-
Notifications
You must be signed in to change notification settings - Fork 0
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
build(docker): nginx build for docker image
- Loading branch information
1 parent
4789707
commit e26887b
Showing
3 changed files
with
80 additions
and
0 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,13 @@ | ||
| FROM node:20-alpine as build | ||
| WORKDIR /app | ||
| COPY ./app/package*.json /app/ | ||
| RUN npm install -g ionic | ||
| RUN npm install | ||
| COPY ./app /app/ | ||
| ENV NODE_OPTIONS=--max_old_space_size=4096 | ||
| RUN ionic build --prod | ||
| FROM nginx:alpine | ||
| COPY ./nginx.conf /etc/nginx/nginx.conf | ||
| COPY ./security-headers.conf /etc/nginx/security-headers.conf | ||
| RUN rm -rf /usr/share/nginx/html/* | ||
| COPY --from=build /app/www/ /usr/share/nginx/html/ |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,62 @@ | ||
| user nginx; | ||
| worker_processes 1; | ||
|
|
||
| error_log /var/log/nginx/error.log warn; | ||
| pid /var/run/nginx.pid; | ||
|
|
||
| events { | ||
| worker_connections 1024; | ||
| } | ||
|
|
||
| http { | ||
| include /etc/nginx/mime.types; | ||
| default_type application/octet-stream; | ||
|
|
||
| log_format main '$remote_addr - $remote_user [$time_local] "$request" ' | ||
| '$status $body_bytes_sent "$http_referer" ' | ||
| '"$http_user_agent" "$http_x_forwarded_for"'; | ||
|
|
||
| access_log /var/log/nginx/access.log main; | ||
|
|
||
| sendfile on; | ||
|
|
||
| keepalive_timeout 65; | ||
|
|
||
| gzip on; | ||
| gzip_types application/javascript; | ||
| gzip_buffers 32 8k; | ||
|
|
||
| server { | ||
| listen 80; | ||
| server_name localhost; | ||
|
|
||
| root /usr/share/nginx/html; | ||
|
|
||
| server_tokens off; | ||
|
|
||
| location ~ /index.html|.*\.json$ { | ||
| expires -1; | ||
| add_header Cache-Control 'no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0'; | ||
| include /etc/nginx/security-headers.conf; | ||
| } | ||
|
|
||
| location ~ .*\.css$|.*\.js$ { | ||
| add_header Cache-Control 'max-age=31449600'; # one year | ||
| include /etc/nginx/security-headers.conf; | ||
| } | ||
|
|
||
| location / { | ||
| try_files $uri$args $uri$args/ /index.html; | ||
|
|
||
| add_header Cache-Control 'max-age=86400'; # one day | ||
| include /etc/nginx/security-headers.conf; | ||
| } | ||
|
|
||
| error_page 500 502 503 504 /50x.html; | ||
| location = /50x.html { | ||
| root /usr/share/nginx/html; | ||
| } | ||
|
|
||
| } | ||
| } | ||
|
|
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,5 @@ | ||
| add_header Strict-Transport-Security "max-age=31449600; includeSubDomains" always; | ||
| add_header X-Frame-Options "DENY" always; | ||
| add_header X-Content-Type-Options "nosniff" always; | ||
| add_header Feature-Policy "microphone 'none'; geolocation 'none'; camera 'none'" always; | ||
| add_header Permissions-Policy "microphone=(); geolocation=(); camera=()" always; |