# Docker Compose Deployment

The recommended way to deploy Compliance Scanner is with Docker Compose.

## Prerequisites

- Docker and Docker Compose installed
- At least 4 GB of available RAM
- Git repository access (tokens configured in `.env`)

## Quick Start

```bash
# Clone the repository
git clone <repo-url> compliance-scanner
cd compliance-scanner

# Configure environment
cp .env.example .env
# Edit .env with your MongoDB credentials, tokens, etc.

# Start all services
docker-compose up -d
```

## Services

The `docker-compose.yml` includes these services:

| Service | Port | Description |
|---------|------|-------------|
| `mongo` | 27017 | MongoDB database |
| `agent` | 3001, 3002 | Compliance agent (REST API + webhooks) |
| `dashboard` | 8080 | Web dashboard |
| `chromium` | 3003 | Headless browser for DAST crawling |
| `otel-collector` | 4317, 4318 | OpenTelemetry collector (optional) |

## Volumes

| Volume | Purpose |
|--------|---------|
| `mongo_data` | Persistent MongoDB data |
| `repos_data` | Cloned repository files |

## Checking Status

```bash
# View running services
docker-compose ps

# View logs
docker-compose logs -f agent
docker-compose logs -f dashboard

# Restart a service
docker-compose restart agent
```

## Accessing the Dashboard

Once running, open [http://localhost:8080](http://localhost:8080) in your browser.

If Keycloak authentication is configured, you'll be redirected to sign in. Otherwise, the dashboard is accessible directly.

## Updating

```bash
# Pull latest changes
git pull

# Rebuild and restart
docker-compose up -d --build
```

## Production Considerations

### MongoDB

For production, use a managed MongoDB instance or configure replication:

```bash
MONGODB_URI=mongodb+srv://user:pass@cluster.mongodb.net/compliance_scanner
```

### Reverse Proxy

Place the dashboard behind a reverse proxy (nginx, Caddy, Traefik) with TLS:

```nginx
server {
    listen 443 ssl;
    server_name compliance.example.com;

    ssl_certificate /path/to/cert.pem;
    ssl_certificate_key /path/to/key.pem;

    location / {
        proxy_pass http://localhost:8080;
        proxy_set_header Host $host;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header X-Forwarded-Proto $scheme;
    }
}
```

### Resource Limits

Add resource limits to Docker Compose for production:

```yaml
services:
  agent:
    deploy:
      resources:
        limits:
          memory: 2G
          cpus: '2.0'
  dashboard:
    deploy:
      resources:
        limits:
          memory: 512M
          cpus: '1.0'
```