restructure of dirs, huge docs update

2025-11-17 16:29:14 -06:00
parent 456e052389
commit cd840cb8ca
87 changed files with 2827 additions and 1094 deletions
--- a/docker-compose.yml
+++ b/docker-compose.yml
@@ -1,13 +1,64 @@
 version: '3.8'

 services:
-  scanner:
+  web:
    build: .
    image: sneakyscanner:latest
-    container_name: sneakyscanner
-    privileged: true  # Required for masscan raw socket access
-    network_mode: host  # Required for network scanning
+    container_name: sneakyscanner-web
+    # Override entrypoint to run Flask app instead of scanner
+    entrypoint: ["python3", "-u"]
+    command: ["-m", "web.app"]
+    # Note: Using host network mode for scanner capabilities, so no port mapping needed
+    # The Flask app will be accessible at http://localhost:5000
    volumes:
-      - ./configs:/app/configs:ro
+      # Mount configs directory for scan configurations (read-write for web UI management)
+      - ./configs:/app/configs
+      # Mount output directory for scan results
      - ./output:/app/output
-    command: /app/configs/example-site.yaml
+      # Mount database file for persistence
+      - ./data:/app/data
+      # Mount logs directory
+      - ./logs:/app/logs
+    environment:
+      # Flask configuration
+      - FLASK_APP=web.app
+      - FLASK_ENV=${FLASK_ENV:-production}
+      - FLASK_DEBUG=${FLASK_DEBUG:-false}
+      - FLASK_HOST=0.0.0.0
+      - FLASK_PORT=5000
+      # Database configuration (SQLite in mounted volume for persistence)
+      - DATABASE_URL=sqlite:////app/data/sneakyscanner.db
+      # Security settings
+      - SECRET_KEY=${SECRET_KEY:-dev-secret-key-change-in-production}
+      - SNEAKYSCANNER_ENCRYPTION_KEY=${SNEAKYSCANNER_ENCRYPTION_KEY:-}
+      # Optional: CORS origins (comma-separated)
+      - CORS_ORIGINS=${CORS_ORIGINS:-*}
+      # Optional: Logging level
+      - LOG_LEVEL=${LOG_LEVEL:-INFO}
+      # Scheduler configuration (APScheduler)
+      - SCHEDULER_EXECUTORS=${SCHEDULER_EXECUTORS:-2}
+      - SCHEDULER_JOB_DEFAULTS_MAX_INSTANCES=${SCHEDULER_JOB_DEFAULTS_MAX_INSTANCES:-3}
+    # Scanner functionality requires privileged mode and host network for masscan/nmap
+    privileged: true
+    network_mode: host
+    # Health check to ensure web service is running
+    healthcheck:
+      test: ["CMD", "python3", "-c", "import urllib.request; urllib.request.urlopen('http://localhost:5000/api/settings/health').read()"]
+      interval: 60s
+      timeout: 10s
+      retries: 3
+      start_period: 40s
+    restart: unless-stopped
+
+  # Optional: Initialize database on first run
+  # Run with: docker-compose -f docker-compose-web.yml run --rm init-db
+  init-db:
+    build: .
+    image: sneakyscanner:latest
+    container_name: sneakyscanner-init-db
+    entrypoint: ["python3"]
+    command: ["init_db.py", "--db-url", "sqlite:////app/data/sneakyscanner.db"]
+    volumes:
+      - ./data:/app/data
+    profiles:
+      - tools