Releases: kossakovsky/selfhost-ai
Release list
v1.7.1
Changed
- Project renamed to Selfhost AI — The repository moved from
kossakovsky/n8n-installtokossakovsky/selfhost-aito reflect that the stack has grown well beyond n8n. GitHub redirects all old links and git remotes automatically, so existing installations keep working without changes. On the nextmake update, remotes still pointing at an old URL are repointed to the new one automatically (protocol preserved; fork remotes are never touched — only remotes targeting the canonicalkossakovsky/n8n-installor the project's original namekossakovsky/n8n-installerare rewritten). The installer handles clones under all three directory names.
Fixed
- Installer — The nested-clone cleanup in
install.shnow verifies that the parent directory is actually a copy of this repository before removing anything. Previously, cloning into a same-named plain folder (e.g.~/selfhost-ai/selfhost-ai) made the installer delete the fresh clone (including.envwith generated secrets on re-runs) and exit silently.
Upgrade
make updateNothing else is required. Existing installations update in place through GitHub's redirect, and the updater repoints your git remote to the new URL automatically (forks are untouched). If you prefer migrating to a fresh clone instead, copy .env and the supabase//dify/ directories from the old checkout — Docker volumes are reused automatically (-p localai), but secrets and external-stack data live in those files.
Full Changelog: v1.7.0...v1.7.1
v1.7.0
Added
- InvokeAI — Professional Stable Diffusion studio with web UI, workflow editor, and REST API. Selectable NVIDIA/AMD/CPU hardware profiles (
invokeai-nvidia,invokeai-amd,invokeai-cpu), protected by Caddy basic auth; models and outputs stored in./invokeai(#72). - Hermes Agent — Autonomous AI agent platform by Nous Research (skills, persistent memory, MCP, multi-agent workflows) as an optional
hermesprofile. Web dashboard atHERMES_HOSTNAME(protected by Hermes's built-in basic auth with generated credentials) and OpenAI-compatible API atHERMES_API_HOSTNAME/http://hermes:8642/v1(BearerHERMES_API_SERVER_KEY), so n8n workflows can call it like any OpenAI endpoint. Persistent data lives in./hermes(gitignored) for direct editing of.env,config.yaml, skills, and memories (#71). - Cloudflare Tunnel — Configurable transport protocol via
CLOUDFLARE_TUNNEL_PROTOCOLin.env:auto(default, prefers QUIC with HTTP/2 fallback),quic, orhttp2. Sethttp2if your ISP or firewall blocks UDP and the tunnel is unstable (#69).
Changed
- Docker Compose — Wrap all
${VARIABLE}interpolations in double quotes to guard against YAML parsing issues with special characters in inline default values and keep the quoting style consistent across the file. No functional change: the rendereddocker compose configoutput is identical (#70).
Fixed
- Installer — Fail fast with a clear error when bcrypt hash generation fails during secret generation (affects all services behind Caddy basic auth). Previously an empty hash was written silently, which either broke Caddy config parsing on startup (taking down every service) or left the service behind a deny-all basic auth with no error surfaced.
- Hermes Agent — Add the missing
make update-previewentry and Cloudflare Tunnel routing rows for the Hermes hostnames;make doctornow reports an error when thehermesprofile is active butHERMES_API_SERVER_KEYis empty (the API server refuses to start without it).
Upgrade
make updateThe update re-runs the service selection wizard — pick InvokeAI (choosing NVIDIA/AMD/CPU hardware in the follow-up dialog) and/or Hermes Agent there, then point DNS at the new hostnames (invokeai., hermes., hermes-api.yourdomain.com). Credentials are auto-generated and shown on the Welcome Page. For Hermes, configure an LLM provider once with docker compose -p localai run --rm hermes setup. If your Cloudflare tunnel is unstable, set CLOUDFLARE_TUNNEL_PROTOCOL=http2 in .env.
Full Changelog: v1.6.0...v1.7.0
v1.6.0
Added
- Ollama — Optionally expose the Ollama API through Caddy under
OLLAMA_HOSTNAME, protected by a generated Bearer token (OLLAMA_CADDY_API_TOKEN). Lets external tools reach locally-hosted models (native/api/*and OpenAI-compatible/v1/*endpoints); point DNS at the hostname to activate. Requests must sendAuthorization: Bearer <token>; unauthorized requests get401. A leaked token grants full control (including pulling/deleting models), somake doctornow reports an error if the hostname is set but the token is empty (#67).
Upgrade
make updateAfter updating, expose the API by setting OLLAMA_HOSTNAME to a real subdomain (e.g. ollama.yourdomain.com) and pointing DNS at your server. Every request must send Authorization: Bearer <OLLAMA_CADDY_API_TOKEN> — the token is auto-generated on update and is shown on the Welcome Page as API Token. Leave OLLAMA_HOSTNAME at its placeholder to keep Ollama internal-only.
Full Changelog: v1.5.2...v1.6.0
v1.5.2
Fixed
- n8n — Fix
ERR_ERL_UNEXPECTED_X_FORWARDED_FORthrown byexpress-rate-limitbehind the Caddy reverse proxy. The compose file setN8N_TRUST_PROXY: true, which n8n does not recognize, so Expresstrust proxystayedfalse. Replaced it with the correctN8N_PROXY_HOPS(number of reverse proxy hops, default1, overridable via.envfor multi-proxy setups) (#65).
Upgrade
make updateAfter updating, the ERR_ERL_UNEXPECTED_X_FORWARDED_FOR log spam stops and n8n derives the real client IP from X-Forwarded-For instead of Caddy's container IP. The default N8N_PROXY_HOPS=1 matches the bundled Caddy proxy; raise it by one per extra trusted proxy you place in front of Caddy. No .env changes are required — the compose default applies automatically.
Full Changelog: v1.5.1...v1.5.2
v1.5.1
Fixed
- Supabase — Fix
make updatebreaking existing databases by silently upgrading Postgres across major versions (e.g.15.8.1.085→17.6.1.136), which leftsupabase-dbunhealthyand aborted the update. The installer now detects the major version of the data already on disk (PG_VERSION) and pinssupabase/postgresto a compatible tag after pulling upstream changes. Fresh installs continue to follow upstream (PG17); existing PG15 volumes stay on PG15 until you migrate manually (#64).
Upgrade
make updateDuring Supabase startup you should see Pinned Supabase Postgres to supabase/postgres:15.8.1.085 …, and supabase-db will stay on your existing major version (running (healthy)). Repeated updates are idempotent — the major version is no longer bumped silently.
Full Changelog: v1.5.0...v1.5.1
v1.5.0
Fixed
- cAdvisor — Fix memory leak and uncontrolled CPU growth (up to ~3.5 GB RAM / 168% CPU on hosts with ~40+ containers) by pinning image to
v0.55.1, adding resource limits (mem_limit: 1g,cpus: "1.0"), and tuning runtime flags (--housekeeping_interval=10s,--docker_only=true). - NocoDB — Fix
Missing process handler for job type joberrors in n8n queue caused by NocoDB sharing the default Bull queuejobswith n8n in Redis db0. NocoDB is now isolated to Redis db1 viaNC_REDIS_URL=redis://redis:6379/1. - Dify — Fix install never starting (
could not translate host name "db_postgres") by activating Dify's bundled compose profiles (postgresql,weaviate) when starting the stack, and passing all Dify profiles when tearing it down so containers likedb_postgresandweaviateget stopped cleanly (#61). - n8n — Namespace Bull queue (
QUEUE_BULL_PREFIX=n8n) to prevent neighbour conflicts, raise task runner timeout to 300s, and disable runner auto-shutdown to fixMissing process handlerandTask request timed outerrors. DefaultN8N_RUNNERS_MAX_CONCURRENCYraised 5 → 10. All four values configurable via.env.
Upgrade
make updatescripts/03_generate_secrets.sh --update will sync the three new n8n queue/runner variables (QUEUE_BULL_PREFIX, N8N_RUNNERS_TASK_REQUEST_TIMEOUT, N8N_RUNNERS_AUTO_SHUTDOWN_TIMEOUT) into your .env. Existing values are preserved.
Full Changelog: v1.4.3...v1.5.0
v1.4.3
Fixed
- LightRAG — Fix crash-loop (
TOKEN_SECRET must be explicitly set) by generatingLIGHTRAG_TOKEN_SECRETand passing it asTOKEN_SECRETto the container. Recent upstream releases require an explicit JWT signing secret wheneverAUTH_ACCOUNTSis configured (#60).
Upgrade
make updatescripts/03_generate_secrets.sh --update will auto-generate LIGHTRAG_TOKEN_SECRET in your .env (existing values are preserved). After update, restart restores LightRAG.
Full Changelog: v1.4.2...v1.4.3
v1.4.2
Fixed
- n8n - Make
N8N_PAYLOAD_SIZE_MAXconfigurable via.env(was hardcoded to 256, ignoring user overrides) - Uptime Kuma - Fix healthcheck failure (
wget: not found) by switching to Node.js-based check
v1.4.1
Fixed
- Supabase Storage - Fix crash-loop (
Region is missing) by adding missing S3 storage configuration variables (REGION,GLOBAL_S3_BUCKET,STORAGE_TENANT_ID) from upstream Supabase - Supabase - Sync new environment variables to existing
supabase/docker/.envduring updates (previously only populated on first install)
v1.4.0
Added
- Uptime Kuma — Self-hosted uptime monitoring with 90+ notification services
- pgvector — Switch PostgreSQL image to
pgvector/pgvectorfor vector similarity search support
Full Changelog: v1.3.3...v1.4.0