Dockerfile selectively COPYs files into /usr/share/nginx/html. Favicon
assets (favicon.svg, favicon-32.png, favicon.ico, apple-touch-icon.png)
were added to the repo in ef31fb3 but never wired into the Dockerfile,
so a rebuilt container served 404 for /favicon.svg and friends — broken
favicon in prod even after `docker compose up -d --build`.
nginx.conf gets a matching long-cache rule for icon/image assets
(30 days, immutable, access_log off) — they rarely change and the file
name is the cache key anyway.
Deploy: on the VPS, `docker compose up -d --build`.
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
Add Dockerfile (nginx:1.27-alpine), nginx.conf (gzip, cache, CSP and
security headers, no HSTS — left to outer proxy), and docker-compose
service `bchanot-web`. Host port is configurable via PORT env var
(default 8080) and bound to 127.0.0.1 so the container sits behind a
reverse proxy. Container hardened with read_only fs, cap_drop ALL,
no-new-privileges, and tmpfs for nginx runtime dirs. Healthcheck via
wget on /. Also adds .dockerignore and .env.example, and ignores .env.
Usage:
cp .env.example .env
docker compose up -d --build
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>