Web: Repo-Link mit Gitea-Logo im Footer + Coolify-Deploy (nginx)
- Footer der Web-App verlinkt aufs Gitea-Repo mit kleinem Gitea-Logo (inline SVG) - Dockerfile (nginx:alpine) liefert web/ statisch aus -> Coolify Git-Deploy - deploy/nginx.conf: CSP frame-ancestors erlaubt Einbettung als iframe nur von gaertner.onl; sw.js/manifest ungecacht; Dev-Artefakte (_*) werden geblockt Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
This commit is contained in:
22
deploy/nginx.conf
Normal file
22
deploy/nginx.conf
Normal file
@@ -0,0 +1,22 @@
|
||||
server {
|
||||
listen 80;
|
||||
server_name _;
|
||||
root /usr/share/nginx/html;
|
||||
index index.html;
|
||||
|
||||
# App-Shell darf NUR von der eigenen Homepage als iframe eingebettet werden.
|
||||
add_header Content-Security-Policy "frame-ancestors 'self' https://gaertner.onl https://*.gaertner.onl" always;
|
||||
add_header X-Content-Type-Options "nosniff" always;
|
||||
add_header Referrer-Policy "no-referrer" always;
|
||||
|
||||
# Service Worker & Manifest nie cachen -> App-Updates greifen sofort.
|
||||
location = /sw.js { add_header Cache-Control "no-cache"; }
|
||||
location = /manifest.webmanifest { add_header Cache-Control "no-cache"; }
|
||||
|
||||
# Entwickler-/Test-Artefakte (_-Präfix) niemals ausliefern.
|
||||
location ~ /_ { deny all; }
|
||||
|
||||
location / {
|
||||
try_files $uri $uri/ =404;
|
||||
}
|
||||
}
|
||||
Reference in New Issue
Block a user