From 40f3c63bfc274cfee82c4e135a19ec10a549076d Mon Sep 17 00:00:00 2001
From: Audun Solemdal <audun@solom.no>
Date: Wed, 30 Oct 2024 20:52:11 +0100
Subject: [PATCH] use node lts, split to two parts (#98)

---
 web/Dockerfile | 17 +++++++++++------
 web/nginx.conf | 25 +++++++++++++++++++++++++
 2 files changed, 36 insertions(+), 6 deletions(-)
 create mode 100644 web/nginx.conf

diff --git a/web/Dockerfile b/web/Dockerfile
index 07aa1a9..739478d 100644
--- a/web/Dockerfile
+++ b/web/Dockerfile
@@ -1,13 +1,18 @@
-FROM node:22-alpine
-RUN npm install -g serve
+FROM node:lts-alpine AS nodebuilder
 WORKDIR /code
 
-COPY package.json yarn.lock /code/
+COPY --link package.json yarn.lock /code/
 RUN yarn install --frozen-lockfile
-COPY public /code/public
-COPY src /code/src
-
+COPY --link public /code/public
+COPY --link src /code/src
 RUN yarn build
+
+FROM node:lts-alpine AS final
+
+RUN npm install -g serve
+COPY --link --from=nodebuilder /code/build /code/build
+COPY --link /nginx.conf /etc/nginx/nginx.conf
+
 EXPOSE 3000
 
 CMD ["serve", "-s", "build"]
diff --git a/web/nginx.conf b/web/nginx.conf
new file mode 100644
index 0000000..6ef7d5e
--- /dev/null
+++ b/web/nginx.conf
@@ -0,0 +1,25 @@
+events{}
+
+http {
+
+	include /etc/nginx/mime.types;
+
+	server {
+			listen 3000;
+			server_name localhost;
+			root /usr/share/nginx/html;
+			index index.html;
+
+			add_header X-Content-Type-Options "nosniff";
+			add_header Referrer-Policy "same-origin";
+			add_header Permissions-Policy "accelerometer=(), camera=(), geolocation=(), gyroscope=(), magnetometer=(), microphone=(), payment=(), usb=()";
+			# TODO - tighten up the Content-Security-Policy
+			add_header Content-Security-Policy "default-src 'self' *; script-src 'self' 'unsafe-inline' *; style-src 'self' 'unsafe-inline' *; frame-ancestors 'self';";
+			# TODO - increase age
+			add_header Strict-Transport-Security "max-age=7200; includeSubDomains;";  
+
+			location / {
+			try_files $uri $uri/ /index.html;
+		}
+	}
+}