Kyle Pope
ad102c24ed
Code changes (S-01, S-02, S-05): - DRY nginx proxy blocks via shared proxy-params.conf include - Add ENVIRONMENT and CORS_ORIGINS to .env.example - Remove unused X-Requested-With from CORS allow_headers Documentation updates: - README.md: reflect auth upgrade, security hardening, production deployment guide with secret generation commands, updated architecture diagram, current project structure and feature list - CLAUDE.md: codify established dev workflow (branch → implement → test → QA → merge), update auth/infra/stack sections, add authority links for progress.md and ntfy.md - progress.md: add Phase 11 (auth upgrade) and Phase 12 (pentest remediation), update file inventory, fix outstanding items - ui_refresh.md: update current status line Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
33 lines
644 B
Docker
33 lines
644 B
Docker
# Build stage
|
|
FROM node:20-alpine AS build
|
|
|
|
WORKDIR /app
|
|
|
|
# Copy package files
|
|
COPY package*.json ./
|
|
|
|
# Install dependencies
|
|
RUN npm install
|
|
|
|
# Copy source files
|
|
COPY . .
|
|
|
|
# Build the application
|
|
RUN npm run build
|
|
|
|
# Production stage — unprivileged nginx (runs as non-root, listens on 8080)
|
|
FROM nginxinc/nginx-unprivileged:alpine
|
|
|
|
# Copy built files from build stage
|
|
COPY --from=build /app/dist /usr/share/nginx/html
|
|
|
|
# Copy nginx configuration
|
|
COPY nginx.conf /etc/nginx/conf.d/default.conf
|
|
COPY proxy-params.conf /etc/nginx/proxy-params.conf
|
|
|
|
# Expose port 8080 (unprivileged)
|
|
EXPOSE 8080
|
|
|
|
# Start nginx
|
|
CMD ["nginx", "-g", "daemon off;"]
|