Add Docker support with multi-stage build

- Add Dockerfile with two-stage build (Rust 1.92 + Debian trixie-slim)
- Add docker-compose.yml for easy container orchestration
- Add .dockerignore to optimize build context
- Final image size ~176MB
- Runs as non-root user for security
- Persistent data volume at /data
- Default server mode with port 8080 exposed
- Update README with Docker usage instructions
- Update CHANGELOG for v1.1.0

Author: digizeph

.dockerignore

@@ -0,0 +1,43 @@
+# Build artifacts
+target/
+debug/
+release/
+
+# Git
+.git/
+.gitignore
+.github/
+
+# IDE and editor files
+.idea/
+.vscode/
+*.swp
+*.swo
+*~
+.DS_Store
+
+# Documentation (not needed for build, but keep README.md for Cargo.toml)
+CHANGELOG.md
+
+# Claude/AI assistant files
+.claude/
+
+# Test files
+tests/
+**/*_test.rs
+
+# Development files
+DEVELOPMENT.md
+ARCHITECTURE.md
+
+# Docker files (prevent recursive issues)
+Dockerfile
+docker-compose.yml
+.dockerignore
+
+# Misc
+*.log
+*.bak
+*.tmp
+.env
+.env.*

CHANGELOG.md

@@ -73,6 +73,15 @@ All notable changes to this project will be documented in this file.
   * Tests for schema version verification
   * Tests for RPKI and Pfx2as mock data storage/retrieval
 
+* Added Docker support with multi-stage build
+  * `Dockerfile` with two-stage build process for minimal image size (~176MB final image)
+  * Uses Rust 1.92 and Debian trixie-slim as runtime base
+  * `docker-compose.yml` for easy container orchestration
+  * `.dockerignore` to optimize build context
+  * Runs as non-root user for security
+  * Persistent data volume at `/data`
+  * Default server mode with port 8080 exposed
+
 ## v1.0.1 - 2025-12-17
 
 ### Bug Fixes

Dockerfile

@@ -0,0 +1,72 @@
+# =============================================================================
+# Stage 1: Build
+# =============================================================================
+FROM rust:1.92-trixie AS builder
+
+WORKDIR /usr/src/monocle
+
+# Install build dependencies
+RUN apt-get update && apt-get install -y --no-install-recommends \
+    pkg-config \
+    && rm -rf /var/lib/apt/lists/*
+
+# Copy manifests first for better layer caching
+COPY Cargo.toml Cargo.lock ./
+
+# Create a dummy main and lib to build dependencies
+RUN mkdir -p src/bin && \
+    echo 'fn main() { println!("dummy"); }' > src/bin/monocle.rs && \
+    echo '#![allow(dead_code)]' > src/lib.rs
+
+# Build dependencies only (this layer will be cached)
+# Must use same features as final build
+RUN cargo build --release --features cli || true
+RUN rm -rf src
+
+# Copy the actual source code
+COPY src ./src
+COPY examples ./examples
+COPY README.md ./
+
+# Touch the source files to ensure they're rebuilt
+RUN touch src/lib.rs src/bin/monocle.rs
+
+# Build the actual binary
+RUN cargo build --release --features cli
+
+# =============================================================================
+# Stage 2: Runtime
+# =============================================================================
+FROM debian:trixie-slim AS runtime
+
+# Install runtime dependencies
+RUN apt-get update && apt-get install -y --no-install-recommends \
+    ca-certificates \
+    && rm -rf /var/lib/apt/lists/*
+
+# Create a non-root user for security
+RUN useradd --create-home --shell /bin/bash monocle
+
+# Create data directory
+RUN mkdir -p /data && \
+    chown -R monocle:monocle /data
+
+# Copy the binary from builder
+COPY --from=builder /usr/src/monocle/target/release/monocle /usr/local/bin/monocle
+
+# Switch to non-root user
+USER monocle
+WORKDIR /home/monocle
+
+# Set environment variables
+ENV MONOCLE_DATA_DIR=/data
+
+# Define volume for persistent data
+VOLUME ["/data"]
+
+# Expose the default server port
+EXPOSE 8080
+
+# Default command shows help; override with your desired command
+ENTRYPOINT ["monocle"]
+CMD ["--help"]

README.md

@@ -61,6 +61,37 @@ Then install `monocle` using `cargo binstall`
 cargo binstall monocle
 ```
 
+### Using Docker
+
+Pull the pre-built image or build locally:
+
+```bash
+# Build the image locally
+docker build -t bgpkit/monocle:latest .
+
+# Or use docker compose
+docker compose build
+```
+
+Run monocle commands:
+
+```bash
+# Show help
+docker run --rm bgpkit/monocle:latest
+
+# Run a command (e.g., inspect an ASN)
+docker run --rm bgpkit/monocle:latest inspect 13335
+
+# Run with persistent data directory
+docker run --rm -v monocle-data:/data bgpkit/monocle:latest inspect 13335
+
+# Start the WebSocket server
+docker run --rm -p 8080:8080 -v monocle-data:/data bgpkit/monocle:latest server --address 0.0.0.0 --port 8080
+
+# Using docker compose for server mode
+docker compose up -d
+```
+
 ## Library Usage
 
 Monocle can also be used as a library in your Rust projects. Add it to your `Cargo.toml`:

docker-compose.yml

@@ -0,0 +1,61 @@
+# Docker Compose configuration for monocle
+#
+# Usage:
+#   docker compose up -d              # Start server in background
+#   docker compose run monocle <cmd>  # Run a one-off command
+#   docker compose logs -f            # View logs
+#   docker compose down               # Stop and remove containers
+#
+# Examples:
+#   docker compose run monocle inspect 13335
+#   docker compose run monocle search --start-ts "1 hour ago" --prefix 1.1.1.0/24
+#   docker compose run monocle rpki validate 13335 1.1.1.0/24
+
+services:
+  monocle:
+    build:
+      context: .
+      dockerfile: Dockerfile
+    image: bgpkit/monocle:latest
+    container_name: monocle
+
+    # Persist monocle data (database, config) across container restarts
+    volumes:
+      - monocle-data:/data
+
+    # Server mode configuration
+    ports:
+      - "8080:8080"
+
+    # Override default command to run the WebSocket server
+    # Comment this out if you want to use monocle as a CLI tool only
+    command: ["server", "--address", "0.0.0.0", "--port", "8080"]
+
+    # Environment variables
+    environment:
+      - MONOCLE_DATA_DIR=/data
+      # Uncomment to accept invalid TLS certificates (useful for corporate proxies)
+      # - ONEIO_ACCEPT_INVALID_CERTS=true
+
+    # Health check for server mode
+    healthcheck:
+      test: ["CMD", "monocle", "--help"]
+      interval: 30s
+      timeout: 10s
+      retries: 3
+      start_period: 10s
+
+    # Resource limits (optional, adjust as needed)
+    deploy:
+      resources:
+        limits:
+          memory: 2G
+        reservations:
+          memory: 256M
+
+    # Restart policy
+    restart: unless-stopped
+
+volumes:
+  monocle-data:
+    driver: local