docs: reorder config sections - custom config before env vars

LaurenceJJones · LaurenceJJones · commit 236daeaddac8 · 2025-12-18T15:55:16.000Z
Custom configuration file is the primary method, environment variables
are a convenience layer for simple deployments.
diff --git a/docker/README.md b/docker/README.md
@@ -26,26 +26,9 @@ docker run -d \
 
 ## Configuration
 
-### Environment Variables
-
-The Docker image uses a configuration file optimized for containers with extensive environment variable support:
-
-| Variable | Default | Description |
-|----------|---------|-------------|
-| `CROWDSEC_KEY` | **required** | API key for CrowdSec LAPI |
-| `CROWDSEC_URL` | `http://crowdsec:8080/` | CrowdSec LAPI URL |
-| `LOG_MODE` | `stdout` | Log output: `stdout` or `file` |
-| `LOG_LEVEL` | `info` | Log level: `trace`, `debug`, `info`, `warn`, `error` |
-| `UPDATE_FREQUENCY` | `10s` | How often to poll LAPI for decisions |
-| `INSECURE_SKIP_VERIFY` | `false` | Skip TLS verification for LAPI |
-| `LISTEN_TCP` | `0.0.0.0:9000` | TCP listener address |
-| `PROMETHEUS_ENABLED` | `true` | Enable Prometheus metrics |
-| `PROMETHEUS_ADDR` | `0.0.0.0` | Prometheus listen address |
-| `PROMETHEUS_PORT` | `6060` | Prometheus listen port |
-
-**Note:** Default values are set in the Docker image. Only `CROWDSEC_KEY` must be provided.
+### Custom Configuration File
 
-### Custom Configuration
+Mount your own configuration file for full control:
 
 ```bash
 docker run -d \
@@ -65,6 +48,25 @@ docker run -d \
   crowdsecurity/spoa-bouncer -c /config.yaml
 ```
 
+### Environment Variables
+
+For simple deployments, the default configuration supports environment variables:
+
+| Variable | Default | Description |
+|----------|---------|-------------|
+| `CROWDSEC_KEY` | **required** | API key for CrowdSec LAPI |
+| `CROWDSEC_URL` | `http://crowdsec:8080/` | CrowdSec LAPI URL |
+| `LOG_MODE` | `stdout` | Log output: `stdout` or `file` |
+| `LOG_LEVEL` | `info` | Log level: `trace`, `debug`, `info`, `warn`, `error` |
+| `UPDATE_FREQUENCY` | `10s` | How often to poll LAPI for decisions |
+| `INSECURE_SKIP_VERIFY` | `false` | Skip TLS verification for LAPI |
+| `LISTEN_TCP` | `0.0.0.0:9000` | TCP listener address |
+| `PROMETHEUS_ENABLED` | `true` | Enable Prometheus metrics |
+| `PROMETHEUS_ADDR` | `0.0.0.0` | Prometheus listen address |
+| `PROMETHEUS_PORT` | `6060` | Prometheus listen port |
+
+**Note:** Default values are set in the Docker image. Only `CROWDSEC_KEY` must be provided.
+
 ### Unix Socket (Recommended for Same-Host HAProxy)
 
 ```bash
