feat: containerise the site with nginx-unprivileged
Serve the static site from a non-root nginx image listening on 8080, with cache headers, gzip and a /healthz endpoint. Designed to run behind an external reverse proxy that terminates TLS. Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
This commit is contained in:
Emma Thorpe
@@ -0,0 +1,42 @@
|
||||
# Static file serving for "Why is the DLR shut today?".
|
||||
# Intended to run behind an external reverse proxy (e.g. NGINX) which
|
||||
# handles TLS, host routing and any X-Forwarded-* headers.
|
||||
|
||||
server {
|
||||
listen 8080;
|
||||
listen [::]:8080;
|
||||
server_name _;
|
||||
|
||||
root /usr/share/nginx/html;
|
||||
index index.html;
|
||||
|
||||
gzip on;
|
||||
gzip_vary on;
|
||||
gzip_types text/css application/javascript;
|
||||
|
||||
location / {
|
||||
try_files $uri $uri/ =404;
|
||||
}
|
||||
|
||||
# HTML should always be revalidated so deploys are picked up promptly.
|
||||
location = /index.html {
|
||||
add_header Cache-Control "no-cache";
|
||||
}
|
||||
|
||||
# The message list is edited frequently; do not cache it.
|
||||
location = /messages.js {
|
||||
add_header Cache-Control "no-cache";
|
||||
}
|
||||
|
||||
# Other static assets may be cached for a short period.
|
||||
location ~* \.(?:css|js)$ {
|
||||
add_header Cache-Control "public, max-age=3600";
|
||||
}
|
||||
|
||||
# Health endpoint for the proxy / orchestrator.
|
||||
location = /healthz {
|
||||
access_log off;
|
||||
default_type text/plain;
|
||||
return 200 "ok\n";
|
||||
}
|
||||
}
|
||||
Reference in New Issue
Block a user