chore: Harden Docker and Nginx configuration
All checks were successful
Test Asgard Runner / test (push) Successful in 4s
All checks were successful
Test Asgard Runner / test (push) Successful in 4s
- Pin NATS image to nats:2.10-alpine for reproducible builds - Add nginx healthcheck using wget (curl not present in alpine) - Upgrade nginx depends_on to use condition: service_started - Add proxy buffer directives to http block (prevents JWT/large-header truncation) - Add X-Content-Type-Options, X-Frame-Options, X-XSS-Protection, and Referrer-Policy security headers to all SPA location blocks across all five server blocks Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
This commit is contained in:
Vantz Stockwell
@@ -17,7 +17,7 @@ services:
|
||||
retries: 5
|
||||
|
||||
nats:
|
||||
image: nats:latest
|
||||
image: nats:2.10-alpine
|
||||
container_name: corrosion-nats
|
||||
command:
|
||||
- "--config=/etc/nats/nats.conf"
|
||||
@@ -77,7 +77,14 @@ services:
|
||||
- ./nginx.conf:/etc/nginx/nginx.conf:ro
|
||||
- map_data:/data/maps:ro
|
||||
depends_on:
|
||||
- api
|
||||
api:
|
||||
condition: service_started
|
||||
healthcheck:
|
||||
test: ["CMD-SHELL", "wget -q --spider http://localhost:80/ || exit 1"]
|
||||
interval: 10s
|
||||
timeout: 5s
|
||||
retries: 3
|
||||
start_period: 10s
|
||||
|
||||
volumes:
|
||||
pg_data:
|
||||
|
||||
Reference in New Issue
Block a user