diff --git a/Dockerfile b/Dockerfile new file mode 100644 index 0000000..ebfff79 --- /dev/null +++ b/Dockerfile @@ -0,0 +1,13 @@ +FROM cgr.dev/chainguard/wolfi-base AS builder + +WORKDIR /src + +COPY . . + +RUN rm -rf nginx.conf + +FROM cgr.dev/chainguard/nginx + +COPY --from=builder /src /var/lib/nginx/html + +COPY nginx.conf /etc/nginx/ diff --git a/nginx.conf b/nginx.conf new file mode 100644 index 0000000..51ac845 --- /dev/null +++ b/nginx.conf @@ -0,0 +1,53 @@ +user nginx; +worker_processes auto; +pid /run/nginx/nginx.pid; + + +events { + worker_connections 1024; +} + +http { + include /etc/nginx/mime.types; + default_type application/octet-stream; + + access_log /var/log/nginx/access.log; + error_log /var/log/nginx/error.log; + + sendfile on; + keepalive_timeout 65; + + server { + listen 80; + listen [::]:80; + server_name lnproxy.org; + + location /spec { + root "/htdocs/lnproxy.org"; + } + + location /api { + proxy_pass http://localhost:4747; + } + + location / { + root /var/lib/nginx/html; + expires 1y; + try_files $uri $uri/ /index.html; + add_header Cache-Control "no-cache"; + add_header Content-Security-Policy "default-src 'none'; style-src 'self'; script-src 'self'; img-src 'self' blob: data:; base-uri 'none'; form-action 'self'; frame-ancestors 'none'; manifest-src 'self'; connect-src *" always; + add_header Feature-Policy "microphone none;camera none"; + add_header 'Referrer-Policy' 'no-referrer' always; + add_header Strict-Transport-Security "max-age=31536000; includeSubdomains; preload" always; + add_header X-Content-Type-Options "nosniff" always; + add_header X-Frame-Options "DENY" always; + add_header X-XSS-Protection "1; mode=block" always; + + } + + error_page 500 502 503 504 /50x.html; + location = /50x.html { + root html; + } + } +} \ No newline at end of file