Final touches on devcontainer

.devcontainer/Dockerfile

@@ -135,10 +135,15 @@ RUN install -d -o ${NETALERTX_USER} -g ${NETALERTX_GROUP} -m 755 ${NETALERTX_API
 COPY --from=builder --chown=20212:20212 ${VIRTUAL_ENV} ${VIRTUAL_ENV}
 
 
-#initialize each service with the dockerfiles/init-*.sh scripts, once.
+# Initialize each service with the dockerfiles/init-*.sh scripts, once.
+# This is done after the copy of the venv to ensure the venv is in place
+# although it may be quicker to do it before the copy, it keeps the image
+# layers smaller to do it after.
 RUN apk add libcap && \
+    setcap cap_net_raw+ep /bin/busybox && \
     setcap cap_net_raw,cap_net_admin+eip /usr/bin/nmap && \
     setcap cap_net_raw,cap_net_admin+eip /usr/bin/arp-scan && \
+    setcap cap_net_raw,cap_net_admin,cap_net_bind_service+eip /usr/bin/nbtscan && \
     setcap cap_net_raw,cap_net_admin+eip /usr/bin/traceroute && \
     setcap cap_net_raw,cap_net_admin+eip ${VIRTUAL_ENV_BIN}/scapy && \
     /bin/sh /build/init-nginx.sh && \
@@ -177,15 +182,9 @@ RUN chown -R ${READ_ONLY_USER}:${READ_ONLY_GROUP} ${READ_ONLY_FOLDERS} && \
     chown -R ${NETALERTX_USER}:${NETALERTX_GROUP} ${READ_WRITE_FOLDERS} && \
     chmod -R 600 ${READ_WRITE_FOLDERS} && \
     find ${READ_WRITE_FOLDERS} -type d -exec chmod 700 {} + && \
-    chown ${READ_ONLY_USER}:${READ_ONLY_GROUP} /entrypoint.sh && \
-    chmod 005 /entrypoint.sh ${SYSTEM_SERVICES}/*.sh /app
-    
-# Copy the virtualenv from the builder stage
-COPY --from=builder --chown=20212:20212 ${VIRTUAL_ENV} ${VIRTUAL_ENV}
-
-# remove sudoers,  alpine installers pacakges, and all users and groups except
-# readonly and netalertx
-RUN apk del apk-tools && \
+    chown ${READ_ONLY_USER}:${READ_ONLY_GROUP} /entrypoint.sh /opt /opt/venv && \
+    chmod 005 /entrypoint.sh ${SYSTEM_SERVICES}/*.sh /app /opt /opt/venv && \
+    apk del apk-tools && \
     rm -Rf /var /etc/sudoers.d/* /etc/shadow /etc/gshadow /etc/sudoers \
     /lib/apk /lib/firmware /lib/modules-load.d /lib/sysctl.d /mnt /home/ /root \
     /srv /media && \
@@ -208,8 +207,7 @@ HEALTHCHECK --interval=30s --timeout=10s --start-period=60s --retries=3 \
 # Prefer to place dev-only setup here; use setup.sh only for runtime fixes.
 
 FROM runner AS netalertx-devcontainer
-ENV INSTALL_DIR=/app 
- 
+ENV INSTALL_DIR=/app
 
 ENV PYTHONPATH=/workspaces/NetAlertX/test:/workspaces/NetAlertX/server:/app:/app/server:/opt/venv/lib/python3.12/site-packages
 ENV PATH=/services:${PATH}
@@ -217,6 +215,7 @@ ENV PHP_INI_SCAN_DIR=/services/config/php/conf.d:/etc/php83/conf.d
 ENV LISTEN_ADDR=0.0.0.0
 ENV PORT=20211
 ENV NETALERTX_DEBUG=1
+ENV PYDEVD_DISABLE_FILE_VALIDATION=1
 COPY .devcontainer/resources/devcontainer-overlay/ /
 
 # Install common tools, create user, and set up sudo
@@ -233,4 +232,4 @@ RUN /bin/sh -c '(/opt/venv/bin/python3 -m pip install --no-cache-dir debugpy) ||
     sed -i -e 's|:/app:|:/workspaces:|' /etc/passwd && \
     python -m pip install -U pytest pytest-cov
 
-ENTRYPOINT  ["/bin/sh","-c","sleep infinity"]
+ENTRYPOINT ["/bin/sh","-c","sleep infinity"]

.devcontainer/devcontainer.json

@@ -14,7 +14,8 @@
   ],
   "runArgs": [
     "--security-opt",
-    "apparmor=unconfined" // for allowing ramdisk mounts
+    "apparmor=unconfined", // for allowing ramdisk mounts
+    "--add-host=host.docker.internal:host-gateway"
 
     // Uncomment --network=host to run full NetAlertX scanning capabilities of network scanning in
     // container. This runs too slowly in a large network to be practical for development purposes.
@@ -23,7 +24,7 @@
     // "--network=host",
   ],
   // ATTENTION: If running with --network=host, COMMENT `forwardPorts` OR ELSE THERE WILL BE NO WEBUI!
-  "forwardPorts": [20211, 20212, 9003,5678],
+  "forwardPorts": [20211, 20212,  5678],
   "portsAttributes": { // the ports we care about
     "20211": {
       "label": "Frontend:Nginx+PHP"

.devcontainer/resources/devcontainer-Dockerfile

@@ -13,6 +13,7 @@ ENV PHP_INI_SCAN_DIR=/services/config/php/conf.d:/etc/php83/conf.d
 ENV LISTEN_ADDR=0.0.0.0
 ENV PORT=20211
 ENV NETALERTX_DEBUG=1
+ENV PYDEVD_DISABLE_FILE_VALIDATION=1
 COPY .devcontainer/resources/devcontainer-overlay/ /
 
 # Install common tools, create user, and set up sudo

.devcontainer/resources/devcontainer-overlay/services/config/nginx/netalertx.conf.template

@@ -77,7 +77,7 @@ http {
 
 
 	# Enable gzipping of responses.
-	#gzip on;
+	gzip on;
 
 	# Set the Vary HTTP header as defined in the RFC 2616. Default is 'off'.
 	gzip_vary on;
@@ -99,7 +99,7 @@ http {
         root /app/front;
         index index.php;
         add_header X-Forwarded-Prefix "/app" always;
-    	proxy_set_header X-Forwarded-Prefix "/app";
+
 
         location ~* \.php$ {
             # Set Cache-Control header to prevent caching on the first load

.devcontainer/resources/devcontainer-overlay/services/config/php/conf.d/99-xdebug.ini

@@ -8,4 +8,4 @@ xdebug.log_level=7
 xdebug.client_host=127.0.0.1
 xdebug.client_port=9003
 xdebug.start_with_request=yes
-xdebug.discover_client_host=1
+xdebug.discover_client_host=0

.devcontainer/resources/devcontainer-overlay/services/config/php/php-fpm.d/99-xdebug.ini

@@ -1,8 +0,0 @@
-zend_extension="xdebug.so"
-[xdebug]
-xdebug.mode=develop,debug
-xdebug.log_level=0
-xdebug.client_host=host.docker.internal
-xdebug.client_port=9003
-xdebug.start_with_request=yes
-xdebug.discover_client_host=1

.vscode/launch.json

@@ -29,7 +29,6 @@
             "pathMappings": {
                 "/app": "${workspaceFolder}"
             }
-     
         }
     ]
 }

Dockerfile

@@ -70,6 +70,7 @@ ENV LOG_CROND=${NETALERTX_LOG}/crond.log
 
 # System Services configuration files
 ENV SYSTEM_SERVICES=/services
+ENV SYSTEM_SERVICES_SCRIPTS=${SYSTEM_SERVICES}/scripts
 ENV SYSTEM_SERVICES_CONFIG=${SYSTEM_SERVICES}/config
 ENV SYSTEM_NGINX_CONFIG=${SYSTEM_SERVICES_CONFIG}/nginx
 ENV SYSTEM_NGINX_CONFIG_FILE=${SYSTEM_NGINX_CONFIG}/nginx.conf

install/production-filesystem/README.md

@@ -1,20 +1,94 @@
 
-This is the default filesystem for NetAlertX. It contains
+# NetAlertX Production Container Filesystem
 
-- `/app` - The main application location.  This structure is where the source code (back, front and server directories) is copied and executed in read-only form. It also provides default structures for the working directories, such as: config, db, and log. All other directories are not required in the production image and are not tracked.
-- `/build` - a place where services can be initialized during docker container build. This folder is copied in, executed near the end of the build before the system is locked down, and then deleted.  It is only available during build time.
-- `/opt/venv/lib/python3.12/site-packages/aiofreebox` - this holds a certificate used by aiofreebox package, which interacts with freebox OS.
-- `/services` - a directory where all scripts which control system executions are held
-    - `/services/config` - a directory which holds all configuration files and `conf.d` folders used in the production image.
-        - `/services/config/crond` - `crond` daemon config.
-        - `/services/config/nginx` - `nginx` conf files.
-        - `/services/config/php` - php conf file.
-            - `/services/config/php/php-fpm.d` - a `.d` style directory, debugger parameters or other configurations can be dropped in here.
-        - `/services/config/python-backend-extra-launch-parameters` - the contents of this file are added to launch params. It can be used to add debugging capabilities.
-    - `/services/capcheck.sh` - This is run at startup to warn the user if the container does not hold required permissions to operate certain raw-packet tools.
-    - `/services/healthcheck.sh` - The system healthcheck. This script tests the services and reports if something fails.
-    - `/services/start-backend.sh` - The launcher for python services. This is called at startup by `entrypoint.sh`.
-    - `/services/start-crond.sh` - The launcher for crond task scheduler. This is called at startup by `entrypoint.sh`.
-    - `/services/start-nginx.sh` - The launcher for nginx frontend/website services. This is called at startup by `entrypoint.sh`.
-    - `/services/start-php-fpm.sh` - The launcher for php-fpm, used to interpret php for the frontend website. This is called at startup by `entrypoint.sh`.
-- `/entrypoint.sh` - Called at system startup to launch all services and servers required by NetAlertX.
+This document describes the filesystem structure of the NetAlertX production Docker container. This setup focuses on security by separating application code, configuration, and runtime data.
+
+## Directory Structure
+
+### `/app` - Main Application Directory
+The core application location where NetAlertX runs. This directory contains the main application code and working data, with source code directories mounted in read-only mode for security. It provides the runtime environment for all NetAlertX operations including device scanning, web interface, and data processing.
+
+The core application location. Contains:
+- Source code directories (`back`, `front`, `server`) copied in read-only mode
+- Working directories for runtime data (`config`, `db`, `log`)
+- Other directories are not needed in production and are excluded
+
+### `/build` - Build-Time Scripts
+Temporary directory used during Docker image building to prepare the container environment. Scripts in this directory run during the build process to set up the system before it's locked down for production use. This ensures the container is properly configured before runtime.
+
+Temporary directory used during Docker image building:
+- Scripts run at the end of the build process
+- Deleted after build to reduce image size
+- Only exists during container creation
+
+### `/opt/venv/lib/python3.12/site-packages/aiofreebox` - Certificate Storage
+Contains SSL certificates required for secure communication with Freebox OS devices. The aiofreebox Python package uses these certificates to authenticate and establish encrypted connections when integrating with Freebox routers for network device discovery.
+
+Contains certificates for the aiofreebox package, which communicates with Freebox OS devices.
+
+### `/services` - Service Management
+Contains all scripts and configurations for running NetAlertX services. This directory holds the complete service orchestration layer that manages the container's runtime behavior, including startup scripts, configuration files, and utility tools for system maintenance and monitoring.
+
+Contains all scripts and configurations for running NetAlertX services:
+
+#### `/services/config` - Service Configurations
+Configuration files for each service that runs in the container. These files define how services like the web server, task scheduler, and Python backend operate, including security settings, resource limits, and integration parameters.
+
+Configuration files for each service:
+- `crond/` - Task scheduler settings
+- `nginx/` - Web server configuration
+- `php/` - PHP interpreter settings
+  - `php-fpm.d/` - Additional PHP configurations
+- `python/` - Python backend launch parameters
+
+#### `/services/scripts` - System Scripts and Utilities
+Pre-startup checks and specialized maintenance tools. Files named `check-*` are intended to verify system functions at startup and correct issues or warn users as needed. Additional scripts perform various update tasks and provide integration capabilities with external systems.
+
+Pre-startup checks and specialized maintenance tools:
+- `check-cap.sh` - Verifies container permissions for network tools
+- `check-first-run-config.sh` - Sets up initial configuration
+- `check-first-run-db.sh` - Prepares database on first run
+- `check-permissions.sh` - Validates file and directory permissions
+- `check-ramdisk.sh` - Checks temporary storage setup
+- `check-root.sh` - Confirms proper user privileges
+- `check-storage.sh` - Ensures storage directories exist
+- `update_vendors.sh` - Updates MAC address vendor database
+- `checkmk/` - Checkmk monitoring integration scripts
+- `db_cleanup/` - Database maintenance and cleanup tools
+- `db_empty/` - Database reset utilities
+- `list-ports.sh` - Network port enumeration script
+- `opnsense_leases/` - OPNsense DHCP lease integration tools
+
+#### `/services/run` - Runtime Data
+Directory for storing runtime data and logs generated by services during container operation. This provides a centralized location for monitoring service activity and troubleshooting issues that occur during normal operation.
+
+- `logs/` - Service runtime log files
+
+#### Service Control Scripts
+Scripts that start and manage the core services required for NetAlertX operation. These scripts handle the initialization of the web server, application server, task scheduler, and backend processing components that work together to provide network monitoring functionality.
+
+- `start-backend.sh` - Launches Python backend service
+- `start-crond.sh` - Starts task scheduler
+- `start-nginx.sh` - Starts web server
+- `start-php-fpm.sh` - Starts PHP processor
+- `healthcheck.sh` - Container health verification
+- `cron_script.sh` - Scheduled task definitions
+
+### `/entrypoint.sh` - Container Startup Script
+The main orchestration script that runs when the container starts. It coordinates the entire container initialization process, from pre-startup validation through service startup and ongoing monitoring, ensuring NetAlertX operates reliably in production environments.
+
+The main script that runs when the container starts:
+- Runs all pre-startup checks from `/services/scripts`
+- Creates necessary directories and files
+- Starts all required services (crond, PHP-FPM, nginx, Python backend)
+- Monitors services and handles failures
+- Ensures clean shutdown on container stop
+
+## Security Considerations
+
+- Application code is read-only to prevent modifications
+- Services run with minimal required permissions
+- Configurations are separated from code
+- Pre-startup checks verify system integrity
+- Runtime data is isolated in dedicated directories
+- Container exits immediately if any service fails (enables restart policies)

install/production-filesystem/entrypoint.sh

@@ -1,9 +1,43 @@
 #!/bin/sh
 
-# entrypoint.sh - Main container entrypoint script for NetAlertX
-
-#make this red
+################################################################################
+# NetAlertX Container Entrypoint
+################################################################################
+#
+# Purpose: Main entrypoint script for NetAlertX Docker containers
+#
+# Responsibilities:
+#   1. Display NetAlertX banner and container startup info
+#   2. Run pre-startup health checks
+#   3. Initialize required directories and log files
+#   4. Start and monitor core services (crond, php-fpm, nginx, Python backend)
+#   5. Handle service failures and graceful shutdown
+#   6. Manage process signals (INT, TERM) for clean container termination
+#
+# Environment Variables:
+#   - ENVIRONMENT: Container environment type (debian or alpine). If not "debian",
+#                  crond scheduler service will be started.
+#   - NETALERTX_DEBUG: If set to 1, services won't auto-shutdown on failure;
+#                      container will wait for all to exit naturally (development mode).
+#   - NETALERTX_PLUGINS_LOG: Directory path for plugin logs
+#   - SYSTEM_SERVICES_RUN_LOG: Directory path for service runtime logs
+#   - SYSTEM_SERVICES_RUN_TMP: Directory path for service temporary files
+#   - LOG_DB_IS_LOCKED: File path for database lock status
+#   - LOG_EXECUTION_QUEUE: File path for execution queue log
+#
+# Exit Codes:
+#   - 0: Graceful shutdown (unlikely in production)
+#   - 143: Caught signal (INT/TERM)
+#   - Non-zero: Service failure status code
+#
+# Service Monitoring:
+#   In production mode (NETALERTX_DEBUG != 1), if any service exits, all services
+#   are terminated and the container exits with the failed service's status code.
+#   This ensures container restart policies can properly reinitialize the stack.
+#
+################################################################################
 
+# Banner display
 printf '
 \033[1;31m
  _   _      _    ___  _           _  __   __
@@ -19,17 +53,31 @@ printf '
 
 set -u
 
-# Run all checks at container startup.
-for script in /services/check-*.sh; do
+# Run all pre-startup checks to validate container environment and dependencies
+for script in ${SYSTEM_SERVICES_SCRIPTS}/check-*.sh; do
 	sh "$script"
 done
 
+# Update vendor data (MAC address OUI database) in the background
+# This happens concurrently with service startup to avoid blocking container readiness
+${SYSTEM_SERVICES_SCRIPTS}/update_vendors.sh &
 
 
-SERVICES=""
-FAILED_NAME=""
-FAILED_STATUS=0
 
+# Service management state variables
+SERVICES=""                 # Space-separated list of active services in format "pid:name"
+FAILED_NAME=""              # Name of service that failed (used for error reporting)
+FAILED_STATUS=0             # Exit status code from failed service or signal
+
+################################################################################
+# is_pid_active() - Check if a process is alive and not in zombie/dead state
+################################################################################
+# Arguments:
+#   $1: Process ID to check
+# Returns:
+#   0 (success): Process is alive and healthy
+#   1 (failure): Process is dead, zombie, or PID is empty
+################################################################################
 is_pid_active() {
     pid="$1"
     [ -z "${pid}" ] && return 1
@@ -51,6 +99,10 @@ is_pid_active() {
 }
 
 add_service() {
+    # Start a new service script and track it for monitoring
+    # Arguments:
+    #   $1: Path to service startup script (e.g., /services/start-backend.sh)
+    #   $2: Human-readable service name (for logging and error reporting)
     script="$1"
     name="$2"
     "$script" &
@@ -58,6 +110,13 @@ add_service() {
     SERVICES="${SERVICES} ${pid}:${name}"
 }
 
+################################################################################
+# remove_service() - Remove a service from the active services list
+################################################################################
+# Arguments:
+#   $1: Process ID to remove
+# Updates: SERVICES variable to exclude the specified PID
+################################################################################
 remove_service() {
     target_pid="$1"
     updated=""
@@ -70,6 +129,16 @@ remove_service() {
     SERVICES="${updated}"
 }
 
+################################################################################
+# shutdown_services() - Gracefully stop all active services
+################################################################################
+# Process:
+#   1. Send SIGTERM to all active services (time to clean up)
+#   2. Wait for all services to fully terminate
+# Notes:
+#   - Tolerates services that are already dead
+#   - Uses 'wait' to reap zombie processes
+################################################################################
 shutdown_services() {
     for entry in ${SERVICES}; do
         pid="${entry%%:*}"
@@ -86,6 +155,15 @@ shutdown_services() {
     echo "All services stopped."
 }
 
+################################################################################
+# handle_exit() - Terminate all services and exit container
+################################################################################
+# Process:
+#   1. Log failure information if a service exited abnormally
+#   2. Shut down all remaining services gracefully
+#   3. Exit container with recorded status code
+# Note: Used when a monitored service fails or signal is caught
+################################################################################
 handle_exit() {
     if [ -n "${FAILED_NAME}" ]; then
         echo "Service ${FAILED_NAME} exited with status ${FAILED_STATUS}."
@@ -94,6 +172,15 @@ handle_exit() {
     exit "${FAILED_STATUS}"
 }
 
+################################################################################
+# on_signal() - Handle container signals (INT, TERM) for graceful shutdown
+################################################################################
+# Signals handled: SIGINT (Ctrl+C), SIGTERM (docker stop)
+# Process:
+#   1. Set exit status to 143 (128 + 15, standard SIGTERM code)
+#   2. Trigger full shutdown sequence
+# Note: Registered via 'trap' command below
+################################################################################
 on_signal() {
     echo "Caught signal, shutting down services..."
     FAILED_NAME="signal"
@@ -101,34 +188,53 @@ on_signal() {
     handle_exit
 }
 
-/services/update_vendors.sh &
-
+# Register signal handlers for graceful shutdown
 trap on_signal INT TERM
 
-[ ! -d "${NETALERTX_PLUGINS_LOG}" ] && mkdir -p "${NETALERTX_PLUGINS_LOG}"
-[ ! -d "${SYSTEM_SERVICES_RUN_LOG}" ] && mkdir -p "${SYSTEM_SERVICES_RUN_LOG}"
-[ ! -d "${SYSTEM_SERVICES_RUN_TMP}" ] && mkdir -p "${SYSTEM_SERVICES_RUN_TMP}"
-[ ! -f "${LOG_DB_IS_LOCKED}" ] && touch "${LOG_DB_IS_LOCKED}"
-[ ! -f "${LOG_EXECUTION_QUEUE}" ] && touch "${LOG_EXECUTION_QUEUE}"
 
+
+################################################################################
+# Service Startup Section
+################################################################################
+# Start services based on environment configuration
+
+# Only start crond scheduler on Alpine (non-Debian) environments
+# Debian typically uses systemd or other schedulers
 if [ "${ENVIRONMENT:-}" ] && [ "${ENVIRONMENT:-}" != "debian" ]; then
     add_service "/services/start-crond.sh" "crond"
 fi
-add_service "/services/start-php-fpm.sh" "php-fpm83"
-add_service "/services/start-nginx.sh" "nginx"
-add_service "/services/start-backend.sh" "python3"
 
+# Start core frontend and backend services
+# Order: web server, application server, then Python backend
+add_service "${SYSTEM_SERVICES}/start-php-fpm.sh" "php-fpm83"
+add_service "${SYSTEM_SERVICES}/start-nginx.sh" "nginx"
+add_service "${SYSTEM_SERVICES}/start-backend.sh" "python3"
 
-# if NETALERTX_DEBUG=1 then we will not kill any services if one fails. We will just wait for all to exit.
+################################################################################
+# Development Mode Debug Switch
+################################################################################
+# If NETALERTX_DEBUG=1, skip automatic service restart on failure
+# Useful for devcontainer debugging where individual services need to be debugged
 if [ "${NETALERTX_DEBUG:-0}" -eq 1 ]; then
 	echo "NETALERTX_DEBUG is set to 1, will not shut down other services if one fails."
 	wait
 	exit $?
 fi
 
-
-# If any service fails, we will shut down all others and exit with the same status.
-# This improves reliability in production environments by reinitializing the entire stack if one service fails.
+################################################################################
+# Service Monitoring Loop (Production Mode)
+################################################################################
+# Behavior depends on NETALERTX_DEBUG setting:
+#   - DEBUG OFF (production): Any service failure triggers full container restart
+#   - DEBUG ON: Services can fail individually; container waits for natural exit
+#
+# Loop Process:
+#   1. Check each active service every 10 seconds
+#   2. If service is not active, wait for it and capture exit status
+#   3. Log failure and terminate all other services
+#   4. Exit container with failed service's status code
+#   5. This enables Docker restart policies to reinitialize the stack
+################################################################################
 while [ -n "${SERVICES}" ]; do
     for entry in ${SERVICES}; do
         pid="${entry%%:*}"
@@ -147,6 +253,8 @@ while [ -n "${SERVICES}" ]; do
     sleep 10
 done
 
+# If we exit the loop with no service failures, set status to 1 (error)
+# This should not happen in normal operation
 if [ "${FAILED_STATUS}" -eq 0 ] && [ "${FAILED_NAME}" != "signal" ]; then
     FAILED_STATUS=1
 fi

install/production-filesystem/services/config/crond/netalertx

@@ -1,4 +1,4 @@
 # Every minute check for cron jobs
-* * * * * /services/cron_script.sh
+* * * * * /services/scripts/cron_script.sh
 # Update vendors 4x/d
-0 */6 * * * /services/update_vendors.sh
+0 */6 * * * /services/scripts/update_vendors.sh

install/production-filesystem/services/scripts/check-first-run-config.sh

@@ -2,9 +2,9 @@
 # first-run-check.sh - Checks and initializes configuration files on first run
 
 # Check for app.conf and deploy if required
-if [ ! -f /app/config/app.conf ]; then
-    mkdir -p /app/config
-    cp /app/back/app.conf /app/config/app.conf
+if [ ! -f ${NETALERTX_CONFIG}/app.conf ]; then
+    mkdir -p ${NETALERTX_CONFIG}
+    cp /app/back/app.conf ${NETALERTX_CONFIG}/app.conf
     CYAN='\033[1;36m'
     RESET='\033[0m'
     >&2 printf "%s" "${CYAN}"

install/production-filesystem/services/scripts/check-mandatory-folders.sh

@@ -0,0 +1,9 @@
+#!/bin/sh
+# Initialize required directories and log files
+# These must exist before services start to avoid permission/write errors
+# TODO - improve with per-directory warning if creation fails
+[ ! -d "${NETALERTX_PLUGINS_LOG}" ] && mkdir -p "${NETALERTX_PLUGINS_LOG}"
+[ ! -d "${SYSTEM_SERVICES_RUN_LOG}" ] && mkdir -p "${SYSTEM_SERVICES_RUN_LOG}"
+[ ! -d "${SYSTEM_SERVICES_RUN_TMP}" ] && mkdir -p "${SYSTEM_SERVICES_RUN_TMP}"
+[ ! -f "${LOG_DB_IS_LOCKED}" ] && touch "${LOG_DB_IS_LOCKED}"
+[ ! -f "${LOG_EXECUTION_QUEUE}" ] && touch "${LOG_EXECUTION_QUEUE}"

install/production-filesystem/services/scripts/check-ramdisk.sh

@@ -31,6 +31,12 @@ EOF
     >&2 printf "%s" "${RESET}"
 }
 
+
+# If NETALERTX_DEBUG=1 then we will exit
+if [ "${NETALERTX_DEBUG}" -eq 1 ]; then
+	exit 0
+fi
+
 failures=0
 warn_if_not_dedicated_mount "${NETALERTX_API}"
 warn_if_not_dedicated_mount "${NETALERTX_LOG}"

install/production-filesystem/services/start-nginx.sh

@@ -48,11 +48,7 @@ trap forward_signal INT TERM
 
 # Execute nginx with overrides
 # echo the full nginx command then run it
-echo "nginx command:"
-echo "	nginx \
-	-p \"${RUN_DIR}/\" \
-	-c \"${SYSTEM_NGINX_CONFIG_FILE}\" \
-	-g \"error_log ${NETALERTX_LOG}/nginx-error.log; pid ${RUN_DIR}/nginx.pid; daemon off;\" &"
+echo "nginx	-p \"${RUN_DIR}/\" -c \"${SYSTEM_NGINX_CONFIG_FILE}\" -g \"error_log ${NETALERTX_LOG}/nginx-error.log; pid ${RUN_DIR}/nginx.pid; daemon off;\" &"
 nginx \
 	-p "${RUN_DIR}/" \
 	-c "${SYSTEM_NGINX_CONFIG_FILE}" \