netwatch

sneak/netwatch

Fork 0

Commit Graph

Author	SHA1	Message	Date
sneak	ca403e68d1	Pin Dockerfile base images to SHA256 digests Mutable tags on Docker Hub enable RCE during builds. Pin to exact digests with version/date comments for auditability.	2026-02-22 14:55:55 +01:00
sneak	fa3d50393e	Add Dockerfile with nginx for static serving - Multi-stage build: node:22-alpine builds, nginx:stable-alpine serves - RFC1918 set_real_ip_from for 10/8, 172.16/12, 192.168/16 - X-Forwarded-For real_ip_header with recursive resolution - Access log to stdout, error log to stderr (Docker best practice) - Immutable cache headers for hashed static assets - SPA fallback via try_files	2026-02-22 14:51:33 +01:00

Author

SHA1

Message

Date

sneak

ca403e68d1

Pin Dockerfile base images to SHA256 digests

Mutable tags on Docker Hub enable RCE during builds.
Pin to exact digests with version/date comments for auditability.

2026-02-22 14:55:55 +01:00

sneak

fa3d50393e

Add Dockerfile with nginx for static serving

- Multi-stage build: node:22-alpine builds, nginx:stable-alpine serves
- RFC1918 set_real_ip_from for 10/8, 172.16/12, 192.168/16
- X-Forwarded-For real_ip_header with recursive resolution
- Access log to stdout, error log to stderr (Docker best practice)
- Immutable cache headers for hashed static assets
- SPA fallback via try_files

2026-02-22 14:51:33 +01:00

2 Commits