akanealw/Charon
1
0
Fork 0
Code Issues Pull Requests Actions 14 Packages Projects Releases Wiki Activity
Files
0022b43c8db3f4fa6d16ca0d2f6cd82ee41a6aab
Charon/docs/crowdsec-auto-start-quickref.md
GitHub Actions 739895d81e fix(security): resolve CrowdSec startup and permission issues 
Fixes CrowdSec not starting automatically on container boot and LAPI
binding failures due to permission issues.

Changes:
- Fix Dockerfile: Add charon:charon ownership for CrowdSec directories
- Move reconciliation from routes.go goroutine to main.go initialization
- Add mutex protection to prevent concurrent reconciliation
- Increase LAPI startup timeout from 30s to 60s
- Add config validation in entrypoint script

Testing:
- Backend coverage: 85.4% ( meets requirement)
- Frontend coverage: 87.01% ( exceeds requirement)
- Security: 0 Critical/High vulnerabilities ( Trivy + Go scans)
- All CrowdSec-specific tests passing ( 100%)

Technical Details:
- Reconciliation now runs synchronously during app initialization
  (after DB migrations, before HTTP server starts)
- Maintains "GUI-controlled" design philosophy per entrypoint docs
- Follows principle of least privilege (charon user, not root)
- No breaking changes to API or behavior

Documentation:
- Implementation guide: docs/implementation/crowdsec_startup_fix_COMPLETE.md
- Migration guide: docs/implementation/crowdsec_startup_fix_MIGRATION.md
- QA report: docs/reports/qa_report_crowdsec_startup_fix.md

Related: #crowdsec-startup-timeout
2025-12-23 01:59:21 +00:00

1.6 KiB
Raw Blame History

CrowdSec Auto-Start - Quick Reference

Version: v0.9.0+ Last Updated: December 23, 2025

🚀 What's New

CrowdSec now automatically starts when the container restarts (if it was previously enabled).

Verification (One Command)

docker exec charon cscli lapi status

Expected: ✓ You can successfully interact with Local API (LAPI)

🔧 Enable CrowdSec

  1. Open Security dashboard
  2. Toggle CrowdSec ON
  3. Wait 10-15 seconds

Done! CrowdSec will auto-start on future restarts.

🔄 After Container Restart

docker restart charon
sleep 15
docker exec charon cscli lapi status

If working: CrowdSec shows "Active" If not working: See troubleshooting below

⚠️ Troubleshooting (3 Steps)

1. Check Logs

docker logs charon 2>&1 | grep "CrowdSec reconciliation"

2. Check Mode

docker exec charon sqlite3 /app/data/charon.db \
  "SELECT crowdsec_mode FROM security_configs LIMIT 1;"

Expected: local

3. Manual Start

curl -X POST http://localhost:8080/api/v1/admin/crowdsec/start

📖 Full Documentation

🆘 Get Help

GitHub Issues: Report Problems

Quick reference for v0.9.0+ CrowdSec auto-start behavior

Reference in New Issue View Git Blame Copy Permalink