6292fa2c77
- Upgrade Go to 1.26, FrankenPHP to v1.11.2 (CVE-2026-24894) - Add non-root USER to all Dockerfiles (Trivy misconfig) - Upgrade gitleaks to v8.24.3 with arch detection Co-Authored-By: Virgil <virgil@lethean.io>
20 lines
663 B
Text
20 lines
663 B
Text
# Host UK — Nginx Web Server
|
|
# Serves static files and proxies PHP to FPM container
|
|
#
|
|
# Build: docker build -f docker/Dockerfile.web -t host-uk/web:latest .
|
|
|
|
FROM nginx:1.27-alpine
|
|
|
|
# Copy nginx configuration
|
|
COPY docker/nginx/default.conf /etc/nginx/conf.d/default.conf
|
|
COPY docker/nginx/security-headers.conf /etc/nginx/snippets/security-headers.conf
|
|
|
|
# Copy static assets from app build
|
|
# (In production, these are volume-mounted from the app container)
|
|
# COPY --from=host-uk/app:latest /app/public /app/public
|
|
|
|
HEALTHCHECK --interval=30s --timeout=3s --start-period=5s --retries=3 \
|
|
CMD wget -qO- http://localhost/health || exit 1
|
|
|
|
USER nginx
|
|
EXPOSE 80
|