Settings and Maintenance API
All endpoints require authentication (Basic or JWT). Responses use the envelope {"status": "success", "data": ...} unless noted.
List all settings
GET /api/settings{
"status": "success",
"data": [
{ "setting_name": "ssl_bump_enabled", "setting_value": "false" },
{ "setting_name": "cache_size", "setting_value": "2000" }
]
}Setting values that are stored encrypted at rest (those whose key contains password, secret, token, or webhook) are decrypted before being returned.
Update a single setting
PUT /api/settings/{setting_name}{ "value": "true" }The key in the path must consist of alphanumeric characters and underscores only and be no longer than 100 characters. The value is capped at 10 000 characters.
Bulk update settings
POST /api/settingsThe body is a flat object mapping setting names to their new values:
{
"ssl_bump_enabled": "true",
"cache_size": "5000",
"auto_refresh_enabled": "true"
}All updates are applied in a single transaction. The same name and value validation applies as for the single-setting endpoint.
Health
GET /health
GET /api/healthReturns 200 if the backend is reachable. Authentication is not required.
{ "status": "healthy", "version": "3.4.4" }Database export
GET /api/database/exportReturns a JSON dump of every exported table. Columns named password, secret, or token are replaced with ***REDACTED***. The download is served as Content-Disposition: attachment.
Database statistics
GET /api/database/statsReturns row counts for every exported table along with the file size.
Database optimise
POST /api/database/optimizeRuns VACUUM and REINDEX on the SQLite database.
Database size
GET /api/database/sizeReturns the database file size in bytes.
Database reset
POST /api/database/resetTruncates every exported table except users. Use with care.
Reload proxy configuration
POST /api/maintenance/reload-configAsks the proxy to regenerate squid.conf from the latest blacklist/whitelist files and reload. Equivalent to squid -k reconfigure.
Reload DNS configuration
POST /api/maintenance/reload-dnsRegenerates the dnsmasq blocklist (with whitelist exclusions) and signals the dns container to reload (SIGHUP).
Cache statistics
GET /api/cache/statisticsReturns Squid cache metrics (hit ratio, memory and disk usage). When the Squid cache manager is unavailable, the response is annotated with simulated: true and zeroed values.
Clear proxy cache
POST /api/maintenance/clear-cacheClears the Squid disk cache.
Backup configuration
GET /api/maintenance/backup-configDownloads a backup containing the current settings, blacklists, and whitelists in JSON form.
Restore configuration
POST /api/maintenance/restore-configRestores from a backup created by /api/maintenance/backup-config.
Check certificate security
GET /api/maintenance/check-cert-securityReports the strength and validity of the SSL bump certificate.
Download CA certificate
GET /api/security/download-caReturns /config/ssl_cert.pem. Install it on client devices to suppress browser warnings when SSL bump is active.
Rate limits
GET /api/security/rate-limitsLists IPs currently locked out by the login-failure rate limiter, with the time at which the lockout expires.
DELETE /api/security/rate-limits/{ip}Removes the lockout for the given IP.