[pull] master from netdata:master

.github/scripts/package_cloud_wrapper.sh

@@ -1,4 +1,5 @@
 #!/usr/bin/env bash
+# SPDX-License-Identifier: GPL-3.0-or-later
 #
 # This is a tool to help removal of packages from packagecloud.io
 # It utilizes the package_cloud utility provided from packagecloud.io
@@ -10,10 +11,8 @@
 # 1) PKG_CLOUD_TOKEN variable exported
 # 2) To properly install package_cloud when not found, it requires: ruby gcc gcc-c++ ruby-devel
 #
-# Copyright: SPDX-License-Identifier: GPL-3.0-or-later
-#
-# Author  : Pavlos Emm. Katsoulakis ([email protected])
 #shellcheck disable=SC2068,SC2145
+
 set -e
 PKG_CLOUD_CONFIG="$HOME/.package_cloud_configuration.cfg"
 

REDISTRIBUTED.md

@@ -1,7 +1,7 @@
 # Redistributed software
 
 Netdata copyright info:<br/>
-Copyright 2023, Netdata Inc.<br/>
+Copyright 2018-2025 Netdata Inc.<br/>
 Released under [GPL v3 or later](https://raw.githubusercontent.com/netdata/netdata/master/LICENSE).
 
 Netdata uses SPDX license tags to identify the license for its files.

docs/developer-and-contributor-corner/style-guide.md

@@ -160,15 +160,15 @@ capitalization. In summary:
   Docker, Apache, NGINX)
 - Avoid camel case (NetData) or all caps (NETDATA).
 
-Whenever you refer to the company Netdata, Inc., or the open-source monitoring Agent the company develops, capitalize both words.
+Whenever you refer to the company Netdata Inc., or the open-source monitoring Agent the company develops, capitalize both words.
 
 However, if you’re referring to a process, user, or group on a Linux system, use lowercase and fence the word in an
 inline code block: `` `netdata` ``.
 
 |                 |                                                                                                |
 |-----------------|------------------------------------------------------------------------------------------------|
-| Not recommended | The netdata agent, which spawns the netdata process, is actively maintained by netdata, inc.   |
-| **Recommended** | The Netdata Agent, which spawns the `netdata` process, is actively maintained by Netdata, Inc. |
+| Not recommended | The netdata agent, which spawns the netdata process, is actively maintained by Netdata Inc.    |
+| **Recommended** | The Netdata Agent, which spawns the `netdata` process, is actively maintained by Netdata Inc.  |
 
 #### Capitalization of document titles and page headings
 

docs/diagrams/netdata-overview.xml

@@ -294,7 +294,7 @@
         <mxCell id="110" value="" style="shadow=0;dashed=0;html=1;strokeColor=none;labelPosition=center;verticalLabelPosition=bottom;verticalAlign=top;shape=mxgraph.mscae.cloud.api_management;fillColor=#0079D6;fontSize=20;align=center;" parent="1" vertex="1">
           <mxGeometry x="91" y="562" width="35" height="30" as="geometry" />
         </mxCell>
-        <UserObject label="&lt;div style=&quot;text-align: right&quot;&gt;&lt;b&gt;&lt;font style=&quot;font-size: 24px&quot;&gt;netdata&lt;/font&gt;&lt;/b&gt;&lt;/div&gt;&lt;div style=&quot;text-align: right&quot;&gt;simple. effective. awesome!&lt;/div&gt;&lt;div style=&quot;text-align: right&quot;&gt;&lt;b&gt;https://netdata.cloud&lt;/b&gt;&lt;/div&gt;&lt;div style=&quot;text-align: right&quot;&gt;&lt;span style=&quot;font-size: 14px&quot;&gt;&lt;br&gt;(C) Copyright 2023&lt;br&gt;&lt;/span&gt;&lt;span style=&quot;font-size: 14px&quot;&gt;Netdata, Inc.&lt;/span&gt;&lt;/div&gt;" link="https://netdata.cloud" id="111">
+        <UserObject label="&lt;div style=&quot;text-align: right&quot;&gt;&lt;b&gt;&lt;font style=&quot;font-size: 24px&quot;&gt;netdata&lt;/font&gt;&lt;/b&gt;&lt;/div&gt;&lt;div style=&quot;text-align: right&quot;&gt;simple. effective. awesome!&lt;/div&gt;&lt;div style=&quot;text-align: right&quot;&gt;&lt;b&gt;https://netdata.cloud&lt;/b&gt;&lt;/div&gt;&lt;div style=&quot;text-align: right&quot;&gt;&lt;span style=&quot;font-size: 14px&quot;&gt;&lt;br&gt;(C) Copyright 2018-2025&lt;br&gt;&lt;/span&gt;&lt;span style=&quot;font-size: 14px&quot;&gt;Netdata Inc.&lt;/span&gt;&lt;/div&gt;" link="https://netdata.cloud" id="111">
           <mxCell style="text;html=1;resizable=0;points=[];autosize=1;align=left;verticalAlign=top;spacingTop=-4;fontSize=20;" parent="1" vertex="1">
             <mxGeometry x="994" y="1763.666748046875" width="270" height="160" as="geometry" />
           </mxCell>

docs/netdata-agent/securing-netdata-agents.md

@@ -1,130 +1,130 @@
-# Securing Netdata Agents
-
-By default, the Agent exposes its **local dashboard** on port `19999`. If the node has a public IP address, the dashboard and metrics are accessible to anyone at `http://NODE:19999`.
-
-Protect your Agents by implementing any of these security measures:
-
-**Recommended**:
-
-- [Disable the local dashboard](#disable-the-local-dashboard): Best for users who monitor their systems through Netdata Cloud dashboards.
-- [Use Netdata Parents as Web Application Firewalls](#use-netdata-parents-as-web-application-firewalls): Deploy Parent nodes as border gateways to isolate production systems from direct internet exposure, even when using Netdata Cloud.
-
-**Alternative Approaches**:
-
-- [Restrict dashboard access to private LAN](#restrict-dashboard-access-to-private-lan): Suitable for accessing the local dashboard via a LAN connection.
-- [Configure granular access control](#configure-granular-access-control): Limit local dashboard access to specific IP addresses, such as trusted static IPs or management LAN connections.
-- [Deploy a reverse proxy](#deploy-a-reverse-proxy): Secure your dashboard with password protection and TLS encryption.
-
-## Disable the local dashboard
-
-Secure your nodes by disabling local dashboard access while maintaining Cloud monitoring capabilities:
-
-- Eliminates public exposure of metrics and system information.
-- Maintains secure metrics viewing through Netdata Cloud via [ACLK](/src/aclk/README.md).
-
-Edit the `[web]` section in `netdata.conf` using the [`edit-config`](/docs/netdata-agent/configuration/README.md#edit-a-configuration-file-using-edit-config) script:
-
-```text
-[web]
-    mode = none
-```
-
-Restart your Agent to apply changes. After restart, the local dashboard (http://NODE:19999) will no longer be accessible, but all metrics remain available through Netdata Cloud.
-
-> **Note**
->
-> For Docker deployments, set `NETDATA_HEALTHCHECK_TARGET=cli` in your environment variables.
-
-## Use Netdata Parents as Web Application Firewalls
-
-Enhance security by deploying Parent nodes as border gateways, eliminating the need for direct internet access from production Agents. Parent nodes:
-
-- Act as application firewalls.
-- Receive metrics from Child Agents securely.
-- Serve dashboard requests using local data.
-- Maintain Netdata Cloud connectivity through encrypted connection.
-
-For more information, see [Observability Centralization Points](/docs/observability-centralization-points/README.md).
-
-## Restrict dashboard access to private LAN
-
-Enhance security by binding the Agent to your organization's private management network interface. This limits dashboard access to your administrative LAN only.
-
-Edit the `[web]` section in `netdata.conf` using the [`edit-config`](/docs/netdata-agent/configuration/README.md#edit-a-configuration-file-using-edit-config) script:
-
-```text
-[web]
-    bind to = 10.1.1.1:19999 localhost:19999
-```
-
-The Agent supports binding to multiple IPs and ports. When using hostnames, all resolved IPs will be used (for example, `localhost` typically resolves to both `127.0.0.1` and `::1`).
-
-<details><summary>More info for cloud-based installations</summary>
-
-For cloud environments without private LAN capabilities or multi-cloud deployments, you can create a virtual management network using mesh VPN tools like `tincd` or `gvpe`. These tools enable secure, private communication between servers while allowing administration stations to access management functions across your cloud infrastructure.
-
-For `gvpe` specifically, we maintain a [deployment tool](https://github.com/netdata/netdata-demo-site/tree/master/gvpe) that includes:
-
-- Pre-compiled binaries for Linux and FreeBSD.
-- macOS compilation script.
-- Configuration templates.
-
-We use this tool to manage our Netdata demo sites across multiple hosting providers.
-
-</details>
-
-## Configure granular access control
-
-Restrict access to your local dashboard while maintaining Netdata Cloud connectivity by using [access lists](/src/web/server/README.md#access-lists).
-
-Edit the `[web]` section in `netdata.conf` using the [`edit-config`](/docs/netdata-agent/configuration/README.md#edit-a-configuration-file-using-edit-config) script.
-
-Use the `allow connections from` setting to permit specific IP addresses or hostnames:
-
-```text
-[web]
-    # Allow only localhost connections
-    allow connections from = localhost
-
-    # Allow only from management LAN running on `10.X.X.X`
-    allow connections from = 10.*
-
-    # Allow connections only from a specific FQDN/hostname
-    allow connections from = example*
-```
-
-The default setting `localhost *` allows both localhost and all external connections. You can customize this using Netdata's [simple patterns](/src/libnetdata/simple_pattern/README.md).
-
-While `allow connections from` globally controls access to all Netdata services, you can set specific permissions for individual features:
-
-```text
-[web]
-    allow connections from = localhost *
-    allow dashboard from = localhost *
-    allow badges from = *
-    allow streaming from = *
-    allow netdata.conf from = localhost fd* 10.* 192.168.* 172.16.* 172.17.* 172.18.* 172.19.* 172.20.* 172.21.* 172.22.* 172.23.* 172.24.* 172.25.* 172.26.* 172.27.* 172.28.* 172.29.* 172.30.* 172.31.*
-    allow management from = localhost
-```
-
-For additional security:
-
-- Review detailed access list options in the [Web Server documentation](/src/web/server/README.md#access-lists).
-- Consider [enabling SSL](/src/web/server/README.md#enable-httpstls-support) to encrypt local dashboard traffic (Netdata Cloud connections are always TLS-encrypted).
-
-## Deploy a reverse proxy
-
-Secure multiple Agents using a single authenticating web server as a reverse proxy. This provides:
-
-- Unified access through URLs like `http://{HOST}/netdata/{NETDATA_HOSTNAME}/`.
-- Single sign-on across all Agents.
-- Optional TLS encryption.
-
-We provide detailed configuration guides for popular web servers:
-
-- [nginx](/docs/netdata-agent/configuration/running-the-netdata-agent-behind-a-reverse-proxy/Running-behind-nginx.md)
-- [HAProxy](/docs/netdata-agent/configuration/running-the-netdata-agent-behind-a-reverse-proxy/Running-behind-haproxy.md)
-- [Apache](/docs/netdata-agent/configuration/running-the-netdata-agent-behind-a-reverse-proxy/Running-behind-apache.md)
-- [Lighttpd](/docs/netdata-agent/configuration/running-the-netdata-agent-behind-a-reverse-proxy/Running-behind-lighttpd.md)
-- [Caddy](/docs/netdata-agent/configuration/running-the-netdata-agent-behind-a-reverse-proxy/Running-behind-caddy.md)
-- [H2O](/docs/netdata-agent/configuration/running-the-netdata-agent-behind-a-reverse-proxy/Running-behind-h2o.md)
+# Securing Netdata Agents
+
+By default, the Agent exposes its **local dashboard** on port `19999`. If the node has a public IP address, the dashboard and metrics are accessible to anyone at `http://NODE:19999`.
+
+Protect your Agents by implementing any of these security measures:
+
+**Recommended**:
+
+- [Disable the local dashboard](#disable-the-local-dashboard): Best for users who monitor their systems through Netdata Cloud dashboards.
+- [Use Netdata Parents as Web Application Firewalls](#use-netdata-parents-as-web-application-firewalls): Deploy Parent nodes as border gateways to isolate production systems from direct internet exposure, even when using Netdata Cloud.
+
+**Alternative Approaches**:
+
+- [Restrict dashboard access to private LAN](#restrict-dashboard-access-to-private-lan): Suitable for accessing the local dashboard via a LAN connection.
+- [Configure granular access control](#configure-granular-access-control): Limit local dashboard access to specific IP addresses, such as trusted static IPs or management LAN connections.
+- [Deploy a reverse proxy](#deploy-a-reverse-proxy): Secure your dashboard with password protection and TLS encryption.
+
+## Disable the local dashboard
+
+Secure your nodes by disabling local dashboard access while maintaining Cloud monitoring capabilities:
+
+- Eliminates public exposure of metrics and system information.
+- Maintains secure metrics viewing through Netdata Cloud via [ACLK](/src/aclk/README.md).
+
+Edit the `[web]` section in `netdata.conf` using the [`edit-config`](/docs/netdata-agent/configuration/README.md#edit-a-configuration-file-using-edit-config) script:
+
+```text
+[web]
+    mode = none
+```
+
+Restart your Agent to apply changes. After restart, the local dashboard (http://NODE:19999) will no longer be accessible, but all metrics remain available through Netdata Cloud.
+
+> **Note**
+>
+> For Docker deployments, set `NETDATA_HEALTHCHECK_TARGET=cli` in your environment variables.
+
+## Use Netdata Parents as Web Application Firewalls
+
+Enhance security by deploying Parent nodes as border gateways, eliminating the need for direct internet access from production Agents. Parent nodes:
+
+- Act as application firewalls.
+- Receive metrics from Child Agents securely.
+- Serve dashboard requests using local data.
+- Maintain Netdata Cloud connectivity through encrypted connection.
+
+For more information, see [Observability Centralization Points](/docs/observability-centralization-points/README.md).
+
+## Restrict dashboard access to private LAN
+
+Enhance security by binding the Agent to your organization's private management network interface. This limits dashboard access to your administrative LAN only.
+
+Edit the `[web]` section in `netdata.conf` using the [`edit-config`](/docs/netdata-agent/configuration/README.md#edit-a-configuration-file-using-edit-config) script:
+
+```text
+[web]
+    bind to = 10.1.1.1:19999 localhost:19999
+```
+
+The Agent supports binding to multiple IPs and ports. When using hostnames, all resolved IPs will be used (for example, `localhost` typically resolves to both `127.0.0.1` and `::1`).
+
+<details><summary>More info for cloud-based installations</summary>
+
+For cloud environments without private LAN capabilities or multi-cloud deployments, you can create a virtual management network using mesh VPN tools like `tincd` or `gvpe`. These tools enable secure, private communication between servers while allowing administration stations to access management functions across your cloud infrastructure.
+
+For `gvpe` specifically, we maintain a [deployment tool](https://github.com/netdata/netdata-demo-site/tree/master/gvpe) that includes:
+
+- Pre-compiled binaries for Linux and FreeBSD.
+- macOS compilation script.
+- Configuration templates.
+
+We use this tool to manage our Netdata demo sites across multiple hosting providers.
+
+</details>
+
+## Configure granular access control
+
+Restrict access to your local dashboard while maintaining Netdata Cloud connectivity by using [access lists](/src/web/server/README.md#access-lists).
+
+Edit the `[web]` section in `netdata.conf` using the [`edit-config`](/docs/netdata-agent/configuration/README.md#edit-a-configuration-file-using-edit-config) script.
+
+Use the `allow connections from` setting to permit specific IP addresses or hostnames:
+
+```text
+[web]
+    # Allow only localhost connections
+    allow connections from = localhost
+
+    # Allow only from management LAN running on `10.X.X.X`
+    allow connections from = 10.*
+
+    # Allow connections only from a specific FQDN/hostname
+    allow connections from = example*
+```
+
+The default setting `localhost *` allows both localhost and all external connections. You can customize this using Netdata's [simple patterns](/src/libnetdata/simple_pattern/README.md).
+
+While `allow connections from` globally controls access to all Netdata services, you can set specific permissions for individual features:
+
+```text
+[web]
+    allow connections from = localhost *
+    allow dashboard from = localhost *
+    allow badges from = *
+    allow streaming from = *
+    allow netdata.conf from = localhost fd* 10.* 192.168.* 172.16.* 172.17.* 172.18.* 172.19.* 172.20.* 172.21.* 172.22.* 172.23.* 172.24.* 172.25.* 172.26.* 172.27.* 172.28.* 172.29.* 172.30.* 172.31.*
+    allow management from = localhost
+```
+
+For additional security:
+
+- Review detailed access list options in the [Web Server documentation](/src/web/server/README.md#access-lists).
+- Consider [enabling SSL](/src/web/server/README.md#enable-httpstls-support) to encrypt local dashboard traffic (Netdata Cloud connections are always TLS-encrypted).
+
+## Deploy a reverse proxy
+
+Secure multiple Agents using a single authenticating web server as a reverse proxy. This provides:
+
+- Unified access through URLs like `http://{HOST}/netdata/{NETDATA_HOSTNAME}/`.
+- Single sign-on across all Agents.
+- Optional TLS encryption.
+
+We provide detailed configuration guides for popular web servers:
+
+- [nginx](/docs/netdata-agent/configuration/running-the-netdata-agent-behind-a-reverse-proxy/Running-behind-nginx.md)
+- [HAProxy](/docs/netdata-agent/configuration/running-the-netdata-agent-behind-a-reverse-proxy/Running-behind-haproxy.md)
+- [Apache](/docs/netdata-agent/configuration/running-the-netdata-agent-behind-a-reverse-proxy/Running-behind-apache.md)
+- [Lighttpd](/docs/netdata-agent/configuration/running-the-netdata-agent-behind-a-reverse-proxy/Running-behind-lighttpd.md)
+- [Caddy](/docs/netdata-agent/configuration/running-the-netdata-agent-behind-a-reverse-proxy/Running-behind-caddy.md)
+- [H2O](/docs/netdata-agent/configuration/running-the-netdata-agent-behind-a-reverse-proxy/Running-behind-h2o.md)

docs/netdata-cloud/node-membership-rules.md → docs/netdata-cloud/node-rule-based-room-assignment.md

@@ -1,6 +1,6 @@
-# Node Membership Rules
+# Node Rule-Based Room Assignment
 
-Node Membership Rules automate Node organization within Rooms based on host labels. This simplifies infrastructure management by dynamically assigning Nodes to appropriate Rooms, eliminating manual intervention.
+Organize Nodes within Rooms automatically using configurable label-based rules. This feature simplifies infrastructure management by dynamically assigning Nodes to appropriate Rooms based on their host labels, eliminating manual intervention.
 
 **Important**:
 

netdata-installer.sh

@@ -429,7 +429,7 @@ if [ "$(id -u)" -ne 0 ] && [ -z "${NETDATA_PREPARE_ONLY}" ]; then
 fi
 
 netdata_banner
-progress "real-time performance monitoring, done right!"
+progress "monitoring and troubleshooting, transformed!"
 cat << BANNER1
 
   You are about to build and install netdata to your system.
@@ -999,7 +999,7 @@ fi
 # -----------------------------------------------------------------------------
 # check if we can re-start netdata
 
-# TODO(paulfantom): Creation of configuration file should be handled by a build system. Additionally we shouldn't touch configuration files in /etc/netdata/...
+# TODO: Creation of configuration file should be handled by a build system. Additionally we shouldn't touch configuration files in /etc/netdata/...
 started=0
 if [ ${DONOTSTART} -eq 1 ]; then
   create_netdata_conf "${NETDATA_PREFIX}/etc/netdata/netdata.conf"

netdata.spec.in

@@ -120,7 +120,7 @@ AutoReqProv: yes
 # Filter known bogus deps that would be caught by AutoReqProv.
 %global __requires_exclude_from ^%{_libdir}/%{name}/system/.*$
 
-Summary:	Real-time performance monitoring, done right!
+Summary:	Netdata - Monitoring and troubleshooting, transformed!
 Name:		netdata
 Version:	%{version}
 Release:	1%{?dist}
@@ -1051,7 +1051,7 @@ fi
 - Fix /etc/netdata permissions
 * Mon Sep 23 2019 Konstantinos Natsakis <[email protected]> 0.0.0-9
 - Do not build CUPS plugin subpackage on CentOS 6 and CentOS 7
-* Tue Aug 20 2019 Pavlos Emm. Katsoulakis <paul@netdat.acloud> - 0.0.0-8
+* Tue Aug 20 2019 Pavlos Emm. Katsoulakis <paul@netdata.cloud> - 0.0.0-8
 - Split CUPS functionality on separate package
 * Fri Jun 28 2019 Pavlos Emm. Katsoulakis <[email protected]> - 0.0.0-7
 - Raise the path overrides to the spec file level, not just the configure.

packaging/check-for-go-toolchain.sh

@@ -1,6 +1,4 @@
 #!/bin/sh
-#
-# Copyright (c) 2024 Netdata Inc.
 # SPDX-License-Identifier: GPL-v3+
 #
 # Check if we need to install a Go toolchain.