Latte
88e00e5d41
Introduce server-rendered guestbook and moderation portal. Persist data in SQLite (better-sqlite3); add WebAuthn YubiKey admin auth, rate-limiting, spam heuristics, and sanitization. Switch Docker image to run Node/standalone Astro (remove nginx), update docker-compose, Dockerfile, astro.config, and package.json. Add .env.example, docs/guestbook.md, gitignore updates, layouts, API routes, and supporting lib/components/pages for the feature.
32 lines
1.3 KiB
Nginx Configuration File
32 lines
1.3 KiB
Nginx Configuration File
# nginx.conf — reverse proxy in front of the Astro Node.js server
|
|
# If you run cozy-den behind your own reverse proxy (Caddy, Nginx, etc.),
|
|
# this file is for reference / the docker-compose nginx service pattern.
|
|
#
|
|
# The primary server is now the Node.js process (dist/server/entry.mjs).
|
|
# Point your reverse proxy to http://cozy-den:3000 (or localhost:3000).
|
|
|
|
server {
|
|
listen 80;
|
|
server_name hiddenden.cafe;
|
|
|
|
# Security headers
|
|
add_header X-Content-Type-Options "nosniff" always;
|
|
add_header X-Frame-Options "DENY" always;
|
|
add_header Referrer-Policy "strict-origin-when-cross-origin" always;
|
|
add_header Permissions-Policy "camera=(), microphone=(), geolocation=(), interest-cohort=()" always;
|
|
add_header Strict-Transport-Security "max-age=63072000; includeSubDomains; preload" always;
|
|
|
|
# Proxy to Node.js Astro server
|
|
location / {
|
|
proxy_pass http://localhost:3000;
|
|
proxy_http_version 1.1;
|
|
proxy_set_header Host $host;
|
|
proxy_set_header X-Real-IP $remote_addr;
|
|
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
|
proxy_set_header X-Forwarded-Proto $scheme;
|
|
proxy_set_header Upgrade $http_upgrade;
|
|
proxy_set_header Connection "upgrade";
|
|
proxy_read_timeout 60s;
|
|
}
|
|
}
|