๐ฏ Quick Start Zero-Configuration Fix
This release fixes a critical issue where the documented Quick Start deployment was failing with SESSION_SECRET is required in production environment. The Quick Start now works exactly as documented - with zero configuration required.
๐ Fixes
Quick Start Deployment Failures (#198)
Problem: Container crashed on startup when using the documented minimal docker-compose.yml configuration.
Root Causes:
- SESSION_SECRET was required in production mode, breaking zero-config promise
- HSTS headers were being sent over HTTP due to inconsistent COOKIE_SECURE logic
Solution:
- โ Auto-generate SESSION_SECRET with informative warnings when not set
- โ Default COOKIE_SECURE to false for HTTP compatibility
- โ Fix HSTS header logic to align with COOKIE_SECURE defaults
- โ Container now starts successfully with only MESHTASTIC_NODE_IP configured
โจ Improvements
Automated Testing
Added comprehensive Quick Start test suite (test-quick-start.sh):
- 11 automated tests validating zero-config deployment
- Tests container startup, session handling, CSRF protection, and authentication
- Prevents regression of Quick Start functionality
- Run with:
npm run test:quick-start
Better Security Warnings
Clear, actionable warnings in container logs:
- Explains when SESSION_SECRET auto-generation is acceptable (home use)
- Guidance for HTTPS deployments requiring explicit COOKIE_SECURE=true
- No more confusing silent defaults
Updated Documentation
Clarified Quick Start behavior in docs/getting-started.md:
- Explains production mode with HTTP-friendly defaults
- Clear security tradeoff documentation
- Guidance for transitioning to HTTPS
๐ฆ Deployment
No Breaking Changes: Existing deployments with SESSION_SECRET and/or COOKIE_SECURE explicitly set are unaffected.
Quick Start docker-compose.yml (works as-is):
services:
meshmonitor:
image: ghcr.io/yeraze/meshmonitor:v2.4.5
ports:
- "8080:3001"
volumes:
- meshmonitor-data:/data
environment:
- MESHTASTIC_NODE_IP=192.168.5.106
restart: unless-stopped
volumes:
meshmonitor-data:๐ Testing
- โ 614 unit tests passing
- โ 11 Quick Start integration tests passing
- โ Manual verification with documented Quick Start config
๐ Changed Files
src/server/auth/sessionConfig.ts: Auto-generate SESSION_SECRET, default COOKIE_SECURE to falsesrc/server/server.ts: Fix HSTS header logicdocs/getting-started.md: Update Quick Start documentationtest-quick-start.sh: Add automated test suite (new)package.json: Add test:quick-start scripthelm/meshmonitor/Chart.yaml: Version bumpdocker-simple.yml: Example configuration (new)
๐ Full Changelog
See PR #198 for detailed technical discussion.
Docker Images:
ghcr.io/yeraze/meshmonitor:v2.4.5ghcr.io/yeraze/meshmonitor:latest
๐ MeshMonitor v2.4.5
๐ฆ Installation
Docker (recommended):
docker run -d \
--name meshmonitor \
-p 8080:3001 \
-v meshmonitor-data:/data \
ghcr.io/Yeraze/meshmonitor:v2.4.5๐งช Testing
โ
All tests passed
โ
TypeScript checks passed
โ
Docker images built for linux/amd64, linux/arm64, linux/arm/v7
๐ Changes
See commit history for detailed changes.