From 58e991140786803ec07f79b5d051cbf4b842ce59 Mon Sep 17 00:00:00 2001
From: Luigi Maiorano <luigi.maiorano@qumo.io>
Date: Mon, 13 Apr 2026 14:47:52 +0200
Subject: [PATCH] docker compose fix

---
 .env.example       |  2 +-
 docker-compose.yml | 29 +++++++++++++++++------------
 2 files changed, 18 insertions(+), 13 deletions(-)

diff --git a/.env.example b/.env.example
index c2f4e54..c9472c6 100644
--- a/.env.example
+++ b/.env.example
@@ -2,7 +2,7 @@
 OVERLEAF_EMAIL=your@email.com
 OVERLEAF_PASSWORD=your-overleaf-password
 MCP_DOMAIN=overleaf-mcp.qumo.io
-AUTHENTIK_ISSUER_URL=https://auth.qumo.io/application/o/overleaf-mcp/
+AUTHENTIK_OIDC_CONFIG_URL=https://auth.qumo.io/application/o/overleaf-mcp/
 AUTHENTIK_CLIENT_ID=<from step 1>
 AUTHENTIK_CLIENT_SECRET=<from step 1>
 ALLOWED_USER=you@qumo.io
\ No newline at end of file
diff --git a/docker-compose.yml b/docker-compose.yml
index d19f3a9..792c4ff 100644
--- a/docker-compose.yml
+++ b/docker-compose.yml
@@ -5,8 +5,7 @@ services:
       dockerfile: Dockerfile
     container_name: overleaf-mcp
     restart: unless-stopped
-    networks:
-      - qumo_services_proxy_network
+    # No ports — Caddy reaches this via qumo_services_proxy_network
     environment:
       - OVERLEAF_EMAIL=${OVERLEAF_EMAIL}
       - OVERLEAF_PASSWORD=${OVERLEAF_PASSWORD}
@@ -17,32 +16,38 @@ services:
       - browser-data:/root/.overleaf-mcp/browser-data
       - pdf-output:/data/resumes
       - latex-output:/data/output
-      - certs:/root/.local/share/mcp-auth-proxy
+      - auth-data:/app/data
     shm_size: "2gb"
     security_opt:
       - seccomp=unconfined
     command:
       - --external-url
       - https://${MCP_DOMAIN}
-      - --tls-accept-tos
-      - --oidc-issuer
-      - ${AUTHENTIK_ISSUER_URL}
+      - --listen
+      - ":8080"
+      - --no-auto-tls
+      - --oidc-configuration-url
+      - ${AUTHENTIK_OIDC_CONFIG_URL}
       - --oidc-client-id
       - ${AUTHENTIK_CLIENT_ID}
       - --oidc-client-secret
       - ${AUTHENTIK_CLIENT_SECRET}
-      - --allowed-user
+      - --oidc-allowed-users
       - ${ALLOWED_USER}
+      - --oidc-provider-name
+      - Authentik
       - --
       - node
       - /app/dist/index.js
+    networks:
+      - qumo_services_proxy_network
+
+networks:
+  qumo_services_proxy_network:
+    external: true
 
 volumes:
   browser-data:
   pdf-output:
   latex-output:
-  certs:
-
-networks:
-  qumo_services_proxy_network:
-    external: true
\ No newline at end of file
+  auth-data:
\ No newline at end of file