Dockerfile selectively COPYs files into /usr/share/nginx/html. Favicon
assets (favicon.svg, favicon-32.png, favicon.ico, apple-touch-icon.png)
were added to the repo in ef31fb3 but never wired into the Dockerfile,
so a rebuilt container served 404 for /favicon.svg and friends — broken
favicon in prod even after `docker compose up -d --build`.
nginx.conf gets a matching long-cache rule for icon/image assets
(30 days, immutable, access_log off) — they rarely change and the file
name is the cache key anyway.
Deploy: on the VPS, `docker compose up -d --build`.
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
28 lines
858 B
Docker
28 lines
858 B
Docker
# Static site for bchanot.fr
|
|
# nginx:alpine serves index.html + CV (HTML + PDF).
|
|
|
|
FROM nginx:1.27-alpine
|
|
|
|
# Custom nginx config (gzip, cache, security headers).
|
|
COPY nginx.conf /etc/nginx/conf.d/default.conf
|
|
|
|
# Site assets.
|
|
WORKDIR /usr/share/nginx/html
|
|
RUN rm -rf ./*
|
|
|
|
COPY index.html ./
|
|
COPY CV_Bastien_Chanot.html ./
|
|
COPY CV_Bastien_Chanot.pdf ./
|
|
COPY favicon.svg favicon-32.png favicon.ico apple-touch-icon.png ./
|
|
|
|
# Non-root hardening: nginx:alpine already drops privileges to "nginx" user
|
|
# for worker processes. Master runs as root only to bind port 80 inside
|
|
# the container — fine because the host port is the one exposed.
|
|
EXPOSE 80
|
|
|
|
# Basic healthcheck: nginx must serve index.html.
|
|
HEALTHCHECK --interval=30s --timeout=3s --start-period=5s --retries=3 \
|
|
CMD wget -qO- http://127.0.0.1/ >/dev/null || exit 1
|
|
|
|
CMD ["nginx", "-g", "daemon off;"]
|