From 143a189def3201bf8f79a7036b1e5e8c9aff87a8 Mon Sep 17 00:00:00 2001 From: Ben Date: Sat, 23 May 2026 15:24:46 +1000 Subject: [PATCH] docs(compose): update entrypoint comment for s6-overlay PR #30136 review caught: docker-compose.yml still said "If you override entrypoint, keep /opt/hermes/docker/entrypoint.sh in the command chain." That was true under tini; under s6-overlay the entrypoint is /init plus main-wrapper.sh, and entrypoint.sh is now only a backward-compat shim. Replace with an accurate description: /init must remain first in the chain because it's PID 1 and runs the cont-init.d scripts (chown, profile reconcile, dashboard toggle) before any service starts. --- docker-compose.yml | 10 +++++++--- 1 file changed, 7 insertions(+), 3 deletions(-) diff --git a/docker-compose.yml b/docker-compose.yml index e7cc0fb7dba..513cb8e18e8 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -15,9 +15,13 @@ # keys; exposing it on LAN without auth is unsafe. If you want remote # access, use an SSH tunnel or put it behind a reverse proxy that # adds authentication — do NOT pass --insecure --host 0.0.0.0. -# - If you override entrypoint, keep /opt/hermes/docker/entrypoint.sh in -# the command chain. It drops root to the hermes user before gateway -# files such as gateway.lock are created. +# - If you override entrypoint, keep `/init` as the first command in +# the chain (or let docker use the image's default ENTRYPOINT, +# which is `["/init", "/opt/hermes/docker/main-wrapper.sh"]`). +# `/init` is s6-overlay's PID 1 — it runs the cont-init.d scripts +# (chown, profile reconcile, dashboard toggle) and sets up the +# supervision tree before any service starts. Bypassing it skips +# all of that setup and the gateway will not work correctly. # - The gateway's API server is off unless you uncomment API_SERVER_KEY # and API_SERVER_HOST. See docs/user-guide/api-server.md before doing # this on an internet-facing host.