vh/NetAlertX
1
0
Fork 0
mirror of https://github.com/jokob-sk/NetAlertX.git synced 2025-12-07 09:36:05 -08:00
Code Issues Actions Packages Projects Releases Wiki Activity

/data and /tmp standarization

Browse Source
This commit is contained in:
Adam Outler
2025-11-04 22:26:35 +00:00
parent 90a07c61eb
commit 5b871865db
250 changed files with 7462 additions and 4940 deletions
Download Patch File Download Diff File Expand all files Collapse all files

23
install/production-filesystem/README.md
View File

@@ -6,12 +6,20 @@ This document describes the filesystem structure of the NetAlertX production Doc
## Directory Structure
### `/app` - Main Application Directory
The core application location where NetAlertX runs. This directory contains the main application code and working data, with source code directories mounted in read-only mode for security. It provides the runtime environment for all NetAlertX operations including device scanning, web interface, and data processing.
The core application location where NetAlertX runs. This directory contains only the application code in production. Configuration, database files, and logs now live in dedicated `/data` and `/tmp` mounts to keep the runtime read-only and auditable.
The core application location. Contains:
- Source code directories (`back`, `front`, `server`) copied in read-only mode
- Working directories for runtime data (`config`, `db`, `log`)
- Other directories are not needed in production and are excluded
- Service orchestration scripts under `/services`
- No persistent data or logs—those are redirected to `/data` and `/tmp`
### `/data` - Persistent Configuration and Database
Writable volume that stores administrator-managed settings and database state. The entrypoint ensures directories are owned by the `netalertx` user (UID 20211).
Contains:
- `/data/config` - persisted settings such as `app.conf`
- `/data/db` - SQLite database files (e.g., `app.db`)
- Optional host bind mounts for backups or external sync
### `/build` - Build-Time Scripts
Temporary directory used during Docker image building to prepare the container environment. Scripts in this directory run during the build process to set up the system before it's locked down for production use. This ensures the container is properly configured before runtime.
@@ -59,10 +67,13 @@ Pre-startup checks and specialized maintenance tools:
- `list-ports.sh` - Network port enumeration script
- `opnsense_leases/` - OPNsense DHCP lease integration tools
#### `/services/run` - Runtime Data
Directory for storing runtime data and logs generated by services during container operation. This provides a centralized location for monitoring service activity and troubleshooting issues that occur during normal operation.
### `/tmp` - Ephemeral Runtime Data
All writable runtime data is consolidated under `/tmp`, which is mounted as `tmpfs` by default for speed and automatic cleanup on restart.
- `logs/` - Service runtime log files
- `/tmp/log` - Application, PHP, and plugin logs (bind mount to persist between restarts)
- `/tmp/api` - Cached API responses for the UI (configurable via `NETALERTX_API` environment variable)
- `/tmp/nginx/active-config` - Optional override directory for nginx configuration
- `/tmp/run` - Runtime socket and temp directories for nginx and PHP (`client_body`, `proxy`, `php.sock`, etc.)
#### Service Control Scripts
Scripts that start and manage the core services required for NetAlertX operation. These scripts handle the initialization of the web server, application server, task scheduler, and backend processing components that work together to provide network monitoring functionality.