hhftechnology
diff --git a/‎README.md‎
Lines changed: 19 additions & 622 deletions b/‎README.md‎
Lines changed: 19 additions & 622 deletions
diff --git a/‎cmd/server/main.go‎
Lines changed: 15 additions & 5 deletions b/‎cmd/server/main.go‎
Lines changed: 15 additions & 5 deletions
diff --git a/‎docs/content/docs/configuration/environment.mdx‎
Lines changed: 19 additions & 153 deletions b/‎docs/content/docs/configuration/environment.mdx‎
Lines changed: 19 additions & 153 deletions
diff --git a/‎docs/content/docs/configuration/networking.mdx‎
Lines changed: 8 additions & 37 deletions b/‎docs/content/docs/configuration/networking.mdx‎
Lines changed: 8 additions & 37 deletions
diff --git a/‎docs/content/docs/configuration/volumes.mdx‎
Lines changed: 16 additions & 34 deletions b/‎docs/content/docs/configuration/volumes.mdx‎
Lines changed: 16 additions & 34 deletions
diff --git a/‎docs/content/docs/features/stack-updates.mdx‎
Lines changed: 1 addition & 1 deletion b/‎docs/content/docs/features/stack-updates.mdx‎
Lines changed: 1 addition & 1 deletion
@@ -18,6 +18,7 @@ import (
 	"crowdsec-manager/internal/api/handlers"
 	"crowdsec-manager/internal/api/middleware"
 	"crowdsec-manager/internal/backup"
+	"crowdsec-manager/internal/cache"
 	"crowdsec-manager/internal/config"
 	"crowdsec-manager/internal/configvalidator"
 	"crowdsec-manager/internal/cron"
@@ -132,7 +133,8 @@ func main() {
 		api.RegisterBackupRoutes(apiGroup, backupManager, dockerClient)
 		api.RegisterUpdateRoutes(apiGroup, dockerClient, cfg)
 		api.RegisterCronRoutes(apiGroup, cronScheduler)
-		api.RegisterServicesRoutes(apiGroup, dockerClient, db, cfg)
+		ttlCache := cache.New()
+		api.RegisterServicesRoutes(apiGroup, dockerClient, db, cfg, ttlCache)
 		api.RegisterNotificationRoutes(apiGroup, dockerClient, db, cfg)
 		api.RegisterProfileRoutes(apiGroup, db, cfg, dockerClient)
 		api.RegisterHostRoutes(apiGroup, multiHost)
@@ -158,12 +160,20 @@ func main() {
 	// Suppress unused variable warnings — publisher will be used by handlers in Phase 4
 	_ = publisher
 
-	// Serve React frontend static assets and handle client-side routing
+	// Serve React frontend static assets and handle client-side routing.
+	// Assets use content-hashed filenames so they can be cached indefinitely.
 	router.Static("/assets", "./web/dist/assets")
-	router.StaticFile("/", "./web/dist/index.html")
-	router.NoRoute(func(c *gin.Context) {
+	// index.html must not be cached — it references hashed asset URLs that
+	// change on each build. Without no-cache the browser may serve a stale
+	// copy (304) that points to old, non-existent JS chunks.
+	serveIndex := func(c *gin.Context) {
+		c.Header("Cache-Control", "no-cache, no-store, must-revalidate")
+		c.Header("Pragma", "no-cache")
+		c.Header("Expires", "0")
 		c.File("./web/dist/index.html")
-	})
+	}
+	router.GET("/", func(c *gin.Context) { serveIndex(c) })
+	router.NoRoute(serveIndex)
 
 	// Create HTTP server with production-ready timeouts to prevent resource exhaustion
 	srv := &http.Server{
 
@@ -1,167 +1,33 @@
 ---
 title: Environment Variables
-description: Comprehensive guide to environment configuration
+description: Core runtime configuration for CrowdSec Manager
 ---
 
 # Environment Variables
 
-CrowdSec Manager is configured primarily through environment variables passed to the Docker container.
+The minimum deployment needs only a small environment set. Add more variables only when your paths or container names differ.
 
-## Summary
+## Minimum variables (recommended)
 
-**Are any variables absolutely necessary?**
-Technically, **no**. The application is designed with sensible defaults for all configuration options. You can run the application without setting any environment variables, provided the default paths (like `./data` and `./logs`) are writable and Docker is available locally.
-
-## Detailed Variable Breakdown
-
-### Core Application Configuration
-
-| Variable | Default | Impact / Description |
-| :--- | :--- | :--- |
-| `PORT` | `8080` | The HTTP port the manager listens on. Change this if port 8080 is already in use. |
-| `ENVIRONMENT` | `production` | Sets the application mode. Use `development` for verbose logging and dev features. |
-| `LOG_LEVEL` | `info` | Controls logging verbosity. Options: `debug`, `info`, `warn`, `error`. |
-| `LOG_FILE` | `/app/logs/crowdsec-manager.log` | Path where the application log file is written. |
-
-### Docker & Service Discovery
-
-| Variable | Default | Impact / Description |
+| Variable | Example | Purpose |
 | :--- | :--- | :--- |
-| `DOCKER_HOST` | `unix:///var/run/docker.sock` | Address of the Docker daemon. If empty, it uses the default local socket. Set this if connecting to a remote Docker instance. |
-| `COMPOSE_FILE` | `/app/docker-compose.yml` | Path to the Docker Compose file. The manager reads this to discover services and manage updates. |
-| `*_CONTAINER_NAME` | `crowdsec`, `traefik`, etc. | Overrides for container names if your stack uses different names (e.g., `CROWDSEC_CONTAINER_NAME`, `TRAEFIK_CONTAINER_NAME`). |
-| `PANGOLIN_DIR` | `/app` | Base working directory for the application. |
-| `CONFIG_DIR` | `/app/config` | Directory where configuration files are stored. |
+| `PORT` | `8080` | HTTP port inside the container. |
+| `ENVIRONMENT` | `production` | Runtime mode. |
+| `TRAEFIK_DYNAMIC_CONFIG` | `/etc/traefik/dynamic_config.yml` | Traefik dynamic config path used by manager actions. |
+| `TRAEFIK_CONTAINER_NAME` | `traefik` | Traefik container name in your stack. |
+| `TRAEFIK_STATIC_CONFIG` | `/etc/traefik/traefik_config.yml` | Traefik static config path. |
 
-### File Paths & Persistence
+## Common optional variables
 
-| Variable | Default | Impact / Description |
+| Variable | Default | When to change |
 | :--- | :--- | :--- |
-| `DATABASE_PATH` | `/app/data/settings.db` | Location of the SQLite database storing app settings. Ensure this path is persistent. |
-| `BACKUP_DIR` | `/app/backups` | Directory where backups are stored. |
-| `RETENTION_DAYS` | `60` | Number of days to keep backups before auto-deletion. |
-
-### Integrations (Traefik & CrowdSec)
-
-| Variable | Default | Impact / Description |
-| :--- | :--- | :--- |
-| `TRAEFIK_DYNAMIC_CONFIG` | `/etc/traefik/dynamic_config.yml` | Path to Traefik's dynamic config file. Used to manage middlewares/routers. |
-| `TRAEFIK_STATIC_CONFIG` | `/etc/traefik/traefik_config.yml` | Path to Traefik's static config file. |
-| `TRAEFIK_ACCESS_LOG` | `/var/log/traefik/access.log` | Path to read Traefik access logs from. |
-| `TRAEFIK_ERROR_LOG` | `/var/log/traefik/traefik.log` | Path to read Traefik error logs from. |
-| `CROWDSEC_ACQUIS_FILE` | `/etc/crowdsec/acquis.yaml` | Path to CrowdSec's acquisition configuration. |
-| `INCLUDE_CROWDSEC` | `true` | Whether to manage CrowdSec container updates/restarts. |
-
-## Recommendation
-
-For a standard deployment, you likely only need to configure:
-1.  **`PORT`**: If you have a port conflict.
-2.  **`COMPOSE_FILE`**: If your compose file is not in the default location.
-3.  **`DOCKER_HOST`**: If running in a complex Docker environment.
-
-Everything else can safely be left to defaults unless you have specific customization needs (like changing log locations or backup retention).
-
-## Handling Custom Paths
-
-A common source of confusion is the difference between **internal container paths** (where the app looks for files) and **external host paths** (where files actually exist on your server).
-
-### The Golden Rule
-
-- **Environment Variables** tell the application **where to look inside the container**.
-- **Docker Volumes** map your **real host files** to those **internal container locations**.
-
-### Example: Custom CrowdSec Installation
-
-Suppose your CrowdSec installation is at `/opt/my-custom-crowdsec` instead of the standard `/etc/crowdsec`.
-
-**DO NOT** change the environment variable `CROWDSEC_ACQUIS_FILE` to `/opt/my-custom-crowdsec/acquis.yaml`. The container cannot see your `/opt` directory directly!
-
-**Instead, update your `docker-compose.yml` volumes:**
-
-```yaml
-services:
-  crowdsec-manager:
-    environment:
-      # LEAVE THIS AS DEFAULT
-      - CROWDSEC_ACQUIS_FILE=/etc/crowdsec/acquis.yaml
-    volumes:
-      # Map YOUR custom path (left) to the CONTAINER'S expected path (right)
-      - /opt/my-custom-crowdsec/acquis.yaml:/etc/crowdsec/acquis.yaml:ro
-```
-
-By changing the volume mapping, you "trick" the container into seeing your custom file at the standard location it expects. This is almost always the correct way to handle custom paths.
-
-### Common Customization Examples
-
-Here are examples for the most common customization requests. In all cases, **keep the environment variable at its default value** and change the volume mapping in `docker-compose.yml`.
-
-#### 1. Custom CrowdSec Configuration Folder
-
-If your CrowdSec configuration is stored in `/mnt/security/crowdsec`:
-
-```yaml
-services:
-  crowdsec-manager:
-    environment:
-      - CROWDSEC_ACQUIS_FILE=/etc/crowdsec/acquis.yaml # Default
-    volumes:
-      # Map your custom folder to the standard location
-      - /mnt/security/crowdsec/acquis.yaml:/etc/crowdsec/acquis.yaml:ro
-```
-
-#### 2. Custom Traefik Logs Location
-
-If your Traefik logs are stored in `/var/log/custom-traefik`:
-
-```yaml
-services:
-  crowdsec-manager:
-    environment:
-      - TRAEFIK_ACCESS_LOG=/var/log/traefik/access.log # Default
-      - TRAEFIK_ERROR_LOG=/var/log/traefik/traefik.log # Default
-    volumes:
-      # Map your custom log directory to the standard location
-      - /var/log/custom-traefik:/var/log/traefik:ro
-```
-
-#### 3. Custom Traefik Configuration File
-
-If your Traefik static configuration is at `/opt/traefik/traefik.toml`:
-
-```yaml
-services:
-  crowdsec-manager:
-    environment:
-      - TRAEFIK_STATIC_CONFIG=/etc/traefik/traefik_config.yml # Default
-    volumes:
-      # Map your custom config file to the standard location
-      - /opt/traefik/traefik.toml:/etc/traefik/traefik_config.yml:ro
-```
-
-#### 4. Custom Traefik Dynamic Configuration
-
-If your dynamic configuration is at `/opt/traefik/dynamic/rules.yml`:
-
-```yaml
-services:
-  crowdsec-manager:
-    environment:
-      - TRAEFIK_DYNAMIC_CONFIG=/etc/traefik/dynamic_config.yml # Default
-    volumes:
-      # Map your custom dynamic config to the standard location
-      - /opt/traefik/dynamic/rules.yml:/etc/traefik/dynamic_config.yml:ro
-```
-
-#### 5. Custom CrowdSec Manager Logs
+| `DATABASE_PATH` | `/app/data/settings.db` | If you store app data elsewhere in container. |
+| `BACKUP_DIR` | `/app/backups` | If backup path is customized in container. |
+| `LOG_LEVEL` | `info` | For troubleshooting (`debug`) or quieter logs. |
+| `RETENTION_DAYS` | `60` | To change backup retention policy. |
 
-If you want the manager's own logs to be stored in `/var/log/crowdsec-manager`:
+## Notes
 
-```yaml
-services:
-  crowdsec-manager:
-    environment:
-      - LOG_FILE=/app/logs/crowdsec-manager.log # Default
-    volumes:
-      # Map your custom log directory to the standard location
-      - /var/log/crowdsec-manager:/app/logs
-```
+- Keep environment values as in-container paths.
+- Use Docker volume mappings to map host paths to those container paths.
+- Multi-proxy support is not available in this release.
@@ -1,28 +1,19 @@
 ---
 title: Networking
-description: Network configuration and port management
+description: Required Docker network and access model
 ---
 
 # Networking
 
-CrowdSec Manager requires specific network configurations to communicate with other services in your stack.
+CrowdSec Manager expects a shared external Docker network named `pangolin`.
 
-## The Pangolin Network
-
-The application expects an external Docker network named `pangolin` to exist. This shared network allows CrowdSec Manager to communicate with:
-- CrowdSec
-- Traefik
-- Other integrated services
-
-### Creating the Network
+## Required network
 
 ```bash
 docker network create pangolin
 ```
 
-### Connecting Services
-
-Ensure all related services in your `docker-compose.yml` are connected to this network:
+## Compose requirement
 
 ```yaml
 networks:
@@ -33,30 +24,10 @@ services:
   crowdsec-manager:
     networks:
       - pangolin
-  
-  traefik:
-    networks:
-      - pangolin
 ```
 
-## Port Configuration
-
-The application listens on port `8080` inside the container.
-
-### Direct Access
-Map the port directly to the host:
+## Access patterns
 
-```yaml
-ports:
-  - "8080:8080"
-```
-
-### Reverse Proxy (Traefik)
-If using Traefik, you don't need to expose the port. Instead, use labels:
-
-```yaml
-labels:
-  - "traefik.enable=true"
-  - "traefik.http.routers.manager.rule=Host(`manager.example.com`)"
-  - "traefik.http.services.manager.loadbalancer.server.port=8080"
-```
+- Keep `expose: "8080"` when a reverse proxy handles routing.
+- Use `ports: "8080:8080"` only if you want direct host access.
+- Multi-proxy deployment is not supported in this release.
@@ -1,45 +1,23 @@
 ---
 title: Volumes & Persistence
-description: Understanding data persistence and volume mappings
+description: Required and optional volume mappings
 ---
 
 # Volumes & Persistence
 
-Proper volume mapping is critical for data persistence and functionality.
+The minimum deployment relies on five volume mappings.
 
-## Required Volumes
+## Required volumes
 
-### Docker Socket
-- **Host Path**: `/var/run/docker.sock`
-- **Container Path**: `/var/run/docker.sock`
-- **Purpose**: Allows the manager to control Docker containers (start, stop, update).
+| Host path | Container path | Purpose |
+| :--- | :--- | :--- |
+| `/var/run/docker.sock` | `/var/run/docker.sock` | Docker API access for service actions. |
+| `/root/config` | `/app/config` | Runtime configuration files used by manager workflows. |
+| `/root/docker-compose.yml` | `/app/docker-compose.yml` | Compose file used for stack operations. |
+| `./backups` | `/app/backups` | Backup artifacts. |
+| `./data` | `/app/data` | Persistent settings database and app data. |
 
-### Configuration Directory
-- **Host Path**: `/root/config` (example)
-- **Container Path**: `/app/config`
-- **Purpose**: Stores application configuration files.
-
-### Docker Compose File
-- **Host Path**: `/root/docker-compose.yml` (example)
-- **Container Path**: `/app/docker-compose.yml`
-- **Purpose**: Allows the manager to read and update the stack configuration.
-
-### Data Directory
-- **Host Path**: `./data`
-- **Container Path**: `/app/data`
-- **Purpose**: Persists the SQLite database (`settings.db`). **Critical for saving settings.**
-
-### Backups
-- **Host Path**: `./backups`
-- **Container Path**: `/app/backups`
-- **Purpose**: Stores generated system backups.
-
-### Logs (Optional but Recommended)
-- **Host Path**: `/root/config/traefik/logs`
-- **Container Path**: `/var/log/traefik`
-- **Purpose**: Allows the manager to read and analyze Traefik logs.
-
-## Example Configuration
+## Minimum example
 
 ```yaml
 volumes:
@@ -48,5 +26,9 @@ volumes:
   - /root/docker-compose.yml:/app/docker-compose.yml
   - ./backups:/app/backups
   - ./data:/app/data
-  - /root/config/traefik/logs:/var/log/traefik
 ```
+
+## Optional volumes
+
+- Traefik log path mapping, if you want in-app log analysis from host log files.
+- Custom config mounts, only when your host paths differ from defaults.
@@ -10,7 +10,7 @@ Keep your security stack up to date with the built-in update manager.
 ## Features
 
 ### Version Management
-Update Docker images with custom tags. You can specify a specific version (e.g., `v1.2.3`) or use `latest`.
+Update Docker images with explicit version tags (for example `1.0.0`).
 
 ### Graceful Updates
 The system performs updates gracefully: