Phillip Tarrant
ebfefa9df3
Implement production-ready Docker deployment with comprehensive configuration and documentation for SneakyScanner web application. Changes: - Update docker-compose-web.yml with production configuration - Add scheduler environment variables (SCHEDULER_EXECUTORS, SCHEDULER_JOB_DEFAULTS_MAX_INSTANCES) - Enable privileged mode and host networking for scanner operations - Configure health check endpoint monitoring (30s interval, 40s start period) - Set production defaults (FLASK_ENV=production, FLASK_DEBUG=false) - Add SNEAKYSCANNER_ENCRYPTION_KEY support - Create .env.example configuration template - Flask, database, and security settings - Scheduler configuration options - Detailed comments with key generation examples - Production deployment guidance - Create comprehensive deployment documentation (docs/ai/DEPLOYMENT.md) - Quick start guide and prerequisites - Detailed configuration instructions - Volume management and backup procedures - Health monitoring and troubleshooting - Security considerations and best practices - Upgrade/rollback and backup/restore procedures - Update PHASE2.md progress tracker - Mark Step 6 as complete - Update progress to 11/14 days (79%) - Document deliverables and implementation details Deployment is now production-ready with proper security defaults, health monitoring, and comprehensive documentation for system administrators.
65 lines
2.2 KiB
Plaintext
65 lines
2.2 KiB
Plaintext
# SneakyScanner Environment Configuration
|
|
# Copy this file to .env and customize for your environment
|
|
|
|
# ================================
|
|
# Flask Configuration
|
|
# ================================
|
|
# Environment: production, development, or testing
|
|
FLASK_ENV=production
|
|
# Enable debug mode (NEVER use true in production!)
|
|
FLASK_DEBUG=false
|
|
# Host to bind to (0.0.0.0 for all interfaces)
|
|
FLASK_HOST=0.0.0.0
|
|
# Port to listen on
|
|
FLASK_PORT=5000
|
|
|
|
# ================================
|
|
# Database Configuration
|
|
# ================================
|
|
# SQLite database path (absolute path recommended)
|
|
DATABASE_URL=sqlite:////app/data/sneakyscanner.db
|
|
|
|
# ================================
|
|
# Security Settings
|
|
# ================================
|
|
# SECRET_KEY: Used for Flask session management and CSRF protection
|
|
# IMPORTANT: Change this to a random string in production!
|
|
# Generate with: python3 -c "import secrets; print(secrets.token_hex(32))"
|
|
SECRET_KEY=your-secret-key-here-change-in-production
|
|
|
|
# SNEAKYSCANNER_ENCRYPTION_KEY: Used for encrypting sensitive settings in database
|
|
# IMPORTANT: Change this to a random string in production!
|
|
# Generate with: python3 -c "from cryptography.fernet import Fernet; print(Fernet.generate_key().decode())"
|
|
SNEAKYSCANNER_ENCRYPTION_KEY=your-encryption-key-here
|
|
|
|
# ================================
|
|
# CORS Configuration
|
|
# ================================
|
|
# Comma-separated list of allowed origins for CORS
|
|
# Use * to allow all origins (not recommended for production)
|
|
CORS_ORIGINS=*
|
|
|
|
# ================================
|
|
# Logging Configuration
|
|
# ================================
|
|
# Log level: DEBUG, INFO, WARNING, ERROR, CRITICAL
|
|
LOG_LEVEL=INFO
|
|
|
|
# ================================
|
|
# Scheduler Configuration
|
|
# ================================
|
|
# Number of thread pool executors for background scan jobs
|
|
# Recommended: 2-4 for most deployments
|
|
SCHEDULER_EXECUTORS=2
|
|
|
|
# Maximum number of concurrent instances of the same job
|
|
# Recommended: 3 for typical usage
|
|
SCHEDULER_JOB_DEFAULTS_MAX_INSTANCES=3
|
|
|
|
# ================================
|
|
# Optional: Application Password
|
|
# ================================
|
|
# If you want to set the application password via environment variable
|
|
# Otherwise, set it via init_db.py --password
|
|
# APP_PASSWORD=your-password-here
|