feat: containerise the site with nginx-unprivileged
Serve the static site from a non-root nginx image listening on 8080, with cache headers, gzip and a /healthz endpoint. Designed to run behind an external reverse proxy that terminates TLS. Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
This commit is contained in:
Emma Thorpe
@@ -0,0 +1,9 @@
|
||||
# Lightweight, non-root nginx serving the static site.
|
||||
# Runs as user "nginx" and listens on 8080, ready to sit behind an
|
||||
# external reverse proxy that terminates TLS and forwards requests.
|
||||
FROM nginxinc/nginx-unprivileged:1.27-alpine-slim
|
||||
|
||||
COPY default.conf /etc/nginx/conf.d/default.conf
|
||||
COPY --chown=nginx:nginx index.html styles.css script.js messages.js /usr/share/nginx/html/
|
||||
|
||||
EXPOSE 8080
|
||||
Reference in New Issue
Block a user