diff --git a/docs/website/docs.html b/docs/website/docs.html
index de47a2e..676c1db 100644
--- a/docs/website/docs.html
+++ b/docs/website/docs.html
@@ -216,6 +216,8 @@ python3 setup.py
Network access to RouterOS devices on ports 8728 (API) and 8729 (API-SSL)
+ Note: If you used the setup wizard (python3 setup.py), these steps were completed automatically.
+
1. Clone and Configure
git clone <repository-url> tod
cd tod
@@ -253,10 +255,10 @@ docker compose -f docker-compose.yml -f docker-compose.prod.yml build frontend
@@ -320,7 +322,7 @@ open http://localhost
| Redis | 128 MB |
| NATS | 128 MB |
| API | 512 MB |
- | Poller | 256 MB |
+ | Poller | 512 MB |
| Frontend | 64 MB |
@@ -468,7 +470,7 @@ open http://localhost
Go Poller
- - Stack: Go 1.23, go-routeros/v3, pgx/v5, nats.go
+ - Stack: Go 1.25, go-routeros/v3, pgx/v5, nats.go
- Polling model: Synchronous per-device polling on a configurable interval (default 60s)
- Device communication: RouterOS binary API over TLS (port 8729), InsecureSkipVerify for self-signed certs
- TLS fallback: Three-tier strategy — CA-verified → InsecureSkipVerify → plain API
@@ -476,10 +478,10 @@ open http://localhost
- Circuit breaker: Backs off from unreachable devices to avoid wasting poll cycles
- Credential decryption: OpenBao Transit with LRU cache (1024 entries, 5min TTL) to minimize KMS calls
- Output: Publishes poll results to NATS JetStream; the API’s NATS subscribers process and persist them
- - Remote access: Tunnel manager allocates TCP ports (49000–49004) for WinBox sessions; SSH relay server bridges WebSocket connections to RouterOS SSH via PTY
+ - Remote access: Tunnel manager allocates TCP ports (49000–49100) for WinBox sessions; SSH relay server bridges WebSocket connections to RouterOS SSH via PTY
- NATS responder: Listens on
tunnel.open.* / tunnel.close.* for API-initiated WinBox tunnel requests
- Database access: Uses
poller_user role which bypasses RLS (needs cross-tenant device access)
- - Memory limit: 256 MB
+ - Memory limit: 512 MB
Infrastructure Services
@@ -543,7 +545,7 @@ open http://localhost
| PostgreSQL | 512 MB |
| API | 512 MB |
- | Go Poller | 256 MB |
+ | Go Poller | 512 MB |
| OpenBao | 256 MB |
| Redis | 128 MB |
| NATS | 128 MB |
@@ -566,8 +568,8 @@ open http://localhost
| NATS Monitor | 8222 | 8222 | HTTP |
| OpenBao | 8200 | 8200 | HTTP |
| WireGuard | 51820 | 51820 | UDP |
- | WinBox Tunnels | 49000–49004 | 49000–49004 | TCP |
- | SSH Relay (WebSocket) | 2222 | 2222 | TCP |
+ | WinBox Tunnels | 49000–49100 | 49000–49100 | TCP |
+ | SSH Relay (WebSocket) | 8080 | 8080 | TCP |
@@ -884,7 +886,7 @@ open http://localhost
Click the WinBox button on any device to open a temporary TCP tunnel:
- The API sends a NATS request to the poller on
tunnel.open.{device_id}.
- - The poller allocates a port from the pool (49000–49004) and opens a bidirectional TCP proxy to the device’s WinBox port (8291).
+ - The poller allocates a port from the pool (49000–49100) and opens a bidirectional TCP proxy to the device’s WinBox port (8291).
- The API returns a
winbox:// URI that launches your local WinBox application.
- The tunnel closes automatically after 5 minutes of idle time, or when explicitly closed.
@@ -922,7 +924,7 @@ open http://localhost
| Idle timeout | 5 minutes | 15 minutes |
- | Port range | 49000–49004 | N/A (WebSocket) |
+ | Port range | 49000–49100 | N/A (WebSocket) |
| Auth method | NATS request-reply | Single-use Redis token (60s TTL) |
| Audit logged | Yes (open/close) | Yes (open/close with duration) |
| RBAC | Operator+ | Operator+ |
@@ -935,7 +937,7 @@ open http://localhost
SSH session tokens are single-use, expire in 60 seconds, and are validated + deleted atomically in Redis.
All session open/close events are written to the immutable audit trail.
SSH session end events are published to NATS JetStream for durable processing.
- Rate limited: 5 tunnel/session requests per minute per IP.
+ Rate limited: 10 tunnel/session requests per minute per IP.
@@ -1495,7 +1497,7 @@ open http://localhost
| Redis | 128 MB |
| NATS | 128 MB |
| API | 512 MB |
- | Poller | 256 MB |
+ | Poller | 512 MB |
| Frontend | 64 MB |