mirror of
https://github.com/jorijn/meshcore-stats.git
synced 2026-03-28 17:42:55 +01:00
7a181e4b1a
- Multi-stage Dockerfile with Python 3.12 + Ofelia scheduler - docker-compose.yml for production (ghcr.io image) - docker-compose.development.yml for local builds - GitHub Actions workflow for multi-arch builds (amd64/arm64) - Security hardening: non-root user, cap_drop, read_only filesystem - Trivy vulnerability scanning and SBOM generation - Nightly rebuilds for OS security patches 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
68 lines
2.3 KiB
Nginx Configuration File
68 lines
2.3 KiB
Nginx Configuration File
# nginx configuration for MeshCore Stats static site
|
|
# This file is used by the nginx container in docker-compose.yml
|
|
|
|
server {
|
|
listen 8080;
|
|
server_name _;
|
|
|
|
root /usr/share/nginx/html;
|
|
index day.html index.html;
|
|
|
|
# UTF-8 charset for all text files
|
|
charset utf-8;
|
|
charset_types text/plain text/css text/javascript application/json image/svg+xml;
|
|
|
|
# Gzip compression
|
|
gzip on;
|
|
gzip_vary on;
|
|
gzip_min_length 1024;
|
|
gzip_types text/plain text/css text/javascript application/json image/svg+xml;
|
|
|
|
# Security headers
|
|
add_header X-Frame-Options "SAMEORIGIN" always;
|
|
add_header X-Content-Type-Options "nosniff" always;
|
|
add_header Referrer-Policy "strict-origin-when-cross-origin" always;
|
|
|
|
# HTML, JSON, TXT files - no cache (frequently updated)
|
|
location ~* \.(html|json|txt)$ {
|
|
add_header Cache-Control "no-cache, no-store, must-revalidate" always;
|
|
add_header Pragma "no-cache" always;
|
|
add_header Expires "0" always;
|
|
# Re-add security headers (add_header in location blocks replaces parent)
|
|
add_header X-Frame-Options "SAMEORIGIN" always;
|
|
add_header X-Content-Type-Options "nosniff" always;
|
|
add_header Referrer-Policy "strict-origin-when-cross-origin" always;
|
|
}
|
|
|
|
# PNG files - no cache (charts are regenerated frequently)
|
|
location ~* \.png$ {
|
|
add_header Cache-Control "no-cache, no-store, must-revalidate" always;
|
|
add_header Pragma "no-cache" always;
|
|
add_header Expires "0" always;
|
|
add_header X-Frame-Options "SAMEORIGIN" always;
|
|
add_header X-Content-Type-Options "nosniff" always;
|
|
add_header Referrer-Policy "strict-origin-when-cross-origin" always;
|
|
}
|
|
|
|
# CSS, JS, SVG files - short cache (5 minutes)
|
|
location ~* \.(css|js|svg)$ {
|
|
expires 5m;
|
|
add_header Cache-Control "public, max-age=300" always;
|
|
add_header X-Frame-Options "SAMEORIGIN" always;
|
|
add_header X-Content-Type-Options "nosniff" always;
|
|
add_header Referrer-Policy "strict-origin-when-cross-origin" always;
|
|
}
|
|
|
|
# Default location
|
|
location / {
|
|
try_files $uri $uri/ =404;
|
|
}
|
|
|
|
# Health check endpoint
|
|
location /health {
|
|
access_log off;
|
|
return 200 "OK\n";
|
|
add_header Content-Type text/plain;
|
|
}
|
|
}
|