Debug logging in production is unnecessarily noisy. Users who need
debug output can still set LOG_LEVEL=debug in their compose.yml.
Closes#285
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
MySQL (3306) and Redis (6379) were published to all host interfaces
despite only being accessed by the admin container via Docker's internal
network. Redis has no authentication, so anyone on the LAN could connect.
Removes the port mappings — containers still communicate internally via
Docker service names.
Closes#279
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Dozzle runs on port 9999 with no authentication. DOZZLE_ENABLE_ACTIONS
allows anyone on the LAN to stop/restart containers. NOMAD already
handles container management through its own admin UI.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Dozzle's DOZZLE_ENABLE_SHELL=true on an unauthenticated port allows
anyone on the LAN to open a shell into containers, including nomad_admin
which has the Docker socket mounted — creating a path to host root.
Disables shell access while keeping log viewing and container actions
(restart/stop) enabled.
Closes#278
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
- Add OLLAMA_API_URL environment variable for Docker networking
- Use host.docker.internal to reach Ollama from NOMAD container
- Add extra_hosts config in compose for Linux compatibility
- Add downloading_ai_model status with clear progress indicator
- Show model download progress on first AI benchmark run
- Fail AI-only benchmarks with clear error if AI unavailable
- Display benchmark errors to users via Alert component
- Improve error messages with error codes for debugging
Fixes issue where AI benchmark silently failed due to NOMAD container
being unable to reach Ollama at localhost:11434.
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
