...
 
Commits (5)
[*.{js,jsx,ts,tsx,vue}]
root = true
[*]
charset = utf-8
indent_style = space
indent_size = 2
end_of_line = lf
trim_trailing_whitespace = true
insert_final_newline = true
# stage-1: build dist folder
FROM node:lts-alpine as build
WORKDIR /usr/src/app
COPY ["package.json", "package-lock.json", "/usr/src/app/"]
RUN apk add python make g++
COPY ["package.json", "package-lock.json", "/usr/src/app/"]
RUN npm ci --silent
COPY . .
RUN npm run build
......@@ -11,5 +11,5 @@ RUN npm run build
FROM nginx:alpine
EXPOSE 5000
COPY system-files/nginx-defaultsite.conf /etc/nginx/conf.d/thekno.conf
COPY system-files/nginx-spa.conf /etc/nginx/conf.d/thekno-spa.include
COPY system-files/nginx-spa.conf /etc/nginx/snippets/thekno-spa.include
COPY --from=build /usr/src/app/build/dist /usr/share/thekno/html
......@@ -36,7 +36,7 @@ If you are using Debian Stretch you’ll notice that the distributed `nodejs` pa
If you prefer packages provided by the Debian project, you can activate the `stretch-backports` repository. Add the following line to your `/etc/apt/sources.list`:
```
deb http://deb.debian.org/debian stretch main
deb http://deb.debian.org/debian stretch-backports main
```
After that you will be able to install `nodejs` and `npm` with the following command:
......
......@@ -17,5 +17,5 @@ server {
proxy_set_header Connection $connection_upgrade;
}
include /etc/nginx/conf.d/thekno-spa.include;
include /etc/nginx/snippets/thekno-spa.include;
}
# nginx default configuration for Vue single page app
location / {
# try to resolve files and always fallback to the index.html file
try_files $uri $uri/ /index.html;
......@@ -12,8 +10,45 @@ location / {
location ~* "\.(?:[0-9a-z]+)$" {
# normal files should always be revalidated by the cache
# no-cache is somewhat un-intuitive:
# it means that the resource is allowed to be stored in the cache,
# but that the cache must ask us, if it’s still up-to-date
# it means that the resource is allowed to be stored in the cache,
# but that the cache must ask us, if the cached file is still up-to-date
add_header Cache-Control "public, no-cache";
}
}
location /index.html {
# No files were resolved so we fallback to index.html to allow the
# internal javascript router to take over routing.
try_files /index.html =404;
# same as for non-content-hashed files as defined above
add_header Cache-Control "public, no-cache";
# We deliberately want to opt-out of many browser features we don’t use
# to protect our users from any malicious content that may find its way
# into our app (either via user-generated content or third-party
# dependencies of this app). By setting the Feature-Policy header we
# can reduce the attack surface of any code that runs on our site.
set $thekno_fp "";
set $thekno_fp "${thekno_fp}accelerometer 'none'; ";
set $thekno_fp "${thekno_fp}ambient-light-sensor 'none'; ";
set $thekno_fp "${thekno_fp}autoplay 'self'; ";
set $thekno_fp "${thekno_fp}camera 'none'; ";
set $thekno_fp "${thekno_fp}display-capture 'none'; ";
set $thekno_fp "${thekno_fp}document-domain 'none'; ";
set $thekno_fp "${thekno_fp}document-write 'none'; ";
set $thekno_fp "${thekno_fp}encrypted-media 'none'; ";
set $thekno_fp "${thekno_fp}geolocation 'none'; ";
set $thekno_fp "${thekno_fp}gyroscope 'none'; ";
set $thekno_fp "${thekno_fp}legacy-image-formats 'none'; ";
set $thekno_fp "${thekno_fp}microphone 'none'; ";
set $thekno_fp "${thekno_fp}midi 'none'; ";
set $thekno_fp "${thekno_fp}magnetometer 'none'; ";
set $thekno_fp "${thekno_fp}picture-in-picture 'none'; ";
set $thekno_fp "${thekno_fp}payment 'none'; ";
set $thekno_fp "${thekno_fp}speaker 'self'; ";
set $thekno_fp "${thekno_fp}sync-xhr 'none'; ";
set $thekno_fp "${thekno_fp}usb 'none'; ";
set $thekno_fp "${thekno_fp}vr 'none'";
add_header Feature-Policy "$thekno_fp" always;
}