commit 467450a1a29e3086ca3eafb557b20a5eb621b387
parent e552e51c99f5ba583c0e291dc07b87e5c2bee240
Author: FIGBERT <figbert@figbert.com>
Date: Fri, 4 Sep 2020 01:48:49 -0700
:whale: Update config to prep for Docker transition
Diffstat:
4 files changed, 26 insertions(+), 35 deletions(-)
diff --git a/Caddyfile b/Caddyfile
@@ -1,31 +0,0 @@
-www.figbert.com {
- redir https://figbert.com{uri}
- header -Server
-}
-
-figbert.com {
- root * /usr/share/caddy
- encode zstd gzip
- file_server
- header {
- -Server
- Content-Security-Policy "default-src 'none'; script-src https://gc.zgo.at; img-src 'self' https://figbert.goatcounter.com/count; media-src 'self'; style-src 'self'; frame-ancestors 'none'; base-uri 'none'; form-action 'none';"
- Strict-Transport-Security "max-age=31536000; includeSubDomains; preload"
- Feature-Policy "accelerometer 'none'; ambient-light-sensor 'none'; autoplay 'self'; battery 'none'; camera 'none'; display-capture 'none'; document-domain 'none'; encrypted-media 'none'; execution-while-not-rendered 'none'; execution-while-out-of-viewport 'none'; fullscreen 'self'; geolocation 'none'; gyroscope 'none'; layout-animations 'none'; legacy-image-formats 'self'; magnetometer 'none'; microphone 'none'; midi 'none'; navigation-override 'none'; oversized-images 'self'; payment 'none'; picture-in-picture 'self'; publickey-credentials-get 'none'; sync-xhr 'none'; usb 'none'; vr 'none'; wake-lock 'none'; xr-spatial-tracking 'none';"
- X-Content-Type-Options nosniff
- X-Frame-Options DENY
- X-XSS-Protection "1; mode=block"
- Referrer-Policy strict-origin-when-cross-origin
- Cache-Control max-age=2419200
- }
- handle_errors {
- @404 {
- expression {http.error.status_code} == 404
- }
- handle @404 {
- rewrite 404.html
- }
- file_server
- }
-}
-
diff --git a/Dockerfile b/Dockerfile
@@ -9,8 +9,8 @@ RUN /bin/ash -c "echo \"http://dl-cdn.alpinelinux.org/alpine/edge/testing\" >> /
&& apk --no-cache add zola \
&& zola build
-FROM caddy:alpine
+FROM nginx:alpine
-COPY --from=builder /home/site/public /usr/share/caddy
-COPY ./Caddyfile /etc/caddy/Caddyfile
+COPY --from=builder /home/site/public /usr/share/nginx/html
+COPY ./nginx.conf /etc/nginx/nginx.conf
diff --git a/config.toml b/config.toml
@@ -1,5 +1,6 @@
# The URL the site will be built for
-base_url = "https://figbert.com"
+# base_url = "https://figbert.com"
+base_url = "http://127.0.0.1:80"
title = "FIGBERT"
description = "figbert.com is the website and home of FIGBERT on the clearnet. It's my blog, portfolio, and wiki – my personal stash of information floating on the open web."
diff --git a/nginx.conf b/nginx.conf
@@ -0,0 +1,21 @@
+events { }
+http {
+ include /etc/nginx/mime.types;
+ include /etc/nginx/conf.d/*.conf;
+ server {
+ listen 80;
+ root /usr/share/nginx/html;
+ add_header Content-Security-Policy "default-src 'none'; script-src https://gc.zgo.at; img-src 'self' https://figbert.goatcounter.com/count; media-src 'self'; style-src 'self'; frame-ancestors 'none'; base-uri 'none'; form-action 'none';";
+ add_header Strict-Transport-Security "max-age=31536000; preload";
+ add_header Feature-Policy "accelerometer 'none'; ambient-light-sensor 'none'; autoplay 'self'; battery 'none'; camera 'none'; display-capture 'none'; document-domain 'none'; encrypted-media 'none'; execution-while-not-rendered 'none'; execution-while-out-of-viewport 'none'; fullscreen 'self'; geolocation 'none'; gyroscope 'none'; layout-animations 'none'; legacy-image-formats 'self'; magnetometer 'none'; microphone 'none'; midi 'none'; navigation-override 'none'; oversized-images 'self'; payment 'none'; picture-in-picture 'self'; publickey-credentials-get 'none'; sync-xhr 'none'; usb 'none'; vr 'none'; wake-lock 'none'; xr-spatial-tracking 'none';";
+ add_header X-Content-Type-Options nosniff;
+ add_header X-Frame-Options DENY;
+ add_header X-XSS-Protection "1; mode=block";
+ add_header Referrer-Policy strict-origin-when-cross-origin;
+ add_header Cache-Control max-age=2419200;
+ location / {
+ try_files $uri $uri/ =404;
+ }
+ }
+}
+
