...v1.5.2

v1.5.1

Choose a tag to compare

@kossakovsky kossakovsky released this 18 Jun 03:46

Fixed

  • Supabase — Fix make update breaking existing databases by silently upgrading Postgres across major versions (e.g. 15.8.1.08517.6.1.136), which left supabase-db unhealthy and aborted the update. The installer now detects the major version of the data already on disk (PG_VERSION) and pins supabase/postgres to a compatible tag after pulling upstream changes. Fresh installs continue to follow upstream (PG17); existing PG15 volumes stay on PG15 until you migrate manually (#64).

Upgrade

make update

During Supabase startup you should see Pinned Supabase Postgres to supabase/postgres:15.8.1.085 …, and supabase-db will stay on your existing major version (running (healthy)). Repeated updates are idempotent — the major version is no longer bumped silently.

Full Changelog: v1.5.0...v1.5.1

v1.5.0

Choose a tag to compare

@kossakovsky kossakovsky released this 17 May 18:41

Fixed

  • cAdvisor — Fix memory leak and uncontrolled CPU growth (up to ~3.5 GB RAM / 168% CPU on hosts with ~40+ containers) by pinning image to v0.55.1, adding resource limits (mem_limit: 1g, cpus: "1.0"), and tuning runtime flags (--housekeeping_interval=10s, --docker_only=true).
  • NocoDB — Fix Missing process handler for job type job errors in n8n queue caused by NocoDB sharing the default Bull queue jobs with n8n in Redis db0. NocoDB is now isolated to Redis db1 via NC_REDIS_URL=redis://redis:6379/1.
  • Dify — Fix install never starting (could not translate host name "db_postgres") by activating Dify's bundled compose profiles (postgresql, weaviate) when starting the stack, and passing all Dify profiles when tearing it down so containers like db_postgres and weaviate get stopped cleanly (#61).
  • n8n — Namespace Bull queue (QUEUE_BULL_PREFIX=n8n) to prevent neighbour conflicts, raise task runner timeout to 300s, and disable runner auto-shutdown to fix Missing process handler and Task request timed out errors. Default N8N_RUNNERS_MAX_CONCURRENCY raised 5 → 10. All four values configurable via .env.

Upgrade

make update

scripts/03_generate_secrets.sh --update will sync the three new n8n queue/runner variables (QUEUE_BULL_PREFIX, N8N_RUNNERS_TASK_REQUEST_TIMEOUT, N8N_RUNNERS_AUTO_SHUTDOWN_TIMEOUT) into your .env. Existing values are preserved.

Full Changelog: v1.4.3...v1.5.0

v1.4.3

Choose a tag to compare

@kossakovsky kossakovsky released this 28 Apr 03:00

Fixed

  • LightRAG — Fix crash-loop (TOKEN_SECRET must be explicitly set) by generating LIGHTRAG_TOKEN_SECRET and passing it as TOKEN_SECRET to the container. Recent upstream releases require an explicit JWT signing secret whenever AUTH_ACCOUNTS is configured (#60).

Upgrade

make update

scripts/03_generate_secrets.sh --update will auto-generate LIGHTRAG_TOKEN_SECRET in your .env (existing values are preserved). After update, restart restores LightRAG.

Full Changelog: v1.4.2...v1.4.3

v1.4.2

Choose a tag to compare

@kossakovsky kossakovsky released this 28 Mar 23:55

Fixed

  • n8n - Make N8N_PAYLOAD_SIZE_MAX configurable via .env (was hardcoded to 256, ignoring user overrides)
  • Uptime Kuma - Fix healthcheck failure (wget: not found) by switching to Node.js-based check

v1.4.1

Choose a tag to compare

@kossakovsky kossakovsky released this 23 Mar 22:24

Fixed

  • Supabase Storage - Fix crash-loop (Region is missing) by adding missing S3 storage configuration variables (REGION, GLOBAL_S3_BUCKET, STORAGE_TENANT_ID) from upstream Supabase
  • Supabase - Sync new environment variables to existing supabase/docker/.env during updates (previously only populated on first install)

v1.4.0

Choose a tag to compare

@kossakovsky kossakovsky released this 16 Mar 02:23
d344291

Added

  • Uptime Kuma — Self-hosted uptime monitoring with 90+ notification services
  • pgvector — Switch PostgreSQL image to pgvector/pgvector for vector similarity search support

Full Changelog: v1.3.3...v1.4.0