jsnbuchanan/crowd-funder-for-time-pwa
1
0
Fork 1
forked from trent_larson/crowd-funder-for-time-pwa
Code Issues Pull Requests Projects Releases Wiki Activity

migration: move to bash based build scripts

Browse Source
This commit is contained in:
Matthew Raymer
2025-06-24 11:11:33 +00:00
parent d359263704
commit 94ac7d648d
34 changed files with 3350 additions and 571 deletions
Download Patch File Download Diff File Expand all files Collapse all files

509
docker/README.md Normal file
View File

@@ -0,0 +1,509 @@
# TimeSafari Docker Setup
## Overview
This directory contains Docker configuration files for building and deploying TimeSafari across different environments with full configurability.
## Files
- `Dockerfile` - Multi-stage Docker build for TimeSafari
- `nginx.conf` - Main nginx configuration with security headers
- `default.conf` - Production server configuration
- `staging.conf` - Staging server configuration with relaxed caching
- `docker-compose.yml` - Multi-environment Docker Compose setup
- `.dockerignore` - Optimizes build context
- `run.sh` - Convenient script to run different configurations
## Quick Start
### Using the Run Script (Recommended)
```bash
# Development mode with hot reloading
./docker/run.sh dev
# Staging mode for testing
./docker/run.sh staging
# Production mode
./docker/run.sh production
# Custom mode with environment variables
BUILD_MODE=staging ./docker/run.sh custom
# Show build arguments for a mode
./docker/run.sh dev --build-args
# Custom port and environment file
./docker/run.sh staging --port 9000 --env .env.test
```
### Using Docker Compose
```bash
# Development environment with hot reloading
docker-compose up dev
# Staging environment
docker-compose up staging
# Production environment
docker-compose up production
# Custom environment with variables
BUILD_MODE=staging docker-compose up custom
```
## Build Commands
### Manual Docker Build
```bash
# Build production image (default)
docker build -t timesafari:latest .
# Build staging image
docker build --build-arg BUILD_MODE=staging -t timesafari:staging .
# Build development image
docker build --build-arg BUILD_MODE=development -t timesafari:dev .
# Build with custom arguments
docker build \
--build-arg BUILD_MODE=staging \
--build-arg NODE_ENV=staging \
--build-arg VITE_PWA_ENABLED=true \
-t timesafari:custom .
```
### Run Container
```bash
# Run production container
docker run -d -p 80:80 timesafari:latest
# Run with environment file
docker run -d -p 80:80 --env-file .env.production timesafari:latest
# Run with custom environment variables
docker run -d -p 80:80 \
-e VITE_APP_SERVER=https://myapp.com \
-e VITE_DEFAULT_ENDORSER_API_SERVER=https://api.myapp.com \
timesafari:latest
```
## Configuration Options
### Build Arguments
The Dockerfile supports these build arguments:
| Argument | Default | Description |
|----------|---------|-------------|
| `BUILD_MODE` | `production` | Build mode: development, staging, or production |
| `NODE_ENV` | `production` | Node.js environment |
| `VITE_PLATFORM` | `web` | Vite platform type |
| `VITE_PWA_ENABLED` | `true` | Enable PWA features |
| `VITE_DISABLE_PWA` | `false` | Disable PWA features |
### Environment Variables
Docker Compose supports these environment variables:
| Variable | Default | Description |
|----------|---------|-------------|
| `BUILD_MODE` | `production` | Build mode |
| `NODE_ENV` | `production` | Node environment |
| `VITE_PLATFORM` | `web` | Vite platform |
| `VITE_PWA_ENABLED` | `true` | Enable PWA |
| `VITE_DISABLE_PWA` | `false` | Disable PWA |
| `DEV_PORT` | `5173` | Development port |
| `STAGING_PORT` | `8080` | Staging port |
| `PROD_PORT` | `80` | Production port |
| `DEV_ENV_FILE` | `.env.development` | Development env file |
| `STAGING_ENV_FILE` | `.env.staging` | Staging env file |
| `PROD_ENV_FILE` | `.env.production` | Production env file |
### Environment Files
Create environment files for different deployments:
```bash
# .env.development
VITE_APP_SERVER=https://dev.timesafari.app
VITE_DEFAULT_ENDORSER_API_SERVER=https://dev-api.endorser.ch
VITE_DEFAULT_IMAGE_API_SERVER=https://dev-image-api.timesafari.app
VITE_DEFAULT_PARTNER_API_SERVER=https://dev-partner-api.endorser.ch
VITE_DEFAULT_PUSH_SERVER=https://dev.timesafari.app
VITE_PASSKEYS_ENABLED=true
# .env.staging
VITE_APP_SERVER=https://staging.timesafari.app
VITE_DEFAULT_ENDORSER_API_SERVER=https://staging-api.endorser.ch
VITE_DEFAULT_IMAGE_API_SERVER=https://staging-image-api.timesafari.app
VITE_DEFAULT_PARTNER_API_SERVER=https://staging-partner-api.endorser.ch
VITE_DEFAULT_PUSH_SERVER=https://staging.timesafari.app
VITE_PASSKEYS_ENABLED=true
# .env.production
VITE_APP_SERVER=https://timesafari.app
VITE_DEFAULT_ENDORSER_API_SERVER=https://api.endorser.ch
VITE_DEFAULT_IMAGE_API_SERVER=https://image-api.timesafari.app
VITE_DEFAULT_PARTNER_API_SERVER=https://partner-api.endorser.ch
VITE_DEFAULT_PUSH_SERVER=https://timesafari.app
VITE_PASSKEYS_ENABLED=true
```
## Build Modes
### Development Mode
- **Target**: `development`
- **Features**: Hot reloading, development server
- **Port**: 5173
- **Caching**: Disabled
- **Use Case**: Local development
```bash
./docker/run.sh dev
# or
docker build --target development -t timesafari:dev .
```
### Staging Mode
- **Target**: `staging`
- **Features**: Production build with relaxed caching
- **Port**: 8080 (mapped from 80)
- **Caching**: Short-term (1 hour)
- **Use Case**: Testing and QA
```bash
./docker/run.sh staging
# or
docker build --build-arg BUILD_MODE=staging -t timesafari:staging .
```
### Production Mode
- **Target**: `production`
- **Features**: Optimized production build
- **Port**: 80
- **Caching**: Long-term (1 year for assets)
- **Use Case**: Live deployment
```bash
./docker/run.sh production
# or
docker build -t timesafari:latest .
```
### Custom Mode
- **Target**: Configurable via `BUILD_TARGET`
- **Features**: Fully configurable
- **Port**: Configurable via `CUSTOM_PORT`
- **Use Case**: Special deployments
```bash
BUILD_MODE=staging NODE_ENV=staging ./docker/run.sh custom
```
## Advanced Usage
### Custom Build Configuration
```bash
# Build with specific environment
docker build \
--build-arg BUILD_MODE=staging \
--build-arg NODE_ENV=staging \
--build-arg VITE_PWA_ENABLED=false \
-t timesafari:staging-no-pwa .
# Run with custom configuration
docker run -d -p 9000:80 \
-e VITE_APP_SERVER=https://test.example.com \
timesafari:staging-no-pwa
```
### Docker Compose with Custom Variables
```bash
# Set environment variables
export BUILD_MODE=staging
export NODE_ENV=staging
export STAGING_PORT=9000
export STAGING_ENV_FILE=.env.test
# Run staging with custom config
docker-compose up staging
```
### Multi-Environment Deployment
```bash
# Development
./docker/run.sh dev
# Staging in another terminal
./docker/run.sh staging --port 8081
# Production in another terminal
./docker/run.sh production --port 8082
```
## Security Features
### Built-in Security
- **Non-root user execution**: All containers run as non-root users
- **Security headers**: XSS protection, content type options, frame options
- **Rate limiting**: API request rate limiting
- **File access restrictions**: Hidden files and backup files blocked
- **Minimal attack surface**: Alpine Linux base images
### Security Headers
- `X-Frame-Options: SAMEORIGIN`
- `X-Content-Type-Options: nosniff`
- `X-XSS-Protection: 1; mode=block`
- `Referrer-Policy: strict-origin-when-cross-origin`
- `Content-Security-Policy`: Comprehensive CSP policy
## Performance Optimizations
### Caching Strategy
- **Static assets**: 1 year cache with immutable flag (production)
- **HTML files**: 1 hour cache (production) / no cache (staging)
- **Service worker**: No cache
- **Manifest**: 1 day cache (production) / 1 hour cache (staging)
### Compression
- **Gzip compression**: Enabled for text-based files
- **Compression level**: 6 (balanced)
- **Minimum size**: 1024 bytes
### Nginx Optimizations
- **Sendfile**: Enabled for efficient file serving
- **TCP optimizations**: nopush and nodelay enabled
- **Keepalive**: 65 second timeout
- **Worker processes**: Auto-detected based on CPU cores
## Health Checks
### Built-in Health Checks
All services include health checks that:
- Check every 30 seconds
- Timeout after 10 seconds
- Retry 3 times before marking unhealthy
- Start checking after 40 seconds
### Health Check Endpoints
- **Production/Staging**: `http://localhost/health`
- **Development**: `http://localhost:5173`
## SSL/HTTPS Setup
### SSL Certificates
For SSL deployment, create an `ssl` directory with certificates:
```bash
mkdir ssl
# Copy your certificates to ssl/ directory
cp your-cert.pem ssl/
cp your-key.pem ssl/
```
### SSL Configuration
Use the `production-ssl` service in docker-compose:
```bash
docker-compose up production-ssl
```
## Monitoring and Logging
### Log Locations
- **Access logs**: `/var/log/nginx/access.log`
- **Error logs**: `/var/log/nginx/error.log`
### Log Format
```
$remote_addr - $remote_user [$time_local] "$request"
$status $body_bytes_sent "$http_referer"
"$http_user_agent" "$http_x_forwarded_for"
```
### Log Levels
- **Production**: `warn` level
- **Staging**: `debug` level
- **Development**: Full logging
## Troubleshooting
### Common Issues
#### Build Failures
```bash
# Check build logs
docker build -t timesafari:latest . 2>&1 | tee build.log
# Verify dependencies
docker run --rm timesafari:latest npm list --depth=0
# Check build arguments
./docker/run.sh dev --build-args
```
#### Container Won't Start
```bash
# Check container logs
docker logs <container_id>
# Check health status
docker inspect <container_id> | grep -A 10 "Health"
# Verify port availability
netstat -tulpn | grep :80
```
#### Environment Variables Not Set
```bash
# Check environment in container
docker exec <container_id> env | grep VITE_
# Verify .env file
cat .env.production
# Check build arguments
./docker/run.sh production --build-args
```
#### Performance Issues
```bash
# Check container resources
docker stats <container_id>
# Check nginx configuration
docker exec <container_id> nginx -t
# Monitor access logs
docker exec <container_id> tail -f /var/log/nginx/access.log
```
### Debug Commands
#### Container Debugging
```bash
# Enter running container
docker exec -it <container_id> /bin/sh
# Check nginx status
docker exec <container_id> nginx -t
# Check file permissions
docker exec <container_id> ls -la /usr/share/nginx/html
```
#### Network Debugging
```bash
# Check container network
docker network inspect bridge
# Test connectivity
docker exec <container_id> curl -I http://localhost
# Check DNS resolution
docker exec <container_id> nslookup google.com
```
## Production Deployment
### Recommended Production Setup
1. **Use specific version tags**: `timesafari:1.0.0`
2. **Implement health checks**: Already included
3. **Configure proper logging**: Use external log aggregation
4. **Set up reverse proxy**: Use nginx-lb service
5. **Use Docker secrets**: For sensitive data
### Production Commands
```bash
# Build with specific version
docker build -t timesafari:1.0.0 .
# Run with production settings
docker run -d \
--name timesafari \
-p 80:80 \
--restart unless-stopped \
--env-file .env.production \
timesafari:1.0.0
# Update production deployment
docker stop timesafari
docker rm timesafari
docker build -t timesafari:1.0.1 .
docker run -d --name timesafari -p 80:80 --restart unless-stopped --env-file .env.production timesafari:1.0.1
```
## Development Workflow
### Local Development
```bash
# Start development environment
./docker/run.sh dev
# Make changes to code (hot reloading enabled)
# Access at http://localhost:5173
# Stop development environment
docker-compose down dev
```
### Testing Changes
```bash
# Build and test staging
./docker/run.sh staging
# Test production build locally
./docker/run.sh production
```
### Continuous Integration
```bash
# Build and test in CI
docker build -t timesafari:test .
docker run -d --name timesafari-test -p 8080:80 timesafari:test
# Run tests against container
curl -f http://localhost:8080/health
# Cleanup
docker stop timesafari-test
docker rm timesafari-test
```
## Best Practices
### Security
- Always use non-root users
- Keep base images updated
- Scan images for vulnerabilities
- Use secrets for sensitive data
- Implement proper access controls
### Performance
- Use multi-stage builds
- Optimize layer caching
- Minimize image size
- Use appropriate base images
- Implement proper caching
### Monitoring
- Use health checks
- Monitor resource usage
- Set up log aggregation
- Implement metrics collection
- Use proper error handling
### Maintenance
- Regular security updates
- Monitor for vulnerabilities
- Keep dependencies updated
- Document configuration changes
- Test deployment procedures

110
docker/default.conf Normal file
View File

@@ -0,0 +1,110 @@
# TimeSafari Default Server Configuration
# Author: Matthew Raymer
# Description: Production server configuration for TimeSafari web application
#
# Features:
# - Vue.js SPA routing support
# - Static file caching optimization
# - Security hardening
# - Performance optimization
# - Proper error handling
server {
listen 80;
server_name _;
root /usr/share/nginx/html;
index index.html;
# Security headers
add_header X-Frame-Options "SAMEORIGIN" always;
add_header X-Content-Type-Options "nosniff" always;
add_header X-XSS-Protection "1; mode=block" always;
add_header Referrer-Policy "strict-origin-when-cross-origin" always;
add_header Permissions-Policy "geolocation=(), microphone=(), camera=()" always;
# Handle Vue.js SPA routing
location / {
try_files $uri $uri/ /index.html;
# Cache static assets
location ~* \.(js|css|png|jpg|jpeg|gif|ico|svg|woff|woff2|ttf|eot)$ {
expires 1y;
add_header Cache-Control "public, immutable";
add_header Vary "Accept-Encoding";
}
# Cache HTML files for a shorter time
location ~* \.html$ {
expires 1h;
add_header Cache-Control "public, must-revalidate";
}
}
# Handle service worker
location /sw.js {
expires 0;
add_header Cache-Control "no-cache, no-store, must-revalidate";
add_header Pragma "no-cache";
}
# Handle manifest file
location /manifest.json {
expires 1d;
add_header Cache-Control "public";
}
# Handle API requests (if needed)
location /api/ {
limit_req zone=api burst=20 nodelay;
proxy_pass http://backend:3000;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
}
# Handle health check
location /health {
access_log off;
return 200 "healthy\n";
add_header Content-Type text/plain;
}
# Handle robots.txt
location /robots.txt {
expires 1d;
add_header Cache-Control "public";
}
# Handle favicon
location /favicon.ico {
expires 1y;
add_header Cache-Control "public, immutable";
}
# Security: Deny access to hidden files
location ~ /\. {
deny all;
access_log off;
log_not_found off;
}
# Security: Deny access to backup files
location ~ ~$ {
deny all;
access_log off;
log_not_found off;
}
# Error pages
error_page 404 /index.html;
error_page 500 502 503 504 /50x.html;
location = /50x.html {
root /usr/share/nginx/html;
}
# Logging
access_log /var/log/nginx/access.log main;
error_log /var/log/nginx/error.log warn;
}

72
docker/nginx.conf Normal file
View File

@@ -0,0 +1,72 @@
# TimeSafari Nginx Configuration
# Author: Matthew Raymer
# Description: Main nginx configuration for TimeSafari web application
#
# Features:
# - Security headers for web application
# - Gzip compression for better performance
# - Proper handling of Vue.js SPA routing
# - Static file caching optimization
# - Security hardening
user nginx;
worker_processes auto;
error_log /var/log/nginx/error.log warn;
pid /var/run/nginx.pid;
events {
worker_connections 1024;
use epoll;
multi_accept on;
}
http {
include /etc/nginx/mime.types;
default_type application/octet-stream;
# Logging format
log_format main '$remote_addr - $remote_user [$time_local] "$request" '
'$status $body_bytes_sent "$http_referer" '
'"$http_user_agent" "$http_x_forwarded_for"';
access_log /var/log/nginx/access.log main;
# Performance optimizations
sendfile on;
tcp_nopush on;
tcp_nodelay on;
keepalive_timeout 65;
types_hash_max_size 2048;
client_max_body_size 16M;
# Gzip compression
gzip on;
gzip_vary on;
gzip_min_length 1024;
gzip_proxied any;
gzip_comp_level 6;
gzip_types
text/plain
text/css
text/xml
text/javascript
application/json
application/javascript
application/xml+rss
application/atom+xml
image/svg+xml;
# Security headers
add_header X-Frame-Options "SAMEORIGIN" always;
add_header X-Content-Type-Options "nosniff" always;
add_header X-XSS-Protection "1; mode=block" always;
add_header Referrer-Policy "strict-origin-when-cross-origin" always;
add_header Content-Security-Policy "default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval'; style-src 'self' 'unsafe-inline'; img-src 'self' data: https:; font-src 'self' data:; connect-src 'self' https:; frame-ancestors 'self';" always;
# Rate limiting
limit_req_zone $binary_remote_addr zone=api:10m rate=10r/s;
limit_req_zone $binary_remote_addr zone=login:10m rate=1r/s;
# Include server configurations
include /etc/nginx/conf.d/*.conf;
}

272
docker/run.sh Executable file
View File

@@ -0,0 +1,272 @@
#!/bin/bash
# TimeSafari Docker Run Script
# Author: Matthew Raymer
# Description: Convenient script to run TimeSafari in different Docker configurations
#
# Usage:
# ./docker/run.sh dev # Run development mode
# ./docker/run.sh staging # Run staging mode
# ./docker/run.sh production # Run production mode
# ./docker/run.sh custom # Run custom mode with environment variables
#
# Environment Variables:
# BUILD_MODE: development, staging, or production
# NODE_ENV: node environment
# VITE_PLATFORM: vite platform
# VITE_PWA_ENABLED: enable PWA
# VITE_DISABLE_PWA: disable PWA
# PORT: port to expose
# ENV_FILE: environment file to use
set -e
# Colors for output
readonly RED='\033[0;31m'
readonly GREEN='\033[0;32m'
readonly YELLOW='\033[1;33m'
readonly BLUE='\033[0;34m'
readonly NC='\033[0m' # No Color
# Logging functions
log_info() {
echo -e "${BLUE}[$(date '+%Y-%m-%d %H:%M:%S')] [INFO]${NC} $1"
}
log_success() {
echo -e "${GREEN}[$(date '+%Y-%m-%d %H:%M:%S')] [SUCCESS]${NC} $1"
}
log_warn() {
echo -e "${YELLOW}[$(date '+%Y-%m-%d %H:%M:%S')] [WARN]${NC} $1"
}
log_error() {
echo -e "${RED}[$(date '+%Y-%m-%d %H:%M:%S')] [ERROR]${NC} $1"
}
# Function to show usage
show_usage() {
echo "TimeSafari Docker Run Script"
echo ""
echo "Usage: $0 <mode> [options]"
echo ""
echo "Modes:"
echo " dev - Development mode with hot reloading"
echo " staging - Staging mode for testing"
echo " production - Production mode"
echo " custom - Custom mode with environment variables"
echo ""
echo "Options:"
echo " --port <port> - Custom port (default: 5173 for dev, 8080 for staging, 80 for production)"
echo " --env <file> - Environment file (default: .env.<mode>)"
echo " --build-args - Show build arguments for the mode"
echo " --help - Show this help message"
echo ""
echo "Examples:"
echo " $0 dev"
echo " $0 staging --port 9000"
echo " $0 production --env .env.prod"
echo " BUILD_MODE=staging $0 custom"
echo ""
echo "Environment Variables:"
echo " BUILD_MODE: development, staging, or production"
echo " NODE_ENV: node environment"
echo " VITE_PLATFORM: vite platform"
echo " VITE_PWA_ENABLED: enable PWA"
echo " VITE_DISABLE_PWA: disable PWA"
echo " PORT: port to expose"
echo " ENV_FILE: environment file to use"
}
# Function to show build arguments for a mode
show_build_args() {
local mode=$1
echo "Build arguments for $mode mode:"
echo ""
case $mode in
dev)
echo " BUILD_MODE: development"
echo " NODE_ENV: development"
echo " VITE_PLATFORM: web"
echo " VITE_PWA_ENABLED: true"
echo " VITE_DISABLE_PWA: false"
echo " Target: development"
echo " Port: 5173"
;;
staging)
echo " BUILD_MODE: staging"
echo " NODE_ENV: staging"
echo " VITE_PLATFORM: web"
echo " VITE_PWA_ENABLED: true"
echo " VITE_DISABLE_PWA: false"
echo " Target: staging"
echo " Port: 80 (mapped to 8080)"
;;
production)
echo " BUILD_MODE: production"
echo " NODE_ENV: production"
echo " VITE_PLATFORM: web"
echo " VITE_PWA_ENABLED: true"
echo " VITE_DISABLE_PWA: false"
echo " Target: production"
echo " Port: 80"
;;
custom)
echo " BUILD_MODE: \${BUILD_MODE:-production}"
echo " NODE_ENV: \${NODE_ENV:-production}"
echo " VITE_PLATFORM: \${VITE_PLATFORM:-web}"
echo " VITE_PWA_ENABLED: \${VITE_PWA_ENABLED:-true}"
echo " VITE_DISABLE_PWA: \${VITE_DISABLE_PWA:-false}"
echo " Target: \${BUILD_TARGET:-production}"
echo " Port: \${CUSTOM_PORT:-8080}:\${CUSTOM_INTERNAL_PORT:-80}"
;;
*)
log_error "Unknown mode: $mode"
exit 1
;;
esac
}
# Function to check if Docker is running
check_docker() {
if ! docker info > /dev/null 2>&1; then
log_error "Docker is not running. Please start Docker and try again."
exit 1
fi
}
# Function to check if docker-compose is available
check_docker_compose() {
if ! command -v docker-compose > /dev/null 2>&1; then
log_error "docker-compose is not installed. Please install docker-compose and try again."
exit 1
fi
}
# Function to check if required files exist
check_files() {
local mode=$1
local env_file=$2
if [ ! -f "Dockerfile" ]; then
log_error "Dockerfile not found. Please run this script from the project root."
exit 1
fi
if [ ! -f "docker-compose.yml" ]; then
log_error "docker-compose.yml not found. Please run this script from the project root."
exit 1
fi
if [ -n "$env_file" ] && [ ! -f "$env_file" ]; then
log_warn "Environment file $env_file not found. Using defaults."
fi
}
# Function to run the container
run_container() {
local mode=$1
local port=$2
local env_file=$3
log_info "Starting TimeSafari in $mode mode..."
# Set environment variables based on mode
case $mode in
dev)
export DEV_PORT=${port:-5173}
if [ -n "$env_file" ]; then
export DEV_ENV_FILE="$env_file"
fi
docker-compose up dev
;;
staging)
export STAGING_PORT=${port:-8080}
if [ -n "$env_file" ]; then
export STAGING_ENV_FILE="$env_file"
fi
docker-compose up staging
;;
production)
export PROD_PORT=${port:-80}
if [ -n "$env_file" ]; then
export PROD_ENV_FILE="$env_file"
fi
docker-compose up production
;;
custom)
export CUSTOM_PORT=${port:-8080}
if [ -n "$env_file" ]; then
export CUSTOM_ENV_FILE="$env_file"
fi
docker-compose up custom
;;
*)
log_error "Unknown mode: $mode"
exit 1
;;
esac
}
# Main script
main() {
local mode=""
local port=""
local env_file=""
local show_args=false
# Parse command line arguments
while [[ $# -gt 0 ]]; do
case $1 in
dev|staging|production|custom)
mode="$1"
shift
;;
--port)
port="$2"
shift 2
;;
--env)
env_file="$2"
shift 2
;;
--build-args)
show_args=true
shift
;;
--help|-h)
show_usage
exit 0
;;
*)
log_error "Unknown option: $1"
show_usage
exit 1
;;
esac
done
# Check if mode is provided
if [ -z "$mode" ]; then
log_error "No mode specified."
show_usage
exit 1
fi
# Show build arguments if requested
if [ "$show_args" = true ]; then
show_build_args "$mode"
exit 0
fi
# Check prerequisites
check_docker
check_docker_compose
check_files "$mode" "$env_file"
# Run the container
run_container "$mode" "$port" "$env_file"
}
# Run main function with all arguments
main "$@"

110
docker/staging.conf Normal file
View File

@@ -0,0 +1,110 @@
# TimeSafari Staging Server Configuration
# Author: Matthew Raymer
# Description: Staging server configuration for TimeSafari web application
#
# Features:
# - Relaxed caching for testing
# - Debug-friendly settings
# - Same security as production
# - Development-friendly error handling
server {
listen 80;
server_name _;
root /usr/share/nginx/html;
index index.html;
# Security headers (same as production)
add_header X-Frame-Options "SAMEORIGIN" always;
add_header X-Content-Type-Options "nosniff" always;
add_header X-XSS-Protection "1; mode=block" always;
add_header Referrer-Policy "strict-origin-when-cross-origin" always;
add_header Permissions-Policy "geolocation=(), microphone=(), camera=()" always;
# Handle Vue.js SPA routing
location / {
try_files $uri $uri/ /index.html;
# Relaxed caching for staging
location ~* \.(js|css|png|jpg|jpeg|gif|ico|svg|woff|woff2|ttf|eot)$ {
expires 1h;
add_header Cache-Control "public, must-revalidate";
add_header Vary "Accept-Encoding";
}
# No caching for HTML files in staging
location ~* \.html$ {
expires 0;
add_header Cache-Control "no-cache, no-store, must-revalidate";
add_header Pragma "no-cache";
}
}
# Handle service worker (no caching)
location /sw.js {
expires 0;
add_header Cache-Control "no-cache, no-store, must-revalidate";
add_header Pragma "no-cache";
}
# Handle manifest file (short cache)
location /manifest.json {
expires 1h;
add_header Cache-Control "public, must-revalidate";
}
# Handle API requests (if needed)
location /api/ {
limit_req zone=api burst=20 nodelay;
proxy_pass http://backend:3000;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
}
# Handle health check
location /health {
access_log off;
return 200 "healthy-staging\n";
add_header Content-Type text/plain;
}
# Handle robots.txt (no caching in staging)
location /robots.txt {
expires 0;
add_header Cache-Control "no-cache, no-store, must-revalidate";
}
# Handle favicon (short cache)
location /favicon.ico {
expires 1h;
add_header Cache-Control "public, must-revalidate";
}
# Security: Deny access to hidden files
location ~ /\. {
deny all;
access_log off;
log_not_found off;
}
# Security: Deny access to backup files
location ~ ~$ {
deny all;
access_log off;
log_not_found off;
}
# Error pages (more verbose for staging)
error_page 404 /index.html;
error_page 500 502 503 504 /50x.html;
location = /50x.html {
root /usr/share/nginx/html;
}
# Enhanced logging for staging
access_log /var/log/nginx/access.log main;
error_log /var/log/nginx/error.log debug;
}