docs: add new Access Control and Logs documentation pages

- Documented Access Control features (e.g., Device Approvals, Password Rotation, 2FA, Custom Login Pages).
- Added detailed descriptions for Logs & Analytics (Access Logs, Request Logs, Action Logs).
- Included configuration instructions and feature-specific notes for Pangolin Cloud and Enterprise Edition.

Signed-off-by: Stefan Mogeritsch <stefan.mo.co@gmail.com>

docs/01_Architecture/Pangolin/Self-host_Pangolin/Community_Guides/Metrics.md

@@ -0,0 +1,210 @@
+> ## Documentation Index
+> Fetch the complete documentation index at: https://docs.pangolin.net/llms.txt
+> Use this file to discover all available pages before exploring further.
+
+# Metrics
+
+<div id="pangolin-toc-cta" className="pangolin-toc-cta-source">
+  <Card title="Try free on Pangolin Cloud" icon="cloud" href="https://app.pangolin.net/auth/signup" arrow="true" cta="Sign up free">
+    Fastest way to get started with Pangolin using the hosted control plane. No credit card required.
+  </Card>
+</div>
+
+<Note>
+  This is a community guide and is not officially supported. If you have any issues, please reach out to the [author](https://github.com/Lokowitz).
+</Note>
+
+This is a basic example of collecting metrics from Traefik and CrowdSec using Prometheus and visualizing them with
+Grafana dashboards.
+
+<Warning>
+  Important for users with low-powered server (1GB RAM):
+  This setup will increase the use of your server RAM.
+</Warning>
+
+## Configuration
+
+### Traefik
+
+For claiming metrics from Traefik we have to adjust some configuration files.
+
+1. Update the `docker-compose.yml` file of the Pangolin stack to expose metrics port `8082` for the Prometheus
+   connection:
+
+```yaml  theme={null}
+service:
+  gerbil:
+    ports:
+      - 8082:8082
+```
+
+<Warning>
+  Docker’s NAT-based port publishing feature automatically exposes all `ports:` defined in `docker-compose` file. This behavior can bypass your host firewall settings, potentially exposing services that you did not intend to make public.
+  Please see [complete warning about exposing ports](/self-host/dns-and-networking).
+</Warning>
+
+2. Update the `/config/traefik/traefik_config.yml` file to include the following:
+
+```yaml  theme={null}
+entryPoints:
+  metrics:
+    address: ":8082"
+
+metrics:
+  prometheus:
+    buckets:
+      - 0.1
+      - 0.3
+      - 1.2
+      - 5.0
+    entryPoint: metrics
+    addEntryPointsLabels: true
+    addRoutersLabels: true
+    addServicesLabels: true
+```
+
+3. Restart the Gerbil and Traefik container to apply the changes:
+
+```bash  theme={null}
+sudo docker restart traefik gerbil
+```
+
+### Crowdsec
+
+For claiming metrics from Crowdsec we have to adjust the docker compose files.
+
+1. Update the `docker-compose.yml` file of the Pangolin stack to expose metrics port `6060` for the Prometheus
+   connection:
+
+```yaml  theme={null}
+service:
+  crowdsec:
+    ports:
+      - 6060:6060
+```
+
+<Warning>
+  Docker’s NAT-based port publishing feature automatically exposes all `ports:` defined in the `docker-compose` file on all network interfaces. This behavior can bypass your host firewall settings, potentially exposing services that you did not intend to make public.
+  Please see [complete warning about exposing ports](/self-host/dns-and-networking).
+</Warning>
+
+2. Restart the Crowdsec container to apply the changes:
+
+```bash  theme={null}
+sudo docker restart crowdsec
+```
+
+## Prometheus
+
+1. Create a new Prometheus container or add it to `docker-compose.yml` of Pangolin stack:
+
+```yaml  theme={null}
+services:
+  prometheus:
+    container_name: prometheus
+    image: prom/prometheus:latest
+    restart: unless-stopped
+    ports:
+      - 9090:9090
+    volumes:
+      - /etc/timezone:/etc/timezone:ro
+      - /etc/localtime:/etc/localtime:ro
+      - ./config/prometheus/prometheus.yml:/etc/prometheus/prometheus.yml
+      - ./config/prometheus/data:/prometheus
+```
+
+<Warning>
+  Docker’s NAT-based port publishing feature automatically exposes all `ports:` defined in the `docker-compose` file on all network interfaces. This behavior can bypass your host firewall settings, potentially exposing services that you did not intend to make public.
+  Please see [complete warning about exposing ports](/self-host/dns-and-networking).
+</Warning>
+
+2. Create a `prometheus.yml` file in the `/config/prometheus` directory with the following content:
+
+```yaml  theme={null}
+global:
+  scrape_interval: 15s
+  evaluation_interval: 15s
+
+scrape_configs:
+  - job_name: "prometheus"
+    static_configs:
+      - targets: ["localhost:9090"]
+
+  - job_name: traefik
+    static_configs:
+      - targets: ["172.17.0.1:8082"]
+
+  - job_name: crowdsec
+    static_configs:
+      - targets: ["172.17.0.1:6060"]
+```
+
+3. Create a folder `data` in `/config/prometheus` and change the owner and owning group:
+
+```bash  theme={null}
+chown nobody:nogroup data
+```
+
+4. Start the Prometheus container:
+
+```bash  theme={null}
+sudo docker compose up -d
+```
+
+## Grafana
+
+1. Create a new Grafana container or add it to `docker-compose.yml` of Pangolin stack:
+
+```yaml  theme={null}
+services:
+  grafana:
+    image: grafana/grafana:latest
+    container_name: grafana
+    restart: unless-stopped
+    ports:
+      - 3000:3000
+    volumes:
+      - /etc/timezone:/etc/timezone:ro
+      - /etc/localtime:/etc/localtime:ro
+      - ./config/grafana/data:/var/lib/grafana
+```
+
+<Warning>
+  Docker’s NAT-based port publishing feature automatically exposes all `ports:` defined in the `docker-compose` file on all network interfaces. This behavior can bypass your host firewall settings, potentially exposing services that you did not intend to make public.
+  Please see [complete warning about exposing ports](/self-host/dns-and-networking).
+</Warning>
+
+2. Start the Grafana container:
+
+```bash  theme={null}
+sudo docker compose up -d
+```
+
+<Note>
+  Default login credentials for Grafana admin user is admin:admin.
+</Note>
+
+### Add Prometheus Connection
+
+Add the Prometheus connection under Connections -> Add new connection.
+
+Set `http://172.17.0.1:9090` as `Prometheus Server URL` and click `Save & test`.
+
+### Add Dashboard
+
+Add a Dashboard under Dashboard -> New -> Import and import a pre configured Dashboard or create your own.
+
+#### Traefik
+
+<Frame caption="Traefik Dashboard">
+  <img src="https://mintcdn.com/fossorial/u-2SUNWyK_LJL3sU/images/traefik_dashboard.png?fit=max&auto=format&n=u-2SUNWyK_LJL3sU&q=85&s=6afb4e81847fffc7aaf6c45686826528" alt="Traefik Dashboard" data-og-width="1842" width="1842" data-og-height="770" height="770" data-path="images/traefik_dashboard.png" data-optimize="true" data-opv="3" srcset="https://mintcdn.com/fossorial/u-2SUNWyK_LJL3sU/images/traefik_dashboard.png?w=280&fit=max&auto=format&n=u-2SUNWyK_LJL3sU&q=85&s=bb9b62a17b2b7e7889158bd2795a01e2 280w, https://mintcdn.com/fossorial/u-2SUNWyK_LJL3sU/images/traefik_dashboard.png?w=560&fit=max&auto=format&n=u-2SUNWyK_LJL3sU&q=85&s=7454585b3478a194163804fdbf29e7eb 560w, https://mintcdn.com/fossorial/u-2SUNWyK_LJL3sU/images/traefik_dashboard.png?w=840&fit=max&auto=format&n=u-2SUNWyK_LJL3sU&q=85&s=e8f3caea9bb396b433a4c1ae60dddcc1 840w, https://mintcdn.com/fossorial/u-2SUNWyK_LJL3sU/images/traefik_dashboard.png?w=1100&fit=max&auto=format&n=u-2SUNWyK_LJL3sU&q=85&s=69121558ea6b5627a12148b50ba2c261 1100w, https://mintcdn.com/fossorial/u-2SUNWyK_LJL3sU/images/traefik_dashboard.png?w=1650&fit=max&auto=format&n=u-2SUNWyK_LJL3sU&q=85&s=bf2d1d60bd3d2dcc90b55438c6b668ac 1650w, https://mintcdn.com/fossorial/u-2SUNWyK_LJL3sU/images/traefik_dashboard.png?w=2500&fit=max&auto=format&n=u-2SUNWyK_LJL3sU&q=85&s=7c14e820503c65dfcd6ebdc754d3aa82 2500w" />
+</Frame>
+
+Template Import ID = 17346
+
+[https://grafana.com/grafana/dashboards/17346-traefik-official-standalone-dashboard/](https://grafana.com/grafana/dashboards/17346-traefik-official-standalone-dashboard/)
+
+#### Crowdsec
+
+[https://github.com/crowdsecurity/grafana-dashboards/tree/master](https://github.com/crowdsecurity/grafana-dashboards/tree/master)
+