From a1a53a5d6ecee42cacc24a3a0bae01bc30e96094 Mon Sep 17 00:00:00 2001 From: Ben Date: Sat, 23 May 2026 15:08:48 +1000 Subject: [PATCH] =?UTF-8?q?docs(docker):=20dashboard=20IS=20supervised=20?= =?UTF-8?q?=E2=80=94=20update=20note=20that=20contradicted=20the=20PR?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit PR #30136 review caught that website/docs/user-guide/docker.md still said "The dashboard side-process is **not supervised** — if it crashes, it stays down until the container restarts." That was true under tini but is the opposite of the s6 behavior this PR ships and `test_dashboard_restarts_after_crash` proves. Replace with a description of what users actually see now: automatic restart by s6-overlay, new PID after a short backoff, logs via `docker logs`. The standalone-container caveat carries forward unchanged. --- website/docs/user-guide/docker.md | 10 +++++++++- 1 file changed, 9 insertions(+), 1 deletion(-) diff --git a/website/docs/user-guide/docker.md b/website/docs/user-guide/docker.md index 41d3fad7aaa..6680ecba96c 100644 --- a/website/docs/user-guide/docker.md +++ b/website/docs/user-guide/docker.md @@ -84,7 +84,15 @@ The entrypoint starts `hermes dashboard` in the background (running as the non-r By default, the dashboard stays on loopback to avoid exposing the unauthenticated web surface over the network. To publish it intentionally, set `HERMES_DASHBOARD_HOST=0.0.0.0` and configure your own trusted network boundary/reverse proxy. In that case you must explicitly add `--insecure` behavior by passing host/flags in your command path (the entrypoint no longer auto-enables insecure mode). :::note -The dashboard side-process is **not supervised** — if it crashes, it stays down until the container restarts. Running it as a separate container is not supported: the dashboard's gateway-liveness detection requires a shared PID namespace with the gateway process. +The dashboard runs as a supervised s6 service inside the container. If +the dashboard process crashes, s6-overlay restarts it automatically +after a short backoff — you'll see a new PID without needing to +restart the container. Logs and crash output are visible via +`docker logs ` (s6 forwards service stdout/stderr there). + +Running the dashboard as a separate container is not supported: its +gateway-liveness detection requires a shared PID namespace with the +gateway process. ::: ## Running interactively (CLI chat)