Greg/MyFavStuff5
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
MyFavStuff5/Dockerfile

78 lines
4.1 KiB
Docker
Raw Blame History

# Stage 1: Build the Hugo site
FROM alpine:3.19 AS builder
# Install dependencies
RUN apk add --no-cache wget tar file gcompat libstdc++ libgcc
# Install Hugo extended version 0.147.0 (latest stable version) with verbose logging
RUN HUGO_VERSION=0.147.8 && \
echo "--- Attempting to download Hugo v${HUGO_VERSION} ---" && \
wget https://github.com/gohugoio/hugo/releases/download/v${HUGO_VERSION}/hugo_extended_${HUGO_VERSION}_linux-amd64.tar.gz -O hugo.tar.gz && \
echo "--- Download complete. Listing tarball contents (hugo.tar.gz): ---" && \
tar -tvf hugo.tar.gz && \
mkdir -p /tmp/hugo && \
echo "--- Extracting hugo.tar.gz to /tmp/hugo ---" && \
tar -xzf hugo.tar.gz -C /tmp/hugo && \
echo "--- Extraction complete. Listing /tmp/hugo: ---" && \
ls -la /tmp/hugo && \
echo "--- Moving /tmp/hugo/hugo to /usr/local/bin/hugo ---" && \
mv /tmp/hugo/hugo /usr/local/bin/hugo && \
echo "--- Verifying /usr/local/bin/hugo: ---" && \
ls -la /usr/local/bin/hugo && \
echo "--- File type of /usr/local/bin/hugo: ---" && \
file /usr/local/bin/hugo && \
echo "--- Setting execute permissions on /usr/local/bin/hugo ---" && \
chmod +x /usr/local/bin/hugo && \
echo "--- Cleaning up /tmp/hugo and hugo.tar.gz ---" && \
rm -rf /tmp/hugo hugo.tar.gz && \
echo "--- Attempting to run hugo version using full path (/usr/local/bin/hugo version): ---" && \
/usr/local/bin/hugo version && \
echo "--- Hugo installation and version check complete. ---"
# Set the working directory in the container
WORKDIR /src
# Copy the content of the project to the working directory
# This includes your Hugo site source, themes, and nginx.conf
COPY . .
# Build the Hugo site.
# - Output will be in /src/public by default.
# - Using --verbose and --debug for more detailed build logs.
RUN hugo --gc --minify --logLevel debug
# Stage 2: Serve the site with Nginx
FROM nginx:1.25-alpine
# Copy the built static site from the builder stage's /src/public directory
COPY --from=builder /src/public /usr/share/nginx/html
# Copy our custom Nginx configuration from the project root (copied in Stage 1)
# into the Nginx configuration directory.
COPY nginx.conf /etc/nginx/conf.d/default.conf
# Expose port 80
EXPOSE 80
# Security Headers Labels for Coolify Reverse Proxy
LABEL caddy.header.Content-Security-Policy="default-src 'self'; script-src 'self' 'unsafe-inline'; style-src 'self' 'unsafe-inline'; img-src 'self' data: https:; font-src 'self'; connect-src 'self'; frame-ancestors 'none';"
LABEL caddy.header.Strict-Transport-Security="max-age=31536000; includeSubDomains; preload"
LABEL caddy.header.X-Frame-Options="DENY"
LABEL caddy.header.X-Content-Type-Options="nosniff"
LABEL caddy.header.Referrer-Policy="strict-origin-when-cross-origin"
LABEL caddy.header.X-XSS-Protection="1; mode=block"
LABEL caddy.header.Permissions-Policy="geolocation=(), microphone=(), camera=()"
# Alternative Traefik labels (if switching to Traefik)
LABEL traefik.http.middlewares.security-headers.headers.customrequestheaders.Content-Security-Policy="default-src 'self'; script-src 'self' 'unsafe-inline'; style-src 'self' 'unsafe-inline'; img-src 'self' data: https:; font-src 'self'; connect-src 'self'; frame-ancestors 'none';"
LABEL traefik.http.middlewares.security-headers.headers.customrequestheaders.Strict-Transport-Security="max-age=31536000; includeSubDomains; preload"
LABEL traefik.http.middlewares.security-headers.headers.customrequestheaders.X-Frame-Options="DENY"
LABEL traefik.http.middlewares.security-headers.headers.customrequestheaders.X-Content-Type-Options="nosniff"
LABEL traefik.http.middlewares.security-headers.headers.customrequestheaders.Referrer-Policy="strict-origin-when-cross-origin"
LABEL traefik.http.middlewares.security-headers.headers.customrequestheaders.X-XSS-Protection="1; mode=block"
LABEL traefik.http.middlewares.security-headers.headers.customrequestheaders.Permissions-Policy="geolocation=(), microphone=(), camera=()"
LABEL traefik.http.routers.myfavstuff5.middlewares="security-headers"
# Start Nginx in foreground
CMD ["nginx", "-g", "daemon off;"]
Reference in New Issue View Git Blame Copy Permalink