From 14a7b310260fd2b6de1914659017105f7c7ccfce Mon Sep 17 00:00:00 2001
From: Gabriel Augendre <gabriel@augendre.info>
Date: Sun, 27 Dec 2020 13:35:16 +0100
Subject: [PATCH] Create a docker-compose suitable for dev

---
 docker-compose.yml    | 12 ++++------
 docker/nginx-dev.conf | 55 +++++++++++++++++++++++++++++++++++++++++++
 2 files changed, 60 insertions(+), 7 deletions(-)
 create mode 100644 docker/nginx-dev.conf

diff --git a/docker-compose.yml b/docker-compose.yml
index 8aeb54a..573a7fa 100644
--- a/docker-compose.yml
+++ b/docker-compose.yml
@@ -2,7 +2,10 @@ version: '2.4'
 services:
   django:
     image: rg.fr-par.scw.cloud/crocmagnon/blog:latest
-    build: .
+    build:
+      context: .
+      args:
+        POETRY_OPTIONS: "--no-dev"
     env_file:
       - .env
     volumes:
@@ -19,14 +22,9 @@ services:
     volumes:
       - staticfiles:/app/static
       - media:/app/media
-      - ./docker/nginx.conf:/etc/nginx/conf.d/default.conf
+      - ./docker/nginx-dev.conf:/etc/nginx/conf.d/default.conf
     depends_on:
       - django
-  tests:
-    image: rg.fr-par.scw.cloud/crocmagnon/blog:tests
-    build:
-      context: .
-      dockerfile: tests.Dockerfile
 
 volumes:
   staticfiles: {}
diff --git a/docker/nginx-dev.conf b/docker/nginx-dev.conf
new file mode 100644
index 0000000..c08b5e8
--- /dev/null
+++ b/docker/nginx-dev.conf
@@ -0,0 +1,55 @@
+server {
+    server_name localhost:8000;
+
+    client_max_body_size 10M;
+
+    gzip on;
+    gzip_types
+      application/javascript
+      application/x-javascript
+      application/json
+      application/rss+xml
+      application/xml
+      application/vnd.ms-fontobject
+      application/font-sfnt
+      image/svg+xml
+      image/x-icon
+      text/xml
+      text/javascript
+      text/css
+      text/plain;
+    gzip_min_length 256;
+    gzip_comp_level 5;
+    gzip_http_version 1.1;
+    gzip_vary on;
+
+    location /static/ {
+        alias /app/static/;
+        expires 30d;
+    }
+
+    location /media/ {
+        alias /app/media/;
+        expires 30d;
+    }
+
+    location / {
+        proxy_set_header Host $host;
+        proxy_set_header X-Real-IP $remote_addr;
+        proxy_set_header X-Forwarded-For $remote_addr;
+        proxy_pass http://django:8000;
+        proxy_redirect off;
+    }
+
+    add_header Content-Security-Policy "frame-ancestors 'none'; default-src 'none'; img-src 'self' https:; script-src 'self'
+        https://plausible.augendre.info; connect-src https://plausible.augendre.info; style-src 'self' 'unsafe-inline';
+        font-src 'self'; manifest-src 'self';" always;
+    add_header X-Frame-Options "DENY" always;
+    add_header X-XSS-Protection "1; mode=block" always;
+    add_header X-Content-Type-Options "nosniff" always;
+    add_header Referrer-Policy "strict-origin-when-cross-origin" always;
+    add_header Strict-Transport-Security "max-age=63072000; includeSubDomains; preload" always;
+
+    listen [::]:80;
+    listen 80;
+}