Add Dockerfile (nginx:1.27-alpine), nginx.conf (gzip, cache, CSP and security headers, no HSTS — left to outer proxy), and docker-compose service `bchanot-web`. Host port is configurable via PORT env var (default 8080) and bound to 127.0.0.1 so the container sits behind a reverse proxy. Container hardened with read_only fs, cap_drop ALL, no-new-privileges, and tmpfs for nginx runtime dirs. Healthcheck via wget on /. Also adds .dockerignore and .env.example, and ignores .env. Usage: cp .env.example .env docker compose up -d --build Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
5 lines
162 B
Plaintext
5 lines
162 B
Plaintext
# Host port the bchanot-web container is exposed on.
|
|
# Reverse proxy (nginx/Caddy/Traefik) on the host should proxy_pass to
|
|
# http://127.0.0.1:${PORT}.
|
|
PORT=8080
|