Add Dockerfile and docker-compose.yml for Netcup deployment
Static Next.js export served via nginx with Traefik labels for myc0punkz.xyz. Container hardened with cap_drop ALL, read_only, no-new-privileges. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
This commit is contained in:
parent
04621668dc
commit
c0d11bb7b2
|
|
@ -0,0 +1,11 @@
|
||||||
|
FROM node:20-alpine AS builder
|
||||||
|
WORKDIR /app
|
||||||
|
RUN corepack enable && corepack prepare pnpm@latest --activate
|
||||||
|
COPY package.json pnpm-lock.yaml ./
|
||||||
|
RUN pnpm install --frozen-lockfile
|
||||||
|
COPY . .
|
||||||
|
RUN pnpm build
|
||||||
|
|
||||||
|
FROM nginx:alpine
|
||||||
|
COPY --from=builder /app/out /usr/share/nginx/html
|
||||||
|
EXPOSE 80
|
||||||
|
|
@ -0,0 +1,29 @@
|
||||||
|
services:
|
||||||
|
myc0punkz:
|
||||||
|
build: .
|
||||||
|
restart: unless-stopped
|
||||||
|
labels:
|
||||||
|
- "traefik.enable=true"
|
||||||
|
- "traefik.http.routers.myc0punkz.rule=Host(`myc0punkz.xyz`) || Host(`www.myc0punkz.xyz`)"
|
||||||
|
- "traefik.http.services.myc0punkz.loadbalancer.server.port=80"
|
||||||
|
networks:
|
||||||
|
- traefik-public
|
||||||
|
security_opt:
|
||||||
|
- no-new-privileges:true
|
||||||
|
cap_drop:
|
||||||
|
- ALL
|
||||||
|
cap_add:
|
||||||
|
- NET_BIND_SERVICE
|
||||||
|
- CHOWN
|
||||||
|
- SETGID
|
||||||
|
- SETUID
|
||||||
|
- DAC_OVERRIDE
|
||||||
|
read_only: true
|
||||||
|
tmpfs:
|
||||||
|
- /tmp
|
||||||
|
- /var/cache/nginx
|
||||||
|
- /var/run
|
||||||
|
|
||||||
|
networks:
|
||||||
|
traefik-public:
|
||||||
|
external: true
|
||||||
Loading…
Reference in New Issue