DOCS: cleanup

Signed-off-by: jokob-sk <jokob.sk@gmail.com>

README.md

@@ -41,13 +41,15 @@ Get visibility of what's going on on your WIFI/LAN network and enable presence d
 Start NetAlertX in seconds with Docker:
 
 ```bash
-docker run -d --rm --network=host \
+docker run -d \
+  --network=host \
+  --restart unless-stopped \
   -v /local_data_dir/config:/data/config \
   -v /local_data_dir/db:/data/db \
-  -v /etc/localtime:/etc/localtime \
+  -v /etc/localtime:/etc/localtime:ro \
-  --mount type=tmpfs,target=/tmp/api \
+  --tmpfs /tmp:uid=20211,gid=20211,mode=1700 \
   -e PORT=20211 \
-  -e APP_CONF_OVERRIDE={"GRAPHQL_PORT":"20214"} \
+  -e APP_CONF_OVERRIDE='{"GRAPHQL_PORT":"20214"}' \
   ghcr.io/jokob-sk/netalertx:latest
 ```
 

docs/COMMON_ISSUES.md

@@ -1,66 +1,114 @@
-### Loading...
+# Troubleshooting Common Issues
 
-Often if the application is misconfigured the `Loading...` dialog is continuously displayed. This is most likely caused by the backed failing to start. The **Maintenance -> Logs** section should give you more details on what's happening. If there is no exception, check the Portainer log, or start the container in the foreground (without the `-d` parameter) to observe any exceptions. It's advisable to enable `trace` or `debug`. Check the [Debug tips](./DEBUG_TIPS.md) on detailed instructions. 
+> [!TIP]
+> Before troubleshooting, ensure you have set the correct [Debugging and LOG_LEVEL](./DEBUG_TIPS.md).
 
-The issue might be related to the backend server, so please check [Debugging GraphQL issues](./DEBUG_API_SERVER.md). 
+---
 
-Please also check the browser logs (usually accessible by pressing `F12`):
+## Docker Container Doesn't Start
 
-1. Switch to the Console tab and refresh the page
+Initial setup issues are often caused by **missing permissions** or **incorrectly mapped volumes**. Always double-check your `docker run` or `docker-compose.yml` against the [official setup guide](./DOCKER_INSTALLATION.md) before proceeding.
-2. Switch to teh Network tab and refresh the page
-
-If you are not sure how to resolve the errors yourself, please post screenshots of the above into the issue, or discord discussion, where your problem is being solved. 
-
-### Incorrect SCAN_SUBNETS
-
-One of the most common issues is not configuring `SCAN_SUBNETS` correctly. If this setting is misconfigured you will only see one or two devices in your devices list after a scan. Please read the [subnets docs](./SUBNETS.md) carefully to resolve this.
-
-### Duplicate devices and notifications
-
-The app uses the MAC address as an unique identifier for devices. If a new MAC is detected a new device is added to the application and corresponding notifications are triggered. This means that if the MAC of an existing device changes, the device will be logged as a new device. You can usually prevent this from happening by changing the device configuration (in Android, iOS, or Windows) for your network. See the [Random Macs](./RANDOM_MAC.md) guide for details. 
 
 ### Permissions
 
-Make sure you [File permissions](./FILE_PERMISSIONS.md) are set correctly.
+Make sure your [file permissions](./FILE_PERMISSIONS.md) are correctly set:
 
-* If facing issues (AJAX errors, can't write to DB, empty screen, etc,) make sure permissions are set correctly, and check the logs under `/tmp/log`. 
+* If you encounter AJAX errors, cannot write to the database, or see an empty screen, check that permissions are correct and review the logs under `/tmp/log`.
-* To solve permission issues you can try setting the owner and group of the `app.db` by executing the following on the host system: `docker exec netalertx chown -R www-data:www-data /data/db/app.db`. 
+* To fix permission issues with the database, update the owner and group of `app.db` as described in the [File Permissions guide](./FILE_PERMISSIONS.md).
-* If still facing issues, try to map the app.db file (⚠ not folder) to `:/data/db/app.db` (see [docker-compose Examples](https://github.com/jokob-sk/NetAlertX/blob/main/dockerfiles/README.md#-docker-composeyml-examples) for details)
 
-### Container restarts / crashes
+### Container Restarts / Crashes
 
-* Check the logs for details. Often a required setting for a notification method is missing. 
+* Check the logs for details. Often, required settings are missing.
+* For more detailed troubleshooting, see [Debug and Troubleshooting Tips](./DEBUG_TIPS.md).
+* To observe errors directly, run the container in the foreground instead of `-d`:
 
-### unable to resolve host
+```bash
+docker run --rm -it <your_image>
+```
 
-* Check that your `SCAN_SUBNETS` variable is using the correct mask and `--interface`. See the [subnets docs for details](./SUBNETS.md).  
+---
 
-### Invalid JSON
+## Docker Container Starts, But the Application Misbehaves
 
-Check the [Invalid JSON errors debug help](./DEBUG_INVALID_JSON.md) docs on how to proceed.
+If the container starts but the app shows unexpected behavior, the cause is often **data corruption**, **incorrect configuration**, or **unexpected input data**.
 
-### sudo execution failing (e.g.: on arpscan) on a Raspberry Pi 4 
+### Continuous "Loading..." Screen
 
-> sudo: unexpected child termination condition: 0
+A misconfigured application may display a persistent `Loading...` dialog. This is usually caused by the backend failing to start.
 
-Resolution based on [this issue](https://github.com/linuxserver/docker-papermerge/issues/4#issuecomment-1003657581)
+**Steps to troubleshoot:**
+
+1. Check **Maintenance → Logs** for exceptions.
+2. If no exception is visible, check the Portainer logs.
+3. Start the container in the foreground to observe exceptions.
+4. Enable `trace` or `debug` logging for detailed output (see [Debug Tips](./DEBUG_TIPS.md)).
+5. Verify that `GRAPHQL_PORT` is correctly configured.
+6. Check browser logs (press `F12`):
+
+   * **Console tab** → refresh the page
+   * **Network tab** → refresh the page
+
+If you are unsure how to resolve errors, provide screenshots or log excerpts in your issue report or Discord discussion.
+
+---
+
+### Common Configuration Issues
+
+#### Incorrect `SCAN_SUBNETS`
+
+If `SCAN_SUBNETS` is misconfigured, you may see only a few devices in your device list after a scan. See the [Subnets Documentation](./SUBNETS.md) for proper configuration.
+
+#### Duplicate Devices and Notifications
+
+* Devices are identified by their **MAC address**.
+* If a device's MAC changes, it will be treated as a new device, triggering notifications.
+* Prevent this by adjusting your device configuration for Android, iOS, or Windows. See the [Random MACs Guide](./RANDOM_MAC.md).
+
+#### Unable to Resolve Host
+
+* Ensure `SCAN_SUBNETS` uses the correct mask and `--interface`.
+* Refer to the [Subnets Documentation](./SUBNETS.md) for detailed guidance.
+
+#### Invalid JSON Errors
+
+* Follow the steps in [Invalid JSON Errors Debug Help](./DEBUG_INVALID_JSON.md).
+
+#### Sudo Execution Fails (e.g., on arpscan on Raspberry Pi 4)
+
+Error:
 
 ```
+sudo: unexpected child termination condition: 0
+```
+
+**Resolution**:
+
+```bash
 wget ftp.us.debian.org/debian/pool/main/libs/libseccomp/libseccomp2_2.5.3-2_armhf.deb
 sudo dpkg -i libseccomp2_2.5.3-2_armhf.deb
 ```
 
-The link above will probably break in time too. Go to https://packages.debian.org/sid/armhf/libseccomp2/download to find the new version number and put that in the url.
+> ⚠️ The link may break over time. Check [Debian Packages](https://packages.debian.org/sid/armhf/libseccomp2/download) for the latest version.
 
-### Only Router and own device show up
+#### Only Router and Own Device Show Up
 
-Make sure that the subnet and interface in `SCAN_SUBNETS` are correct. If your device/NAS has multiple ethernet ports, you probably need to change `eth0` to something else.
+* Verify the subnet and interface in `SCAN_SUBNETS`.
+* On devices with multiple Ethernet ports, you may need to change `eth0` to the correct interface.
 
-### Losing my settings and devices after an update
+#### Losing Settings or Devices After Update
 
-If you lose your devices and/or settings after an update that means you don't have the `/data/db` and `/data/config` folders mapped to a permanent storage. That means every time you update these folders are re-created. Make sure you have the [volumes specified correctly](./DOCKER_COMPOSE.md) in your `docker-compose.yml` or run command.
+* Ensure `/data/db` and `/data/config` are mapped to persistent storage.
+* Without persistent volumes, these folders are recreated on every update.
+* See [Docker Volumes Setup](./DOCKER_COMPOSE.md) for proper configuration.
 
+#### Application Performance Issues
 
-### The application is slow
+Slowness can be caused by:
+
+* Incorrect settings (causing app restarts) → check `app.log`.
+* Too many background processes → disable unnecessary scanners.
+* Long scans → limit the number of scanned devices.
+* Excessive disk operations or failing maintenance plugins.
+
+> See [Performance Tips](./PERFORMANCE.md) for detailed optimization steps.
 
-Slowness is usually caused by incorrect settings (the app might restart, so check the `app.log`), too many background processes (disable unnecessary scanners), too long scans (limit the number of scanned devices), too many disk operations, or some maintenance plugins might have failed. See the [Performance tips](./PERFORMANCE.md) docs for details.

docs/DEBUG_INVALID_JSON.md

@@ -8,8 +8,8 @@ Check the the HTTP response of the failing backend call by following these steps
 ![F12DeveloperConsole][F12DeveloperConsole]
 
 - Copy the URL causing the error and enter it in the address bar of your browser directly and hit enter. The copied URLs could look something like this (notice the query strings at the end):
-  - `http://<NetAlertX URL>:20211/api/table_devices.json?nocache=1704141103121`
+  - `http://<server>:20211/api/table_devices.json?nocache=1704141103121`
-  - `http://<NetAlertX URL>:20211/php/server/devices.php?action=getDevicesTotals`
+  - `http://<server>:20211/php/server/devices.php?action=getDevicesTotals`
 
 
 - Post the error response in the existing issue thread on GitHub or create a new issue and include the redacted response of the failing query.

docs/DEBUG_PLUGINS.md

@@ -1,5 +1,8 @@
 # Troubleshooting plugins
 
+> [!TIP]
+> Before troubleshooting, please ensure you have the right [Debugging and LOG_LEVEL set](./DEBUG_TIPS.md).
+
 ## High-level overview
 
 If a Plugin supplies data to the main app it's done either vie a SQL query or via a script that updates the `last_result.log` file in the plugin log folder (`app/log/plugins/`).

docs/DEBUG_TIPS.md

@@ -13,16 +13,21 @@ When debugging an issue always set the highest log level:
 Start the container via the **terminal** with a command similar to this one:
 
 ```bash
-docker run --rm --network=host \
+docker run \
-  -v /local_data_dir/netalertx/config:/data/config \
+  --network=host \
-  -v /local_data_dir/netalertx/db:/data/db \
+  --restart unless-stopped \
-  -v /etc/localtime:/etc/localtime \
+  -v /local_data_dir/config:/data/config \
+  -v /local_data_dir/db:/data/db \
+  -v /etc/localtime:/etc/localtime:ro \
+  --tmpfs /tmp:uid=20211,gid=20211,mode=1700 \
   -e PORT=20211 \
+  -e APP_CONF_OVERRIDE='{"GRAPHQL_PORT":"20214"}' \
   ghcr.io/jokob-sk/netalertx:latest
 
 ```
 
-> ⚠ Please note, don't use the `-d` parameter so you see the error when the container crashes. Use this error in your issue description.
+> [!NOTE]
+> ⚠ The most important part is NOT to use the `-d` parameter so you see the error when the container crashes. Use this error in your issue description.
 
 ## 3. Check the _dev image and open issues
 
@@ -48,7 +53,12 @@ services:
     # Other service configurations...
 ```
 
-## 5. Sharing application state
+## 5. TMP mount directories to rule host out permission issues
+
+Try starting the container with all data to be in non-persistent volumes. If this works, the issue might be related to the permissions of your persistent data mount locations on your server. See teh [Permissions guide](./FILE_PERMISSIONS.md) for details.
+
+
+## 6. Sharing application state
 
 Sometimes specific log sections are needed to debug issues. The Devices and CurrentScan table data is sometimes needed to figure out what's wrong.
 
@@ -61,4 +71,4 @@ Sometimes specific log sections are needed to debug issues. The Devices and Curr
 
 ## Common issues
 
-See [Common issues](./COMMON_ISSUES.md) for details. 
+See [Common issues](./COMMON_ISSUES.md) for additional troubleshooting tips.

docs/DEVICES_BULK_EDITING.md

@@ -26,7 +26,7 @@ The database and device structure may change with new releases. When using the C
 ![Maintenance > CSV Export](./img/DEVICES_BULK_EDITING/MAINTENANCE_CSV_EXPORT.png)
 
 > [!NOTE]
-> The file containing a list of Devices including the Network relationships between Network Nodes and connected devices. You can also trigger this by acessing this URL: `<your netalertx url>/php/server/devices.php?action=ExportCSV` or via the `CSV Backup` plugin. (💡 You can schedule this)
+> The file containing a list of Devices including the Network relationships between Network Nodes and connected devices. You can also trigger this by acessing this URL: `<server>:20211/php/server/devices.php?action=ExportCSV` or via the `CSV Backup` plugin. (💡 You can schedule this)
 
 ![Settings > CSV Backup](./img/DEVICES_BULK_EDITING/CSV_BACKUP_SETTINGS.png)
 

docs/DOCKER_INSTALLATION.md

@@ -28,7 +28,7 @@ docker run -d --rm --network=host \
   -v /local_data_dir/config:/data/config \
   -v /local_data_dir/db:/data/db \
   -v /etc/localtime:/etc/localtime \
-  --mount type=tmpfs,target=/tmp/api \
+  --tmpfs /tmp:uid=20211,gid=20211,mode=1700 \
   -e PORT=20211 \
   -e APP_CONF_OVERRIDE={"GRAPHQL_PORT":"20214"} \
   ghcr.io/jokob-sk/netalertx:latest

docs/DOCKER_PORTAINER.md

@@ -34,30 +34,26 @@ Copy and paste the following YAML into the **Web editor**:
 services:
   netalertx:
     container_name: netalertx
-
     # Use this line for stable release
     image: "ghcr.io/jokob-sk/netalertx:latest"
-
     # Or, use this for the latest development build
     # image: "ghcr.io/jokob-sk/netalertx-dev:latest"
-
     network_mode: "host"
     restart: unless-stopped
-
+    cap_drop:       # Drop all capabilities for enhanced security
+      - ALL
+    cap_add:        # Re-add necessary capabilities
+      - NET_RAW
+      - NET_ADMIN
+      - NET_BIND_SERVICE
     volumes:
       - ${APP_FOLDER}/netalertx/config:/data/config
       - ${APP_FOLDER}/netalertx/db:/data/db
-      # Optional: logs (useful for debugging setup issues, comment out for performance)
+      # to sync with system time
-      - ${APP_FOLDER}/netalertx/log:/tmp/log
+      - /etc/localtime:/etc/localtime:ro
-
+    tmpfs:
-      # API storage options:
+      # All writable runtime state resides under /tmp; comment out to persist logs between restarts
-      # (Option 1) tmpfs (default, best performance)
+      - "/tmp:uid=20211,gid=20211,mode=1700,rw,noexec,nosuid,nodev,async,noatime,nodiratime"
-      - type: tmpfs
-        target: /tmp/api
-
-      # (Option 2) bind mount (useful for debugging)
-      # - ${APP_FOLDER}/netalertx/api:/tmp/api
-
     environment:
       - PORT=${PORT}
       - APP_CONF_OVERRIDE=${APP_CONF_OVERRIDE}
@@ -79,10 +75,11 @@ In the **Environment variables** section of Portainer, add the following:
 
 > [!TIP]
 > If you are facing permissions issues run the following commands on your server. This will change the owner and assure sufficient access to the database and config files that are stored in the `/local_data_dir/db` and `/local_data_dir/config` folders (replace `local_data_dir` with the location where your `/db` and `/config` folders are located).
->  ```bash
+>
->  sudo chown -R 20211:20211 /local_data_dir
+>  `sudo chown -R 20211:20211 /local_data_dir`
->  sudo chmod -R a+rwx  /local_data_dir
+>
->  ```
+>  `sudo chmod -R a+rwx  /local_data_dir1`
+>
 
 
 ---

docs/DOCKER_SWARM.md

@@ -41,15 +41,7 @@ Use the following Compose snippet to deploy NetAlertX with a **static LAN IP** a
 services:
   netalertx:
     image: ghcr.io/jokob-sk/netalertx:latest
-    ports:
+...
-      - 20211:20211
-    volumes:
-      - /mnt/YOUR_SERVER/netalertx/config:/data/config:rw
-      - /mnt/YOUR_SERVER/netalertx/db:/netalertx/data/db:rw
-      - /mnt/YOUR_SERVER/netalertx/logs:/netalertx/tmp/log:rw
-      - /etc/localtime:/etc/localtime:ro
-    environment:
-      - PORT=20211
     networks:
       swarm-ipvlan:
         ipv4_address: 192.168.1.240     # ⚠️ Choose a free IP from your LAN

docs/FILE_PERMISSIONS.md

@@ -1,8 +1,23 @@
 # Managing File Permissions for NetAlertX on a Read-Only Container
 
+Sometimes, permission issues arise if your existing host directories were created by a previous container running as root or another UID. The container will fail to start with "Permission Denied" errors.
+
 > [!TIP]
 > NetAlertX runs in a **secure, read-only Alpine-based container** under a dedicated `netalertx` user (UID 20211, GID 20211). All writable paths are either mounted as **persistent volumes** or **`tmpfs` filesystems**. This ensures consistent file ownership and prevents privilege escalation.
 
+Try starting the container with all data to be in non-persistent volumes. If this works, the issue might be related to the permissions of your persistent data mount locations on your server.
+
+```bash
+docker run --rm --network=host \
+  -v /etc/localtime:/etc/localtime:ro \
+  --tmpfs /tmp:uid=20211,gid=20211,mode=1700 \
+  -e PORT=20211 \
+  ghcr.io/jokob-sk/netalertx:latest
+```
+
+> [!WARNING]
+> The above should be only used as a test - once the container restarts, all data is lost.
+
 ---
 
 ## Writable Paths
@@ -25,10 +40,6 @@ NetAlertX requires certain paths to be writable at runtime. These paths should b
 
 ---
 
-## Fixing Permission Problems
-
-Sometimes, permission issues arise if your existing host directories were created by a previous container running as root or another UID. The container will fail to start with "Permission Denied" errors.
-
 ### Solution
 
 1. **Run the container once as root** (`--user "0"`) to allow it to correct permissions automatically:
@@ -37,6 +48,7 @@ Sometimes, permission issues arise if your existing host directories were create
 docker run -it --rm --name netalertx --user "0" \
   -v /local_data_dir/config:/data/config \
   -v /local_data_dir/db:/data/db \
+  --tmpfs /tmp:uid=20211,gid=20211,mode=1700 \
   ghcr.io/jokob-sk/netalertx:latest
 ```
 
@@ -48,10 +60,11 @@ docker run -it --rm --name netalertx --user "0" \
 
 > [!TIP]
 > If you are facing permissions issues run the following commands on your server. This will change the owner and assure sufficient access to the database and config files that are stored in the `/local_data_dir/db` and `/local_data_dir/config` folders (replace `local_data_dir` with the location where your `/db` and `/config` folders are located).
->  ```bash
+>
->  sudo chown -R 20211:20211 /local_data_dir
+>  `sudo chown -R 20211:20211 /local_data_dir`
->  sudo chmod -R a+rwx  /local_data_dir
+>
->  ```
+>  `sudo chmod -R a+rwx  /local_data_dir1`
+>
 
 ---
 

docs/MIGRATION.md

@@ -255,6 +255,7 @@ services:
 docker run -it --rm --name netalertx --user "0" \
   -v /local_data_dir/config:/data/config \
   -v /local_data_dir/db:/data/db \
+  --tmpfs /tmp:uid=20211,gid=20211,mode=1700 \
   ghcr.io/jokob-sk/netalertx:latest
 ```
 
@@ -273,7 +274,7 @@ sudo chmod -R a+rwx /local_data_dir/
 services:
   netalertx:
     container_name: netalertx
-    image: "ghcr.io/jokob-sk/netalertx"  # 🆕 This is important  
+    image: "ghcr.io/jokob-sk/netalertx"  # 🆕 This has changed
     network_mode: "host"
     cap_drop:                # 🆕 New line
       - ALL                  # 🆕 New line

docs/PERFORMANCE.md

@@ -1,47 +1,50 @@
 # Performance Optimization Guide
 
-There are several ways to improve the application's performance. The application has been tested on a range of devices, from a Raspberry Pi 4 to NAS and NUC systems. If you are running the application on a lower-end device, carefully fine-tune the performance settings to ensure an optimal user experience.
+There are several ways to improve the application's performance. The application has been tested on a range of devices, from Raspberry Pi 4 units to NAS and NUC systems. If you are running the application on a lower-end device, fine-tuning the performance settings can significantly improve the user experience.
 
 ## Common Causes of Slowness
 
 Performance issues are usually caused by:
 
-- **Incorrect settings** – The app may restart unexpectedly. Check `app.log` under **Maintenance → Logs** for details.
+* **Incorrect settings** – The app may restart unexpectedly. Check `app.log` under **Maintenance → Logs** for details.
-- **Too many background processes** – Disable unnecessary scanners.
+* **Too many background processes** – Disable unnecessary scanners.
-- **Long scan durations** – Limit the number of scanned devices.
+* **Long scan durations** – Limit the number of scanned devices.
-- **Excessive disk operations** – Optimize scanning and logging settings.
+* **Excessive disk operations** – Optimize scanning and logging settings.
-- **Failed maintenance plugins** – Ensure maintenance tasks are running properly.
+* **Maintenance plugin failures** – If cleanup tasks fail, performance can degrade over time.
 
-The application performs regular maintenance and database cleanup. If these tasks fail, performance may degrade.
+The application performs regular maintenance and database cleanup. If these tasks are failing, you will see slowdowns.
 
 ### Database and Log File Size
 
-A large database or oversized log files can slow down performance. You can check database and table sizes on the **Maintenance** page.
+A large database or oversized log files can impact performance. You can check database and table sizes on the **Maintenance** page.
 
 ![DB size check](./img/PERFORMANCE/db_size_check.png)
 
 > [!NOTE]
-> - For **~100 devices**, the database should be around **50MB**.
+>
-> - No table should exceed **10,000 rows** in a healthy system.
+> * For **~100 devices**, the database should be around **50 MB**.
-> - These numbers vary based on network activity and settings.
+> * No table should exceed **10,000 rows** in a healthy system.
+> * Actual values vary based on network activity and plugin settings.
 
 ---
 
 ## Maintenance Plugins
 
-Two plugins help maintain the application’s performance:
+Two plugins help maintain the system’s performance:
 
 ### **1. Database Cleanup (DBCLNP)**
-- Responsible for database maintenance.
+
-- Check settings in the [DB Cleanup Plugin Docs](/front/plugins/db_cleanup/README.md).
+* Handles database maintenance and cleanup.
-- Ensure it’s not failing by checking logs.
+* See the [DB Cleanup Plugin Docs](/front/plugins/db_cleanup/README.md).
-- Adjust the schedule (`DBCLNP_RUN_SCHD`) and timeout (`DBCLNP_RUN_TIMEOUT`) if needed.
+* Ensure it’s not failing by checking logs.
+* Adjust the schedule (`DBCLNP_RUN_SCHD`) and timeout (`DBCLNP_RUN_TIMEOUT`) if necessary.
 
 ### **2. Maintenance (MAINT)**
-- Handles log cleanup and other maintenance tasks.
+
-- Check settings in the [Maintenance Plugin Docs](/front/plugins/maintenance/README.md).
+* Cleans logs and performs general maintenance tasks.
-- Ensure it’s running correctly by checking logs.
+* See the [Maintenance Plugin Docs](/front/plugins/maintenance/README.md).
-- Adjust the schedule (`MAINT_RUN_SCHD`) and timeout (`MAINT_RUN_TIMEOUT`) if needed.
+* Verify proper operation via logs.
+* Adjust the schedule (`MAINT_RUN_SCHD`) and timeout (`MAINT_RUN_TIMEOUT`) if needed.
 
 ---
 
@@ -50,48 +53,56 @@ Two plugins help maintain the application’s performance:
 Frequent scans increase resource usage, network traffic, and database read/write cycles.
 
 ### **Optimizations**
-- **Increase scan intervals** (`<PLUGIN>_RUN_SCHD`) on busy networks or low-end hardware.
-- **Extend scan timeouts** (`<PLUGIN>_RUN_TIMEOUT`) to prevent failures.
-- **Reduce the subnet size** – e.g., from `/16` to `/24` to lower scan loads.
 
-Some plugins have additional options to limit the number of scanned devices. If certain plugins take too long to complete, check if you can optimize scan times by selecting a scan range. 
+* **Increase scan intervals** (`<PLUGIN>_RUN_SCHD`) on busy networks or low-end hardware.
+* **Increase timeouts** (`<PLUGIN>_RUN_TIMEOUT`) to avoid plugin failures.
+* **Reduce subnet size** – e.g., use `/24` instead of `/16` to reduce scan load.
 
-For example, the **ICMP plugin** allows you to specify a regular expression to scan only IPs that match a specific pattern.
+Some plugins also include options to limit which devices are scanned. If certain plugins consistently run long, consider narrowing their scope.
+
+For example, the **ICMP plugin** allows scanning only IPs that match a specific regular expression.
 
 ---
 
 ## Storing Temporary Files in Memory
 
-On systems with slower I/O speeds, you can optimize performance by storing temporary files in memory. This primarily applies to the API directory (default: `/tmp/api`, configurable via `NETALERTX_API`) and `/tmp/log` folders.
+On devices with slower I/O, you can improve performance by storing temporary files (and optionally the database) in memory using `tmpfs`.
 
-Using `tmpfs` reduces disk writes and improves performance. However, it should be **disabled** if persistent logs or API data storage are required.
+> [!WARNING]
+> Storing the **database** in `tmpfs` is generally discouraged. Use this only if device data and historical records are not required to persist. If needed, you can pair this setup with the `SYNC` plugin to store important persistent data on another node. See the [Plugins docs](./PLUGINS.md) for details.
 
-Below is an optimized `docker-compose.yml` snippet:
+Using `tmpfs` reduces disk writes and speeds up I/O, but **all data stored in memory will be lost on restart**.
 
+Below is an optimized `docker-compose.yml` snippet using non-persistent logs, API data, and DB:
 
 ```yaml
-version: "3"
 services:
   netalertx:
     container_name: netalertx
-    # Uncomment the line below to test the latest dev image
+    # Use this line for the stable release
-    # image: "ghcr.io/jokob-sk/netalertx-dev:latest"
     image: "ghcr.io/jokob-sk/netalertx:latest"
+    # Or use this line for the latest development build
+    # image: "ghcr.io/jokob-sk/netalertx-dev:latest"
     network_mode: "host"
     restart: unless-stopped
-    volumes:
-      - /local_data_dir/config:/data/config
-      - /local_data_dir/db:/data/db      
-      # (Optional) Useful for debugging setup issues
-      - /local_data_dir/logs:/tmp/log
-      # (API: OPTION 1) Store temporary files in memory (recommended for performance)
-      - type: tmpfs              # ◀ 🔺
-        target: /tmp/api         # ◀ 🔺
-      # (API: OPTION 2) Store API data on disk (useful for debugging)
-      # - /local_data_dir/api:/tmp/api
-      # Ensuring the timezone is the same as on the server - make sure also the TIMEZONE setting is configured
-      - /etc/localtime:/etc/localtime:ro    
-    environment: 
-      - PORT=20211
 
+    cap_drop:       # Drop all capabilities for enhanced security
+      - ALL
+    cap_add:        # Re-add necessary capabilities
+      - NET_RAW
+      - NET_ADMIN
+      - NET_BIND_SERVICE
+
+    volumes:
+      - ${APP_FOLDER}/netalertx/config:/data/config
+      - /etc/localtime:/etc/localtime:ro
+
+    tmpfs:
+      # All writable runtime state resides under /tmp; comment out to persist logs between restarts
+      - "/tmp:uid=20211,gid=20211,mode=1700,rw,noexec,nosuid,nodev,async,noatime,nodiratime"
+      - "/data/db:uid=20211,gid=20211,mode=1700"  # ⚠ You will lose historical data on restart
+
+    environment:
+      - PORT=${PORT}
+      - APP_CONF_OVERRIDE=${APP_CONF_OVERRIDE}
 ```

docs/REVERSE_DNS.md

@@ -40,16 +40,7 @@ services:
   netalertx:
     container_name: netalertx
     image: "ghcr.io/jokob-sk/netalertx:latest"
-    restart: unless-stopped
+...
-    volumes:
-      -  /local_data_dir/config:/data/config
-      -  /local_data_dir/db:/data/db
-      # -  /local_data_dir/log:/tmp/log
-      # Ensuring the timezone is the same as on the server - make sure also the TIMEZONE setting is configured
-      - /etc/localtime:/etc/localtime:ro    
-    environment:
-      - PORT=20211
-    network_mode: host
     dns:           # specifying the DNS servers used for the container
       - 10.8.0.1
       - 10.8.0.17
@@ -66,18 +57,10 @@ version: "3"
 services:
   netalertx:
     container_name: netalertx
-    image: "ghcr.io/jokob-sk/netalertx:latest"
-    restart: unless-stopped
     volumes:
-      - /local_data_dir/config/app.conf:/data/config/app.conf
+...
-      - /local_data_dir/db:/data/db
-      - /local_data_dir/log:/tmp/log
       - /local_data_dir/config/resolv.conf:/etc/resolv.conf                          # ⚠ Mapping the /resolv.conf file for better name resolution
-      # Ensuring the timezone is the same as on the server - make sure also the TIMEZONE setting is configured
+...
-      - /etc/localtime:/etc/localtime:ro    
-    environment:
-      - PORT=20211
-    network_mode: host
 ```
 
 #### /local_data_dir/config/resolv.conf:

docs/REVERSE_PROXY.md

@@ -496,14 +496,9 @@ server {
 Mapping the updated file (on the local filesystem at `/appl/docker/netalertx/default`) into the docker container:
 
 
-```bash
+```yaml
-docker run -d --rm --network=host \
+...
-  --name=netalertx \
+  volumes:
-  -v /appl/docker/netalertx/config:/data/config \
+    - /appl/docker/netalertx/default:/etc/nginx/sites-available/default
-  -v /appl/docker/netalertx/db:/data/db \
+...
-  -v /etc/localtime:/etc/localtime \
-  -v /appl/docker/netalertx/default:/etc/nginx/sites-available/default \
-  -e PORT=20211 \
-  ghcr.io/jokob-sk/netalertx:latest
-
 ```

docs/SYNOLOGY_GUIDE.md

@@ -29,6 +29,7 @@ The folders you are creating below will contain the configuration and the databa
 - Path: `/app_storage/netalertx` (will differ from yours)
 - Paste in the following template:
 
+
 ```yaml
 version: "3"
 services:
@@ -39,13 +40,20 @@ services:
     image: "ghcr.io/jokob-sk/netalertx:latest"
     network_mode: "host"
     restart: unless-stopped
+    cap_drop:       # Drop all capabilities for enhanced security
+      - ALL
+    cap_add:        # Re-add necessary capabilities
+      - NET_RAW
+      - NET_ADMIN
+      - NET_BIND_SERVICE
     volumes:
-      - local/path/config:/data/config
+      - /app_storage/netalertx/config:/data/config
-      - local/path/db:/data/db      
+      - /app_storage/netalertx/db:/data/db
-      # (optional) useful for debugging if you have issues setting up the container
+      # to sync with system time
-      - local/path/logs:/tmp/log
-      # Ensuring the timezone is the same as on the server - make sure also the TIMEZONE setting is configured
       - /etc/localtime:/etc/localtime:ro
+    tmpfs:
+      # All writable runtime state resides under /tmp; comment out to persist logs between restarts
+      - "/tmp:uid=20211,gid=20211,mode=1700,rw,noexec,nosuid,nodev,async,noatime,nodiratime"
     environment:
       - PORT=20211
 ```
@@ -73,3 +81,12 @@ services:
 
 10. Navigate to `<Synology URL>:20211` (or your custom port).
 11. Read the [Subnets](./SUBNETS.md) and [Plugins](/docs/PLUGINS.md) docs to complete your setup.
+
+
+> [!TIP]
+> If you are facing permissions issues run the following commands on your server. This will change the owner and assure sufficient access to the database and config files that are stored in the `/local_data_dir/db` and `/local_data_dir/config` folders (replace `local_data_dir` with the location where your `/db` and `/config` folders are located).
+>
+>  `sudo chown -R 20211:20211 /local_data_dir`
+>
+>  `sudo chmod -R a+rwx  /local_data_dir1`
+>

docs/WEB_UI_PORT_DEBUG.md

@@ -25,7 +25,7 @@ Follow all of the below in order to disqualify potential causes of issues and to
 
 When opening an issue or debugging:
 
-1. Include a screenshot of what you see when accessing `HTTP://<your rpi IP>/20211` (or your custom port)
+1. Include a screenshot of what you see when accessing `HTTP://<your_server>:20211` (or your custom port)
 1. [Follow steps 1, 2, 3, 4  on this page](./DEBUG_TIPS.md)
 1. Execute the following in the container to see the processes and their ports and submit a screenshot of the result:
    - `sudo apk add lsof`

docs/WORKFLOWS_DEBUGGING.md

@@ -1,7 +1,7 @@
 # Workflows debugging and troubleshooting
 
 > [!TIP]
-> Before troubleshooting, please ensure you have [Debugging enabled](./DEBUG_TIPS.md).
+> Before troubleshooting, please ensure you have the right [Debugging and LOG_LEVEL set](./DEBUG_TIPS.md).
 
 Workflows are triggered by various events. These events are captured and listed in the _Integrations -> App Events_ section of the application.
 

mkdocs.yml

@@ -63,14 +63,15 @@ nav:
         - Icons: ICONS.md
         - Network Topology: NETWORK_TREE.md
   - Troubleshooting:
+      - General Tips: DEBUG_TIPS.md
+      - Common Issues: COMMON_ISSUES.md
       - Inspecting Logs: LOGGING.md
-      - Debugging Tips: DEBUG_TIPS.md
+      - API Server Issues: DEBUG_API_SERVER.md
-      - Debugging GraphQL: DEBUG_GRAPHQL.md
+      - Invalid JSON Issues: DEBUG_INVALID_JSON.md
-      - Debugging Invalid JSON: DEBUG_INVALID_JSON.md
+      - PHP Issues: DEBUG_PHP.md
-      - Debugging PHP: DEBUG_PHP.md
+      - Plugin Issues: DEBUG_PLUGINS.md
-      - Debugging Plugins: DEBUG_PLUGINS.md
+      - Web UI Port Issues: WEB_UI_PORT_DEBUG.md
-      - Debugging Web UI Port: WEB_UI_PORT_DEBUG.md
+      - Workflows Issues: WORKFLOWS_DEBUGGING.md
-      - Debugging Workflows: WORKFLOWS_DEBUGGING.md
   - Development:
       - Plugin and app development:
         - Environment Setup: DEV_ENV_SETUP.md