-
Notifications
You must be signed in to change notification settings - Fork 237
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
chore(github): build a docker image for the website
instead of pushing it to the ssh
- Loading branch information
1 parent
f11d3b9
commit 15c0d72
Showing
5 changed files
with
116 additions
and
12 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,6 @@ | ||
| FROM nginx:1.27.2-alpine | ||
|
|
||
| COPY dist/website /usr/share/nginx/website | ||
|
|
||
| COPY packages/website/docker/nginx.conf /etc/nginx/nginx.conf | ||
| COPY packages/website/docker/default.conf /etc/nginx/conf.d/default.conf |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,31 @@ | ||
| server { | ||
| listen 80; | ||
| listen [::]:80; | ||
|
|
||
| http2 on; | ||
| server_name localhost; | ||
|
|
||
| index index.html; | ||
| rewrite ^(.+)/$ $1 permanent; | ||
|
|
||
| if ($request_uri ~ ^/(.*)index\.html(\?|$)) { | ||
| return 301 /$1; | ||
| } | ||
|
|
||
| if ($request_uri ~ ^/(.*)\.html(\?|$)) { | ||
| return 301 /$1; | ||
| } | ||
|
|
||
| location / { | ||
| root /usr/share/nginx/website; | ||
|
|
||
| error_page 404 /404.html; | ||
| try_files $uri $uri.html $uri/ =404; | ||
|
|
||
| add_header Content-Security-Policy "default-src 'none'; img-src 'self' data: https://img.shields.io https://*.google-analytics.com https://*.googletagmanager.com; font-src 'self'; script-src 'self' 'unsafe-inline' https://*.google-analytics.com https://*.googletagmanager.com; style-src 'self' 'unsafe-inline'; connect-src 'self' https://*.algolia.net https://*.algolianet.com https://*.algolia.io https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com; object-src 'self'; media-src 'self'; frame-src 'self' https://*.youtube.com"; | ||
| } | ||
|
|
||
| location /healthz { | ||
| return 200 'OK\n'; | ||
| } | ||
| } |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,39 @@ | ||
| user nginx; | ||
| worker_processes auto; | ||
|
|
||
| error_log /var/log/nginx/error.log notice; | ||
| pid /var/run/nginx.pid; | ||
|
|
||
| events { | ||
| worker_connections 1024; | ||
| } | ||
|
|
||
| http { | ||
| sendfile on; | ||
| tcp_nopush on; | ||
| tcp_nodelay on; | ||
| keepalive_timeout 65; | ||
| types_hash_max_size 2048; | ||
| include /etc/nginx/mime.types; | ||
| default_type application/octet-stream; | ||
| server_tokens off; | ||
| log_format main '$remote_addr - $remote_user [$time_local] "$request" ' | ||
| '$status $body_bytes_sent "$http_referer" ' | ||
| '"$http_user_agent" "$http_x_forwarded_for"'; | ||
| access_log /var/log/nginx/access.log main; | ||
| gzip on; | ||
| gzip_disable "msie6"; | ||
| client_header_buffer_size 1k; | ||
| large_client_header_buffers 2 1k; | ||
| client_body_timeout 10; | ||
| client_header_timeout 10; | ||
| send_timeout 10; | ||
|
|
||
| add_header X-Frame-Options SAMEORIGIN; | ||
| add_header X-Content-Type-Options nosniff; | ||
| add_header X-XSS-Protection "1; mode=block"; | ||
| add_header Strict-Transport-Security max-age=15768000; | ||
| add_header Content-Security-Policy "script-src 'self'; object-src 'self'"; | ||
|
|
||
| include /etc/nginx/conf.d/*.conf; | ||
| } |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters