fix(docker): COPY favicon assets into image + cache header

Dockerfile selectively COPYs files into /usr/share/nginx/html. Favicon
assets (favicon.svg, favicon-32.png, favicon.ico, apple-touch-icon.png)
were added to the repo in ef31fb3 but never wired into the Dockerfile,
so a rebuilt container served 404 for /favicon.svg and friends — broken
favicon in prod even after `docker compose up -d --build`.

nginx.conf gets a matching long-cache rule for icon/image assets
(30 days, immutable, access_log off) — they rarely change and the file
name is the cache key anyway.

Deploy: on the VPS, `docker compose up -d --build`.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
This commit is contained in:
Bastien Chanot 2026-05-17 04:07:32 +02:00
parent 1f9416edf0
commit f1e4392c65
2 changed files with 8 additions and 0 deletions

View File

@ -13,6 +13,7 @@ RUN rm -rf ./*
COPY index.html ./ COPY index.html ./
COPY CV_Bastien_Chanot.html ./ COPY CV_Bastien_Chanot.html ./
COPY CV_Bastien_Chanot.pdf ./ COPY CV_Bastien_Chanot.pdf ./
COPY favicon.svg favicon-32.png favicon.ico apple-touch-icon.png ./
# Non-root hardening: nginx:alpine already drops privileges to "nginx" user # Non-root hardening: nginx:alpine already drops privileges to "nginx" user
# for worker processes. Master runs as root only to bind port 80 inside # for worker processes. Master runs as root only to bind port 80 inside

View File

@ -54,6 +54,13 @@ server {
add_header Cache-Control "public, max-age=3600, must-revalidate"; add_header Cache-Control "public, max-age=3600, must-revalidate";
} }
# Long cache for favicon + image assets (rarely change).
location ~* \.(?:ico|svg|png|jpg|jpeg|gif|webp)$ {
expires 30d;
add_header Cache-Control "public, max-age=2592000, immutable";
access_log off;
}
# Logs to stdout/stderr (default in nginx:alpine). # Logs to stdout/stderr (default in nginx:alpine).
access_log /var/log/nginx/access.log; access_log /var/log/nginx/access.log;
error_log /var/log/nginx/error.log warn; error_log /var/log/nginx/error.log warn;