Setup test environment: CrowdSec Manager + Middleware Manager instances for docs

[strausmann]

Summary

We need running instances of both products on our infrastructure — not just the docs sites, but the actual applications. These serve as:

1. Screenshot source — Capture UI screenshots and animations for documentation
2. Release testing — Test new releases before updating documentation
3. Feature verification — Verify documented features actually work as described
4. Staging reference — Maintainer and team can verify docs against real UI

Architecture

```
hhdocker01 (172.16.50.40)
├── docs-crowdsec-staging (Port 8081) ← Docs site
├── docs-middleware-staging (Port 8082) ← Docs site
├── crowdsec-manager-test (Port 8090) ← Application instance (NEW)
├── middleware-manager-test (Port 8093) ← Application instance (NEW)
└── ... (existing services)

Pangolin Resources:
├── docs-crowdsec.strausmann.cloud → :8081 (exists)
├── docs-middleware.strausmann.cloud → :8082 (exists)
├── test-crowdsec.strausmann.cloud → :8090 (NEW)
└── test-middleware.strausmann.cloud → :8093 (NEW)
```

CrowdSec Manager Test Instance

The CrowdSec Manager needs a CrowdSec LAPI to manage. Options:

• Reuse existing LAPI (backend:8080) — simplest, but we're already using it for production
• Dedicated test LAPI — separate CrowdSec container for the test instance

Recommendation: Reuse the existing LAPI. The test instance is read-only for screenshots, not for production management.

```yaml

docker-compose.test.yml on hhdocker01

services:
crowdsec-manager-test:
image: hhftechnology/crowdsec-manager:latest
container_name: crowdsec-manager-test
restart: unless-stopped
ports:
- "8090:8090"
environment:
- PORT=8090
- DOCKER_HOST=unix:///var/run/docker.sock
# Point to existing CrowdSec LAPI
volumes:
- /var/run/docker.sock:/var/run/docker.sock:ro
- /etc/localtime:/etc/localtime:ro
```

Middleware Manager Test Instance

The Middleware Manager needs Traefik to manage middlewares for. Options:

• Connect to Pangolin's Traefik on backend (complex, cross-network)
• Dedicated local Traefik — simple test setup with minimal config

```yaml
middleware-manager-test:
image: hhftechnology/middleware-manager:latest
container_name: middleware-manager-test
restart: unless-stopped
ports:
- "8093:8093"
environment:
- PORT=8093
- TRAEFIK_API_URL=http://traefik-test:8080
volumes:
- /etc/localtime:/etc/localtime:ro
```

Release Testing Workflow

```

1. New release published (hhftechnology/crowdsec-manager:vX.Y.Z)
2. Pull new image: docker compose -f docker-compose.test.yml pull
3. Restart: docker compose -f docker-compose.test.yml up -d
4. Test new features on test-crowdsec.strausmann.cloud
5. Capture screenshots for updated docs
6. Update documentation
7. Push to staging (docs-crowdsec.strausmann.cloud)
8. Create upstream PR
   ```

DNS Records (Cloudflare)

• `test-crowdsec.strausmann.cloud` → CNAME `connect.strausmann.cloud`
• `test-middleware.strausmann.cloud` → CNAME `connect.strausmann.cloud`

Pangolin Resources

• Resource for CrowdSec Manager Test (Port 8090, no SSO — Header Auth for Claude)
• Resource for Middleware Manager Test (Port 8093, no SSO — Header Auth for Claude)

Acceptance Criteria

• Both application instances running on hhdocker01
• Accessible via Pangolin (test-crowdsec/test-middleware.strausmann.cloud)
• Header Auth configured for Claude Playwright access
• Playwright MCP can navigate and capture screenshots
• Release update process documented (pull, restart, test)
• docker-compose.test.yml in staging/ directory of this repo