akanealw/Charon
1
0
Fork 0
Code Issues Pull Requests Actions 6 Packages Projects Releases Wiki Activity

feat: Implement CrowdSec toggle fix validation and documentation updates

Browse Source 
- Added QA summary report for CrowdSec toggle fix validation, detailing test results, code quality audit, and recommendations for deployment.
- Updated existing QA report to reflect the new toggle fix validation status and testing cycle.
- Enhanced security documentation to explain the persistence of CrowdSec across container restarts and troubleshooting steps for common issues.
- Expanded troubleshooting guide to address scenarios where CrowdSec does not start after a container restart, including diagnosis and solutions.
This commit is contained in:
GitHub Actions
2025-12-15 07:24:51 +00:00
parent 2a04dbc49d
commit 2a6175a97e
20 changed files with 4696 additions and 822 deletions
Download Patch File Download Diff File Expand all files Collapse all files

32
docs/security.md
View File

@@ -98,6 +98,38 @@ When you toggle CrowdSec ON, Charon:
✅ That's it! CrowdSec starts automatically and begins blocking bad IPs once LAPI is ready.
**Persistence Across Restarts:**
Once enabled, CrowdSec **automatically starts** when the container restarts:
- ✅ Server reboot → CrowdSec auto-starts
- ✅ Docker restart → CrowdSec auto-starts
- ✅ Container update → CrowdSec auto-starts
- ❌ Manual toggle OFF → CrowdSec stays disabled until you re-enable
**How it works:**
- Your preference is stored in two places (Settings and SecurityConfig tables)
- Reconciliation function runs at container startup
- Checks both tables to determine if CrowdSec should auto-start
- Logs show: "CrowdSec reconciliation: starting based on SecurityConfig mode='local'"
**Verification after restart:**
```bash
docker restart charon
sleep 15
docker exec charon cscli lapi status
```
Expected output:
```
✓ You can successfully interact with Local API (LAPI)
```
**Troubleshooting auto-start:** See [CrowdSec Not Starting After Restart](troubleshooting/crowdsec.md#crowdsec-not-starting-after-container-restart)
⚠️ **DEPRECATED:** Environment variables like `CHARON_SECURITY_CROWDSEC_MODE=local` are **no longer used**. CrowdSec is now GUI-controlled, just like WAF, ACL, and Rate Limiting. If you have these environment variables in your docker-compose.yml, remove them and use the GUI toggle instead. See [Migration Guide](migration-guide.md).
**What you'll see:** The Cerberus pages show blocked IPs and why they were blocked.