sneak
fa3d50393e
- Multi-stage build: node:22-alpine builds, nginx:stable-alpine serves - RFC1918 set_real_ip_from for 10/8, 172.16/12, 192.168/16 - X-Forwarded-For real_ip_header with recursive resolution - Access log to stdout, error log to stderr (Docker best practice) - Immutable cache headers for hashed static assets - SPA fallback via try_files
46 lines
1.0 KiB
Docker
46 lines
1.0 KiB
Docker
FROM node:22-alpine AS build
|
|
WORKDIR /app
|
|
COPY package.json yarn.lock ./
|
|
RUN yarn install --frozen-lockfile
|
|
COPY . .
|
|
RUN yarn build
|
|
|
|
FROM nginx:stable-alpine
|
|
# Remove default config
|
|
RUN rm /etc/nginx/conf.d/default.conf
|
|
# Custom nginx config: real_ip from RFC1918, access_log to stdout
|
|
COPY <<'EOF' /etc/nginx/conf.d/netwatch.conf
|
|
server {
|
|
listen 80;
|
|
server_name _;
|
|
|
|
root /usr/share/nginx/html;
|
|
index index.html;
|
|
|
|
# Trust RFC1918 reverse proxies for X-Forwarded-For
|
|
set_real_ip_from 10.0.0.0/8;
|
|
set_real_ip_from 172.16.0.0/12;
|
|
set_real_ip_from 192.168.0.0/16;
|
|
real_ip_header X-Forwarded-For;
|
|
real_ip_recursive on;
|
|
|
|
# Access log to stdout (Docker best practice)
|
|
access_log /dev/stdout combined;
|
|
error_log /dev/stderr warn;
|
|
|
|
location / {
|
|
try_files $uri $uri/ /index.html;
|
|
}
|
|
|
|
# Cache static assets aggressively
|
|
location /assets/ {
|
|
expires 1y;
|
|
add_header Cache-Control "public, immutable";
|
|
}
|
|
}
|
|
EOF
|
|
|
|
COPY --from=build /app/dist /usr/share/nginx/html
|
|
|
|
EXPOSE 80
|