diff --git a/docker-compose.yml b/docker-compose.yml index 772b1b3..baf367b 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -3,16 +3,31 @@ services: django: image: crocmagnon/blog:latest build: . - ports: - - 8000:8000 env_file: - .env volumes: - ./db:/db - - ./static:/app/staticfiles + - staticfiles:/app/staticfiles + - media:/app/media restart: on-failure + init: true + tty: true + depends_on: + - nginx + nginx: + image: nginx:1.19.2 + ports: + - 8000:80 + volumes: + - staticfiles:/app/static + - media:/app/media + - ./docker/nginx.conf:/etc/nginx/conf.d/default.conf tests: image: crocmagnon/blog:tests build: context: . dockerfile: tests.Dockerfile + +volumes: + staticfiles: {} + media: {} diff --git a/docker/nginx.conf b/docker/nginx.conf new file mode 100644 index 0000000..fc2bb18 --- /dev/null +++ b/docker/nginx.conf @@ -0,0 +1,50 @@ +server { + server_name localhost:8000; + + client_max_body_size 10M; + + gzip on; + gzip_types + application/javascript + application/x-javascript + application/json + application/rss+xml + application/xml + image/svg+xml + image/x-icon + application/vnd.ms-fontobject + application/font-sfnt + text/css + text/plain; + gzip_min_length 256; + gzip_comp_level 5; + gzip_http_version 1.1; + gzip_vary on; + + location /static/ { + alias /app/static/; + expires 30d; + } + + location /media/ { + alias /app/media/; + expires 30d; + } + + location / { + proxy_set_header Host $host; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $remote_addr; + proxy_pass http://django:8000; + proxy_redirect off; + } + + add_header Content-Security-Policy "frame-ancestors 'none'; default-src 'none'; img-src https: 'self'; script-src 'self'; style-src 'self' 'unsafe-inline'; font-src 'self'" always; + add_header X-Frame-Options "DENY" always; + add_header X-XSS-Protection "1; mode=block" always; + add_header X-Content-Type-Options "nosniff" always; + add_header Referrer-Policy "strict-origin-when-cross-origin" always; + + listen [::]:80; + listen 80; +}