Add Dockerfile and nginx config for Coolify deployment

Multi-stage build: Node.js 22 for Astro build, nginx:alpine for serving. Includes gzip, security headers, and immutable cache for _astro/ assets.
2026-03-01 20:18:20 +00:00
parent 9cfd926e9c
commit e0e263b6bb
3 changed files with 87 additions and 0 deletions
--- a/.dockerignore
+++ b/.dockerignore
@@ -0,0 +1,7 @@
+node_modules
+dist
+.git
+.env*
+.DS_Store
+*.md
+!README.md
--- a/13
+++ b/13
@@ -0,0 +1,13 @@
+# Stage 1: Build
+FROM node:22-alpine AS build
+WORKDIR /app
+COPY package*.json ./
+RUN npm ci
+COPY . .
+RUN npm run build
+
+# Stage 2: Serve
+FROM nginx:alpine
+COPY --from=build /app/dist /usr/share/nginx/html
+COPY nginx.conf /etc/nginx/conf.d/default.conf
+EXPOSE 80
--- a/nginx.conf
+++ b/nginx.conf
@@ -0,0 +1,67 @@
+server {
+    listen 80;
+    server_name _;
+    root /usr/share/nginx/html;
+    index index.html;
+
+    # Security headers
+    add_header X-Frame-Options "SAMEORIGIN" always;
+    add_header X-Content-Type-Options "nosniff" always;
+    add_header X-XSS-Protection "1; mode=block" always;
+    add_header Referrer-Policy "strict-origin-when-cross-origin" always;
+    add_header Permissions-Policy "camera=(), microphone=(), geolocation=()" always;
+
+    # Gzip compression
+    gzip on;
+    gzip_vary on;
+    gzip_proxied any;
+    gzip_comp_level 6;
+    gzip_min_length 256;
+    gzip_types
+        text/plain
+        text/css
+        text/javascript
+        application/javascript
+        application/json
+        application/xml
+        image/svg+xml
+        font/woff2;
+
+    # Astro hashed assets — immutable cache
+    location /_astro/ {
+        expires 1y;
+        add_header Cache-Control "public, immutable";
+        access_log off;
+    }
+
+    # Static files
+    location ~* \.(ico|svg|png|jpg|jpeg|webp|gif|woff2?|ttf|eot)$ {
+        expires 30d;
+        add_header Cache-Control "public";
+        access_log off;
+    }
+
+    # CSS/JS
+    location ~* \.(css|js)$ {
+        expires 7d;
+        add_header Cache-Control "public";
+    }
+
+    # Main location — clean URLs (Astro generates /page/index.html)
+    location / {
+        try_files $uri $uri/ $uri.html /index.html =404;
+    }
+
+    # Deny hidden files
+    location ~ /\. {
+        deny all;
+        access_log off;
+        log_not_found off;
+    }
+
+    # Custom error pages
+    error_page 404 /404.html;
+    location = /404.html {
+        internal;
+    }
+}