Phase 2 Step 6: Docker & Deployment Configuration

Implement production-ready Docker deployment with comprehensive configuration
and documentation for SneakyScanner web application.

Changes:
- Update docker-compose-web.yml with production configuration
  - Add scheduler environment variables (SCHEDULER_EXECUTORS, SCHEDULER_JOB_DEFAULTS_MAX_INSTANCES)
  - Enable privileged mode and host networking for scanner operations
  - Configure health check endpoint monitoring (30s interval, 40s start period)
  - Set production defaults (FLASK_ENV=production, FLASK_DEBUG=false)
  - Add SNEAKYSCANNER_ENCRYPTION_KEY support

- Create .env.example configuration template
  - Flask, database, and security settings
  - Scheduler configuration options
  - Detailed comments with key generation examples
  - Production deployment guidance

- Create comprehensive deployment documentation (docs/ai/DEPLOYMENT.md)
  - Quick start guide and prerequisites
  - Detailed configuration instructions
  - Volume management and backup procedures
  - Health monitoring and troubleshooting
  - Security considerations and best practices
  - Upgrade/rollback and backup/restore procedures

- Update PHASE2.md progress tracker
  - Mark Step 6 as complete
  - Update progress to 11/14 days (79%)
  - Document deliverables and implementation details

Deployment is now production-ready with proper security defaults, health
monitoring, and comprehensive documentation for system administrators.

docker-compose-web.yml

@@ -8,8 +8,8 @@ services:
     # Override entrypoint to run Flask app instead of scanner
     entrypoint: ["python3", "-u"]
     command: ["-m", "web.app"]
-    ports:
-      - "5000:5000"
+    # Note: Using host network mode for scanner capabilities, so no port mapping needed
+    # The Flask app will be accessible at http://localhost:5000
     volumes:
       # Mount configs directory (read-only) for scan configurations
       - ./configs:/app/configs:ro
@@ -22,21 +22,32 @@ services:
     environment:
       # Flask configuration
       - FLASK_APP=web.app
-      - FLASK_ENV=development
-      - FLASK_DEBUG=true
+      - FLASK_ENV=${FLASK_ENV:-production}
+      - FLASK_DEBUG=${FLASK_DEBUG:-false}
       - FLASK_HOST=0.0.0.0
       - FLASK_PORT=5000
       # Database configuration (SQLite in mounted volume for persistence)
       - DATABASE_URL=sqlite:////app/data/sneakyscanner.db
       # Security settings
       - SECRET_KEY=${SECRET_KEY:-dev-secret-key-change-in-production}
+      - SNEAKYSCANNER_ENCRYPTION_KEY=${SNEAKYSCANNER_ENCRYPTION_KEY:-}
       # Optional: CORS origins (comma-separated)
       - CORS_ORIGINS=${CORS_ORIGINS:-*}
       # Optional: Logging level
       - LOG_LEVEL=${LOG_LEVEL:-INFO}
-    # Note: Scanner functionality requires privileged mode and host network
-    # For now, the web app will trigger scans via subprocess
-    # In Phase 2, we'll integrate scanner properly
+      # Scheduler configuration (APScheduler)
+      - SCHEDULER_EXECUTORS=${SCHEDULER_EXECUTORS:-2}
+      - SCHEDULER_JOB_DEFAULTS_MAX_INSTANCES=${SCHEDULER_JOB_DEFAULTS_MAX_INSTANCES:-3}
+    # Scanner functionality requires privileged mode and host network for masscan/nmap
+    privileged: true
+    network_mode: host
+    # Health check to ensure web service is running
+    healthcheck:
+      test: ["CMD", "python3", "-c", "import urllib.request; urllib.request.urlopen('http://localhost:5000/api/settings/health').read()"]
+      interval: 30s
+      timeout: 10s
+      retries: 3
+      start_period: 40s
     restart: unless-stopped
 
   # Optional: Initialize database on first run