docs: align docker-compose env docs with #7907 (required credentials, TRUST_PROXY default)

[JohnMcLear]

Follow-up to #7907 (merged), which changed docker-compose.yml to require ADMIN_PASSWORD and the database password and to default TRUST_PROXY to false — but didn't touch the docs/templates. This brings them in line.

Changes

• .env.default — document DOCKER_COMPOSE_APP_TRUST_PROXY (set true only behind a trusted reverse proxy; otherwise HTTPS detection / secure cookies and client-IP handling are wrong), and note that DOCKER_COMPOSE_APP_ADMIN_PASSWORD is now required (compose won't start while it's empty).
• .env.dev.default — document the dev equivalent DOCKER_COMPOSE_APP_DEV_ENV_TRUST_PROXY (defaults true in docker-compose.dev.yml).
• README.md / doc/docker.md — refresh the embedded compose snippets, which still showed the old :-admin / TRUST_PROXY:-true defaults.

Notes

• This is docs/templates only — no code or compose behaviour change.
• Heads-up for the changelog at next release: docker-compose: harden default credentials and proxy trust (draft, under discussion) #7907 is a breaking change for docker-compose users — docker compose up now fails until ADMIN_PASSWORD/DB password are set, and anyone running behind a reverse proxy must now set DOCKER_COMPOSE_APP_TRUST_PROXY=true (previously the compose defaulted it to true). Worth a release-note line.
• Separately: .env.default still ships an empty DOCKER_COMPOSE_APP_ADMIN_PASSWORD=, so copying it and running now hard-fails by design. If that first-run friction is unwanted, softening the compose :? to a warning would be a follow-up to docker-compose: harden default credentials and proxy trust (draft, under discussion) #7907 (code, not docs) — left out of this PR intentionally.

🤖 Generated with Claude Code

[qodo-code-review]

Qodo reviews are paused for this user.

Troubleshooting steps vary by plan Learn more →

On a Teams plan?
Reviews resume once this user has a paid seat and their Git account is linked in Qodo.
Link Git account →

Using GitHub Enterprise Server, GitLab Self-Managed, or Bitbucket Data Center?
These require an Enterprise plan - Contact us
Contact us →

[qodo-free-for-open-source-projects]

Code Review by Qodo

🐞 Bugs (1) 📘 Rule violations (0)

1. Missing final newline 🐞 Bug ⚙ Maintainability

Description

.env.dev.default still has no trailing newline, violating the repo’s EditorConfig and potentially
causing formatting/lint noise or messy diffs on future edits.

Code

.env.dev.default[22]

DOCKER_COMPOSE_POSTGRES_DEV_ENV_POSTGRES_USER=etherpad-lite-user

Evidence

The repository’s EditorConfig requires a final newline, but .env.dev.default ends at the last
variable assignment without one (also indicated by the PR diff’s No newline at end of file
marker).

.editorconfig[1-9]
.env.dev.default[14-22]

Agent prompt

The issue below was found during a code review. Follow the provided context and guidance below and implement a solution

### Issue description
The file `.env.dev.default` does not end with a newline, which violates the repository’s `.editorconfig` setting `insert_final_newline = true`.

### Issue Context
This PR modifies `.env.dev.default` but retains the missing final newline, which can trigger formatting checks and create awkward diffs.

### Fix Focus Areas
- `.env.dev.default[22-22]`

ⓘ Copy this prompt and use it to remediate the issue with your preferred AI generation tools

---

[qodo-free-for-open-source-projects]

Review Summary by Qodo

Document docker-compose credential and TRUST_PROXY changes from #7907

📝 Documentation

Walkthroughs

Description

• Document required credentials and TRUST_PROXY security settings
• Update docker-compose snippets to reflect #7907 breaking changes
• Add TRUST_PROXY configuration guidance for reverse proxy deployments
• Clarify ADMIN_PASSWORD and database password requirements

Diagram

flowchart LR
  A["#7907 Changes<br/>docker-compose.yml"] -->|"Require credentials<br/>Default TRUST_PROXY=false"| B["Documentation Updates"]
  B --> C[".env.default<br/>Add TRUST_PROXY docs"]
  B --> D[".env.dev.default<br/>Add dev TRUST_PROXY"]
  B --> E["README.md & doc/docker.md<br/>Update compose snippets"]
  C --> F["Security Guidance<br/>for Reverse Proxy"]
  D --> F
  E --> G["Reflect Breaking Changes<br/>in Examples"]

Loading

File Changes

1. .env.default 📝 Documentation +10/-0

Document required credentials and TRUST_PROXY settings

• Added comprehensive documentation for DOCKER_COMPOSE_APP_ADMIN_PASSWORD marking it as required
 with security warning
• Added DOCKER_COMPOSE_APP_TRUST_PROXY variable with detailed guidance on reverse proxy
 configuration
• Explained security implications of TRUST_PROXY setting for HTTPS detection and client-IP handling

.env.default

---

2. .env.dev.default 📝 Documentation +4/-0

Add dev environment TRUST_PROXY configuration

• Added DOCKER_COMPOSE_APP_DEV_ENV_TRUST_PROXY variable with default value true
• Documented that dev environment defaults differ from production for convenience
• Provided guidance for disabling when not behind reverse proxy

.env.dev.default

---

3. README.md 📝 Documentation +4/-4

Update compose snippet to reflect breaking changes

• Updated ADMIN_PASSWORD from optional with :-admin fallback to required with error message
• Updated DB_PASS from optional with :-admin fallback to required with error message
• Changed TRUST_PROXY default from true to false to match #7907 changes
• Updated postgres service POSTGRES_PASSWORD to required with error message

README.md

---

View more (1)

4. doc/docker.md 📝 Documentation +4/-4

Update compose snippet to reflect breaking changes

• Updated ADMIN_PASSWORD from optional with :-admin fallback to required with error message
• Updated DB_PASS from optional with :-admin fallback to required with error message
• Changed TRUST_PROXY default from true to false to match #7907 changes
• Updated postgres service POSTGRES_PASSWORD to required with error message

doc/docker.md

---