From e26887b3ffebf650a1e546e5950a700a541ea450 Mon Sep 17 00:00:00 2001
From: Pablo Fraile Alonso <pablofrailealonso@gmail.com>
Date: Mon, 23 Oct 2023 11:06:11 +0200
Subject: [PATCH] build(docker): nginx build for docker image

---
 Dockerfile            | 13 +++++++++
 nginx.conf            | 62 +++++++++++++++++++++++++++++++++++++++++++
 security-headers.conf |  5 ++++
 3 files changed, 80 insertions(+)
 create mode 100644 Dockerfile
 create mode 100644 nginx.conf
 create mode 100644 security-headers.conf

diff --git a/Dockerfile b/Dockerfile
new file mode 100644
index 0000000..91f65c6
--- /dev/null
+++ b/Dockerfile
@@ -0,0 +1,13 @@
+FROM node:20-alpine as build
+WORKDIR /app
+COPY ./app/package*.json /app/
+RUN npm install -g ionic
+RUN npm install
+COPY ./app /app/
+ENV NODE_OPTIONS=--max_old_space_size=4096
+RUN ionic build --prod
+FROM nginx:alpine
+COPY ./nginx.conf /etc/nginx/nginx.conf
+COPY ./security-headers.conf /etc/nginx/security-headers.conf
+RUN rm -rf /usr/share/nginx/html/*
+COPY --from=build /app/www/ /usr/share/nginx/html/
diff --git a/nginx.conf b/nginx.conf
new file mode 100644
index 0000000..bb19f5e
--- /dev/null
+++ b/nginx.conf
@@ -0,0 +1,62 @@
+user  nginx;
+worker_processes  1;
+
+error_log  /var/log/nginx/error.log warn;
+pid        /var/run/nginx.pid;
+
+events {
+    worker_connections  1024;
+}
+
+http {
+    include       /etc/nginx/mime.types;
+    default_type  application/octet-stream;
+
+    log_format  main  '$remote_addr - $remote_user [$time_local] "$request" '
+                      '$status $body_bytes_sent "$http_referer" '
+                      '"$http_user_agent" "$http_x_forwarded_for"';
+
+    access_log  /var/log/nginx/access.log  main;
+
+    sendfile        on;  
+
+    keepalive_timeout  65;
+
+    gzip on;
+    gzip_types application/javascript;
+    gzip_buffers 32 8k;
+
+    server {
+        listen       80;
+        server_name  localhost;       
+		
+		root   /usr/share/nginx/html;
+		
+        server_tokens off;		
+
+        location ~ /index.html|.*\.json$ {
+          expires -1;        
+          add_header Cache-Control 'no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0';
+          include /etc/nginx/security-headers.conf;        
+        }
+
+        location ~ .*\.css$|.*\.js$ {               
+          add_header Cache-Control 'max-age=31449600'; # one year        
+          include /etc/nginx/security-headers.conf;        
+        }
+
+        location / {
+		  try_files $uri$args $uri$args/ /index.html;
+          
+          add_header Cache-Control 'max-age=86400'; # one day
+          include /etc/nginx/security-headers.conf;       
+		}
+
+        error_page   500 502 503 504  /50x.html;
+        location = /50x.html {
+            root   /usr/share/nginx/html;
+        }
+
+    }
+}
+
diff --git a/security-headers.conf b/security-headers.conf
new file mode 100644
index 0000000..c653aca
--- /dev/null
+++ b/security-headers.conf
@@ -0,0 +1,5 @@
+add_header Strict-Transport-Security "max-age=31449600; includeSubDomains" always;    
+add_header X-Frame-Options "DENY" always;	
+add_header X-Content-Type-Options "nosniff" always;
+add_header Feature-Policy "microphone 'none'; geolocation 'none'; camera 'none'" always;
+add_header Permissions-Policy "microphone=(); geolocation=(); camera=()" always;