Flux Notify

// OVERVIEW

Flux Notify is the notification engine at the heart of the Flux Suite. It organizes alerts around incident threads — allowing your team to send initial notifications, updates, and resolutions while maintaining a complete audit trail.

Every message sent through Flux Notify is logged with a cryptographic hash chain, ensuring tamper-evident records for compliance and post-incident review.

// Key Concept

Incidents in Flux Notify are thread-based. A single incident can have an Initial notification, multiple Update messages, and a final Resolution — all linked together with full delivery tracking per channel.

// QUICK START

Clone & configure — Copy .env.example to .env and set your SMTP, AWS, and Slack credentials.
Launch containers — Run docker-compose up -d to start all five containers (web, db, worker, websocket, adminer).
Access the interface — Navigate to http://localhost:8080 and log in with the default admin credentials.
Configure channels — Go to Settings → Channels and verify each delivery method (SMTP test, AWS SNS test, Slack webhook test).
Create a contact list — Add contacts under Contact Lists, assigning delivery preferences per person.
Send your first incident — Click "New Incident", select message type "Initial", pick a contact list, and click Send.

# Linux / Mac
docker-compose up -d

# Windows (PowerShell)
docker-compose.exe up -d

# Check status
docker-compose ps
docker-compose logs -f worker

// REQUIREMENTS

Component	Requirement	Notes
Docker	20.10+	Docker Desktop or Engine
Docker Compose	2.0+	Included in Docker Desktop
RAM	2GB minimum	4GB recommended
Disk	5GB minimum	For DB + logs
SMTP Server	Any SMTP	Gmail, SES, Postfix, etc.
AWS Account	Optional	Required for SMS via SNS
Slack Workspace	Optional	Requires webhook URL

// INCIDENT MANAGEMENT

MESSAGE TYPES

Type	Use Case	Thread Position
INITIAL	First notification — declares the incident	Thread opener
UPDATE	Status change, new information, ETA	Thread continuation
RESOLVED	Incident closed, service restored	Thread closer
BRIDGE	Conference bridge details	Any position
ONE-TIME	Standalone, unthreaded message	Standalone

INCIDENT LIFECYCLE

An incident progresses through states: Open → Monitoring → Resolved. The system tracks time-in-state and can trigger escalations if an incident remains Open without acknowledgment past a configured threshold.

// Important

Resolved incidents are locked from further Updates. Use the "Reopen" function if additional notifications are required after resolution.

// DELIVERY CHANNELS

Channel	Provider	Config Key	Status
📧 Email	PHPMailer / SMTP	`smtp_*`	SUPPORTED
📱 SMS	AWS SNS	`aws_*`	SUPPORTED
💬 Slack	Incoming Webhook	`slack_webhook_url`	SUPPORTED
🔷 Teams	Incoming Webhook	`teams_webhook_url`	SUPPORTED
📞 Voice	Twilio / VoIP	`voice_*`	BETA
🪝 Webhook	Custom HTTP	`webhook_url`	SUPPORTED

DELIVERY QUEUE

All messages are queued in MariaDB and processed by the background worker container. This ensures delivery even under high load and allows automatic retry on failure. Failed deliveries are retried up to 3 times with exponential backoff.

// ROLE-BASED ACCESS

Role	Send Incidents	Manage Contacts	Manage Settings	View Audit Log
ADMIN	✅	✅	✅	✅
MANAGER	✅	✅	❌	✅
OPERATOR	✅	❌	❌	❌
VIEWER	❌	❌	❌	❌

// AUDIT LOGGING

Every action in Flux Notify — incident creation, message send, user login, setting change — is recorded in the audit log with a cryptographic hash chain. Each entry contains:

Timestamp (UTC, microsecond precision)
User ID and IP address
Action type and resource affected
SHA-256 hash linking to previous log entry
Full before/after JSON for setting changes

// Tamper Detection

The hash chain means any modification to a historical log entry will break the chain and be immediately detectable on the Audit Log verification page.

// AWS SNS CONFIGURATION

# .env configuration
AWS_ACCESS_KEY_ID=your_access_key
AWS_SECRET_ACCESS_KEY=your_secret_key
AWS_REGION=us-east-1
AWS_SNS_SENDER_ID=FluxNOC    # Optional, for supported regions

IAM PERMISSIONS REQUIRED

{
  "Version": "2012-10-17",
  "Statement": [{
    "Effect": "Allow",
    "Action": ["sns:Publish"],
    "Resource": "*"
  }]
}

// AWS SNS Sandbox

New AWS accounts start in SMS Sandbox mode. You must verify destination phone numbers before sending. Request production access via AWS Console → SNS → SMS settings.

// DOCKER DEPLOYMENT

CONTAINER ARCHITECTURE

Container	Image	Port	Purpose
`flux-web`	php:8.2-apache	8080	Main PHP application
`flux-db`	mariadb:10.6	3306 (internal)	Database server
`flux-worker`	php:8.2-cli	—	Queue processor
`flux-ws`	node:18-alpine	8081	WebSocket server
`flux-adminer`	adminer:4	8082	DB management UI

MANAGEMENT COMMANDS

# Start all services
docker-compose up -d

# View container status
docker-compose ps

# View worker logs (queue processing)
docker-compose logs -f flux-worker

# Restart a specific container
docker-compose restart flux-web

# Stop all services
docker-compose down

# Stop and remove all data (DESTRUCTIVE)
docker-compose down -v

// BACKUP & RESTORE

# Create a backup
./scripts/backup.sh
# Creates: ./backups/flux-notify-backup-YYYYMMDD_HHMMSS.tar.gz

# Restore from backup
./scripts/restore.sh flux-notify-backup-20260224_143700

# Manual database dump
docker exec flux-db mysqldump -u flux_user -p flux_notify > backup.sql

# Manual database restore
docker exec -i flux-db mysql -u flux_user -p flux_notify < backup.sql

// Backup Contents

Backups include the full MariaDB dump, uploaded attachments from the storage volume, and the current .env configuration (excluding secrets).

// OVERVIEW

// QUICK START

// REQUIREMENTS

// INCIDENT MANAGEMENT

MESSAGE TYPES

INCIDENT LIFECYCLE

// DELIVERY CHANNELS

DELIVERY QUEUE

// ROLE-BASED ACCESS

// AUDIT LOGGING

// AWS SNS CONFIGURATION

IAM PERMISSIONS REQUIRED

// DOCKER DEPLOYMENT

CONTAINER ARCHITECTURE

MANAGEMENT COMMANDS

// BACKUP & RESTORE