fix: correct Traefik entrypoints and HTTP to HTTPS redirect
This commit is contained in:
parent
005e9c1598
commit
263b581d3a
@ -28,8 +28,8 @@ FROM nginx:alpine
|
|||||||
# Copier les fichiers buildés depuis l'étape builder
|
# Copier les fichiers buildés depuis l'étape builder
|
||||||
COPY --from=builder /app/dist /usr/share/nginx/html
|
COPY --from=builder /app/dist /usr/share/nginx/html
|
||||||
|
|
||||||
# Copier la configuration Nginx optimisée
|
# Copier la configuration Nginx optimisée (remplace le default.conf)
|
||||||
COPY nginx.conf /etc/nginx/nginx.conf
|
COPY nginx.conf /etc/nginx/conf.d/default.conf
|
||||||
|
|
||||||
# Exposer le port 80
|
# Exposer le port 80
|
||||||
EXPOSE 80
|
EXPOSE 80
|
||||||
|
|||||||
127
nginx.conf
127
nginx.conf
@ -1,28 +1,15 @@
|
|||||||
user nginx;
|
server {
|
||||||
worker_processes auto;
|
listen 80;
|
||||||
error_log /var/log/nginx/error.log warn;
|
listen [::]:80;
|
||||||
pid /var/run/nginx.pid;
|
server_name localhost;
|
||||||
|
root /usr/share/nginx/html;
|
||||||
|
index index.html;
|
||||||
|
|
||||||
events {
|
# Security headers
|
||||||
worker_connections 1024;
|
add_header X-Frame-Options "SAMEORIGIN" always;
|
||||||
}
|
add_header X-Content-Type-Options "nosniff" always;
|
||||||
|
add_header X-XSS-Protection "1; mode=block" always;
|
||||||
http {
|
add_header Referrer-Policy "no-referrer-when-downgrade" always;
|
||||||
include /etc/nginx/mime.types;
|
|
||||||
default_type application/octet-stream;
|
|
||||||
|
|
||||||
log_format main '$remote_addr - $remote_user [$time_local] "$request" '
|
|
||||||
'$status $body_bytes_sent "$http_referer" '
|
|
||||||
'"$http_user_agent" "$http_x_forwarded_for"';
|
|
||||||
|
|
||||||
access_log /var/log/nginx/access.log main;
|
|
||||||
|
|
||||||
# Performance optimizations
|
|
||||||
sendfile on;
|
|
||||||
tcp_nopush on;
|
|
||||||
tcp_nodelay on;
|
|
||||||
keepalive_timeout 65;
|
|
||||||
types_hash_max_size 2048;
|
|
||||||
|
|
||||||
# Gzip compression
|
# Gzip compression
|
||||||
gzip on;
|
gzip on;
|
||||||
@ -34,58 +21,44 @@ http {
|
|||||||
application/rss+xml font/truetype font/opentype
|
application/rss+xml font/truetype font/opentype
|
||||||
application/vnd.ms-fontobject image/svg+xml;
|
application/vnd.ms-fontobject image/svg+xml;
|
||||||
|
|
||||||
server {
|
# Cache static assets - Images
|
||||||
listen 80;
|
location ~* \.(jpg|jpeg|png|gif|ico|svg|webp)$ {
|
||||||
listen [::]:80;
|
expires 1y;
|
||||||
server_name _;
|
add_header Cache-Control "public, immutable";
|
||||||
root /usr/share/nginx/html;
|
|
||||||
index index.html;
|
|
||||||
|
|
||||||
# Security headers
|
|
||||||
add_header X-Frame-Options "SAMEORIGIN" always;
|
|
||||||
add_header X-Content-Type-Options "nosniff" always;
|
|
||||||
add_header X-XSS-Protection "1; mode=block" always;
|
|
||||||
add_header Referrer-Policy "no-referrer-when-downgrade" always;
|
|
||||||
|
|
||||||
# Cache static assets - Images
|
|
||||||
location ~* \.(jpg|jpeg|png|gif|ico|svg|webp)$ {
|
|
||||||
expires 1y;
|
|
||||||
add_header Cache-Control "public, immutable";
|
|
||||||
}
|
|
||||||
|
|
||||||
# Cache static assets - CSS/JS
|
|
||||||
location ~* \.(css|js)$ {
|
|
||||||
expires 1y;
|
|
||||||
add_header Cache-Control "public, immutable";
|
|
||||||
}
|
|
||||||
|
|
||||||
# Cache static assets - Fonts
|
|
||||||
location ~* \.(woff|woff2|ttf|otf|eot)$ {
|
|
||||||
expires 1y;
|
|
||||||
add_header Cache-Control "public, immutable";
|
|
||||||
add_header Access-Control-Allow-Origin "*";
|
|
||||||
}
|
|
||||||
|
|
||||||
# SPA fallback - toutes les routes vers index.html
|
|
||||||
location / {
|
|
||||||
try_files $uri $uri/ /index.html;
|
|
||||||
}
|
|
||||||
|
|
||||||
# Disable cache for index.html
|
|
||||||
location = /index.html {
|
|
||||||
add_header Cache-Control "no-cache, no-store, must-revalidate";
|
|
||||||
add_header Pragma "no-cache";
|
|
||||||
add_header Expires "0";
|
|
||||||
}
|
|
||||||
|
|
||||||
# Disable cache for service worker if you add one later
|
|
||||||
location = /service-worker.js {
|
|
||||||
add_header Cache-Control "no-cache, no-store, must-revalidate";
|
|
||||||
add_header Pragma "no-cache";
|
|
||||||
add_header Expires "0";
|
|
||||||
}
|
|
||||||
|
|
||||||
# Error pages
|
|
||||||
error_page 404 /index.html;
|
|
||||||
}
|
}
|
||||||
|
|
||||||
|
# Cache static assets - CSS/JS
|
||||||
|
location ~* \.(css|js)$ {
|
||||||
|
expires 1y;
|
||||||
|
add_header Cache-Control "public, immutable";
|
||||||
|
}
|
||||||
|
|
||||||
|
# Cache static assets - Fonts
|
||||||
|
location ~* \.(woff|woff2|ttf|otf|eot)$ {
|
||||||
|
expires 1y;
|
||||||
|
add_header Cache-Control "public, immutable";
|
||||||
|
add_header Access-Control-Allow-Origin "*";
|
||||||
|
}
|
||||||
|
|
||||||
|
# SPA fallback - toutes les routes vers index.html
|
||||||
|
location / {
|
||||||
|
try_files $uri $uri/ /index.html;
|
||||||
|
}
|
||||||
|
|
||||||
|
# Disable cache for index.html
|
||||||
|
location = /index.html {
|
||||||
|
add_header Cache-Control "no-cache, no-store, must-revalidate";
|
||||||
|
add_header Pragma "no-cache";
|
||||||
|
add_header Expires "0";
|
||||||
|
}
|
||||||
|
|
||||||
|
# Disable cache for service worker if you add one later
|
||||||
|
location = /service-worker.js {
|
||||||
|
add_header Cache-Control "no-cache, no-store, must-revalidate";
|
||||||
|
add_header Pragma "no-cache";
|
||||||
|
add_header Expires "0";
|
||||||
|
}
|
||||||
|
|
||||||
|
# Error pages
|
||||||
|
error_page 404 /index.html;
|
||||||
}
|
}
|
||||||
|
|||||||
Loading…
Reference in New Issue
Block a user