Production optimization: Docker configuration and monitoring stack

🚀 Docker Production Optimizations:
- Chiseled Ubuntu base image for minimal attack surface
- Non-root user execution with security hardening
- Read-only filesystem with targeted writable volumes
- Resource limits (1GB RAM, 1 CPU) with health checks
- Multi-stage builds optimized for caching
- Zero-downtime deployment automation

🔍 Comprehensive Monitoring Stack:
- Prometheus metrics collection with custom rules
- Grafana dashboards for application visualization
- AlertManager with email notifications for critical events
- Fluentd centralized logging with retention policies
- Node Exporter + cAdvisor for system/container metrics
- Health check endpoint (/health) for container orchestration

📋 Production Deployment Ready:
- Complete deployment scripts with backup strategy
- Environment templates for secure configuration
- Performance monitoring and alerting rules
- Enterprise-grade security and observability

🤖 Generated with [Claude Code](https://claude.ai/code)

Co-Authored-By: Claude <noreply@anthropic.com>

docker/fluentd.conf

@@ -0,0 +1,95 @@
+# Fluentd configuration for LittleShop log aggregation
+
+<source>
+  @type tail
+  path /fluentd/log/*.log
+  pos_file /fluentd/log/littleshop.log.pos
+  tag littleshop.logs
+  format json
+  time_key timestamp
+  time_format %Y-%m-%d %H:%M:%S
+  refresh_interval 5
+</source>
+
+<filter littleshop.logs>
+  @type record_transformer
+  <record>
+    hostname "#{Socket.gethostname}"
+    service "littleshop"
+    environment "production"
+  </record>
+</filter>
+
+# Parse structured logs
+<filter littleshop.logs>
+  @type parser
+  key_name message
+  reserve_data true
+  <parse>
+    @type regexp
+    expression /^\[(?<timestamp>\d{4}-\d{2}-\d{2} \d{2}:\d{2}:\d{2}) (?<level>\w{3})\] (?<message>.*?)( (?<properties>\{.*\}))?$/
+    time_key timestamp
+    time_format %Y-%m-%d %H:%M:%S
+  </parse>
+</filter>
+
+# Route logs based on severity
+<match littleshop.logs>
+  @type copy
+
+  # Store all logs in file
+  <store>
+    @type file
+    path /fluentd/log/output/littleshop
+    append true
+    time_slice_format %Y%m%d
+    time_slice_wait 10m
+    time_format %Y-%m-%d %H:%M:%S
+    compress gzip
+    <buffer>
+      @type file
+      path /fluentd/log/buffer/littleshop
+      flush_mode interval
+      flush_interval 30s
+      chunk_limit_size 10MB
+      queue_limit_length 32
+      retry_type exponential_backoff
+      retry_wait 1s
+      retry_max_interval 60s
+      retry_max_times 3
+    </buffer>
+  </store>
+
+  # Send critical errors to separate file
+  <store>
+    @type file
+    path /fluentd/log/output/littleshop-errors
+    append true
+    time_slice_format %Y%m%d
+    time_slice_wait 10m
+    time_format %Y-%m-%d %H:%M:%S
+    compress gzip
+    <filter>
+      @type grep
+      <regexp>
+        key level
+        pattern /^(ERR|FATAL|ERROR|Exception)/i
+      </regexp>
+    </filter>
+    <buffer>
+      @type file
+      path /fluentd/log/buffer/littleshop-errors
+      flush_mode interval
+      flush_interval 10s
+      chunk_limit_size 5MB
+      queue_limit_length 16
+    </buffer>
+  </store>
+</match>
+
+# System metrics
+<source>
+  @type monitor_agent
+  bind 0.0.0.0
+  port 24220
+</source>