spotlightcam

radziel/spotlightcam

Fork 0

Commit Graph

Author	SHA1	Message	Date
Radosław Gierwiało	0466ef9e5c	security(nginx): block access to sensitive files and directories Added comprehensive security rules to all nginx configurations: Dev proxy (nginx/conf.d/default.conf): - Block dotfiles and .git directory - Block .env* files and config files - Block node_modules, docker configs, package files - Block backup files (.bak, .swp, ~) Prod proxy (nginx/conf.d.prod/default.conf): - All dev security rules - Added security headers (X-Frame-Options, CSP, etc.) - Strict CSP with frame-ancestors 'none' Frontend container (frontend/nginx.conf): - Block dotfiles and sensitive config files - Block node_modules and build configs - Added security headers All blocked paths return 404 and disable logging to avoid log spam. Blocks: .env, .git, node_modules, docker, package.json, prisma, backup, .bak, .swp, tsconfig.json, and more.	2025-12-02 19:55:08 +01:00
Radosław Gierwiało	a400068053	feat: add production Docker setup with multi-stage builds - Add production Dockerfiles for frontend and backend * Frontend: multi-stage build with nginx serving static files * Backend: multi-stage build with Prisma generation - Create production nginx configuration (nginx/conf.d.prod/) * Routes to frontend-prod:80 and backend-prod:3000 * Supports WebSocket connections for Socket.IO - Update docker-compose.yml to use production config * Add env_file support for backend-prod * Mount production nginx config directory - Add .env.production.example template for deployment	2025-11-15 17:21:25 +01:00

Author

SHA1

Message

Date

Radosław Gierwiało

0466ef9e5c

security(nginx): block access to sensitive files and directories

Added comprehensive security rules to all nginx configurations:

Dev proxy (nginx/conf.d/default.conf):
- Block dotfiles and .git directory
- Block .env* files and config files
- Block node_modules, docker configs, package files
- Block backup files (.bak, .swp, ~)

Prod proxy (nginx/conf.d.prod/default.conf):
- All dev security rules
- Added security headers (X-Frame-Options, CSP, etc.)
- Strict CSP with frame-ancestors 'none'

Frontend container (frontend/nginx.conf):
- Block dotfiles and sensitive config files
- Block node_modules and build configs
- Added security headers

All blocked paths return 404 and disable logging to avoid log spam.

Blocks: .env*, .git, node_modules, docker*, package*.json,
prisma, backup*, *.bak, *.swp, tsconfig.json, and more.

2025-12-02 19:55:08 +01:00

Radosław Gierwiało

a400068053

feat: add production Docker setup with multi-stage builds

- Add production Dockerfiles for frontend and backend
  * Frontend: multi-stage build with nginx serving static files
  * Backend: multi-stage build with Prisma generation
- Create production nginx configuration (nginx/conf.d.prod/)
  * Routes to frontend-prod:80 and backend-prod:3000
  * Supports WebSocket connections for Socket.IO
- Update docker-compose.yml to use production config
  * Add env_file support for backend-prod
  * Mount production nginx config directory
- Add .env.production.example template for deployment

2025-11-15 17:21:25 +01:00

2 Commits