kios-webapp/docker-compose-prod.yml

services:
  astro:
    build:
      context: astro
      target: prod
    environment:
      PAYLOAD_URL: ${PAYLOAD_URL}
    labels:
      - "traefik.enable=true"
      - "traefik.http.routers.${NAME}-astro.rule=Host(`${ASTRO_URL}`)"
      - "traefik.http.routers.${NAME}-astro.entrypoints=https"
      - "traefik.http.routers.${NAME}-astro.tls.certresolver=httpresolver"
      - "traefik.http.routers.${NAME}-astro.middlewares=security-headers-${NAME}-astro"
      - "traefik.http.middlewares.security-headers-${NAME}-astro.headers.accesscontrolallowmethods=GET, OPTIONS, PUT, POST, DELETE, HEAD, PATCH"
      - "traefik.http.middlewares.security-headers-${NAME}-astro.headers.accesscontrolmaxage=100"
      - "traefik.http.middlewares.security-headers-${NAME}-astro.headers.addvaryheader=true"
      - "traefik.http.middlewares.security-headers-${NAME}-astro.headers.hostsproxyheaders=X-Forwarded-Host"
      - "traefik.http.middlewares.security-headers-${NAME}-astro.headers.sslredirect=true"
      - "traefik.http.middlewares.security-headers-${NAME}-astro.headers.sslproxyheaders.X-Forwarded-Proto=https"
      - "traefik.http.middlewares.security-headers-${NAME}-astro.headers.stsseconds=63072000"
      - "traefik.http.middlewares.security-headers-${NAME}-astro.headers.stsincludesubdomains=true"
      - "traefik.http.middlewares.security-headers-${NAME}-astro.headers.stspreload=true"
      - "traefik.http.middlewares.security-headers-${NAME}-astro.headers.forcestsheader=true"
      - "traefik.http.middlewares.security-headers-${NAME}-astro.headers.permissionspolicy=camera=(), accelerometer=(), gamepad=(), geolocation=(), gyroscope=(), magnetometer=(), microphone=()"
      - "traefik.http.middlewares.security-headers-${NAME}-astro.headers.framedeny=true"
      - "traefik.http.middlewares.security-headers-${NAME}-astro.headers.contentsecuritypolicy=default-src 'none'; connect-src 'self'; font-src 'self'; img-src 'self' data:; script-src 'self' 'unsafe-inline' data:; style-src 'self' 'unsafe-inline'"
      - "traefik.http.middlewares.security-headers-${NAME}-astro.headers.contenttypenosniff=true"
      - "traefik.http.middlewares.security-headers-${NAME}-astro.headers.browserxssfilter=true"
      - "traefik.http.middlewares.security-headers-${NAME}-astro.headers.referrerpolicy=same-origin"
      - traefik.docker.network=traefik_network
    networks:
      - traefik_network

  payload:
    build:
      context: payload
      target: prod
    labels:
      - traefik.enable=true
      - traefik.http.routers.${NAME}-payload.rule=Host(`${PAYLOAD_URL}`)
      - traefik.http.routers.${NAME}-payload.entrypoints=https
      - traefik.http.routers.${NAME}-payload.tls.certresolver=httpresolver
      - traefik.docker.network=traefik_network
    networks:
      - traefik_network

networks:
  traefik_network:
    external: true
heyy Signed-off-by: Max Schmidt <max.schmidt@outlook.de> 2023-05-17 07:18:08 +00:00			`services:`
			`astro:`
			`build:`
			`context: astro`
			`target: prod`
heya Signed-off-by: Max Schmidt <max.schmidt@outlook.de> 2023-05-17 10:27:22 +00:00			`environment:`
			`PAYLOAD_URL: ${PAYLOAD_URL}`
test Signed-off-by: Max Schmidt <max.schmidt@outlook.de> 2023-05-17 14:27:48 +00:00			`labels:`
			`- "traefik.enable=true"`
			- "traefik.http.routers.${NAME}-astro.rule=Host(`${ASTRO_URL}`)"
			`- "traefik.http.routers.${NAME}-astro.entrypoints=https"`
			`- "traefik.http.routers.${NAME}-astro.tls.certresolver=httpresolver"`
			`- "traefik.http.routers.${NAME}-astro.middlewares=security-headers-${NAME}-astro"`
			`- "traefik.http.middlewares.security-headers-${NAME}-astro.headers.accesscontrolallowmethods=GET, OPTIONS, PUT, POST, DELETE, HEAD, PATCH"`
			`- "traefik.http.middlewares.security-headers-${NAME}-astro.headers.accesscontrolmaxage=100"`
			`- "traefik.http.middlewares.security-headers-${NAME}-astro.headers.addvaryheader=true"`
			`- "traefik.http.middlewares.security-headers-${NAME}-astro.headers.hostsproxyheaders=X-Forwarded-Host"`
			`- "traefik.http.middlewares.security-headers-${NAME}-astro.headers.sslredirect=true"`
			`- "traefik.http.middlewares.security-headers-${NAME}-astro.headers.sslproxyheaders.X-Forwarded-Proto=https"`
			`- "traefik.http.middlewares.security-headers-${NAME}-astro.headers.stsseconds=63072000"`
			`- "traefik.http.middlewares.security-headers-${NAME}-astro.headers.stsincludesubdomains=true"`
			`- "traefik.http.middlewares.security-headers-${NAME}-astro.headers.stspreload=true"`
			`- "traefik.http.middlewares.security-headers-${NAME}-astro.headers.forcestsheader=true"`
			`- "traefik.http.middlewares.security-headers-${NAME}-astro.headers.permissionspolicy=camera=(), accelerometer=(), gamepad=(), geolocation=(), gyroscope=(), magnetometer=(), microphone=()"`
			`- "traefik.http.middlewares.security-headers-${NAME}-astro.headers.framedeny=true"`
			`- "traefik.http.middlewares.security-headers-${NAME}-astro.headers.contentsecuritypolicy=default-src 'none'; connect-src 'self'; font-src 'self'; img-src 'self' data:; script-src 'self' 'unsafe-inline' data:; style-src 'self' 'unsafe-inline'"`
			`- "traefik.http.middlewares.security-headers-${NAME}-astro.headers.contenttypenosniff=true"`
			`- "traefik.http.middlewares.security-headers-${NAME}-astro.headers.browserxssfilter=true"`
			`- "traefik.http.middlewares.security-headers-${NAME}-astro.headers.referrerpolicy=same-origin"`
			`- traefik.docker.network=traefik_network`
			`networks:`
			`- traefik_network`
heyy Signed-off-by: Max Schmidt <max.schmidt@outlook.de> 2023-05-17 07:18:08 +00:00
			`payload:`
			`build:`
			`context: payload`
			`target: prod`
test Signed-off-by: Max Schmidt <max.schmidt@outlook.de> 2023-05-17 14:27:48 +00:00			`labels:`
			`- traefik.enable=true`
			- traefik.http.routers.${NAME}-payload.rule=Host(`${PAYLOAD_URL}`)
			`- traefik.http.routers.${NAME}-payload.entrypoints=https`
			`- traefik.http.routers.${NAME}-payload.tls.certresolver=httpresolver`
			`- traefik.docker.network=traefik_network`
heya Signed-off-by: Max Schmidt <max.schmidt@outlook.de> 2023-05-17 16:00:40 +00:00			`networks:`
			`- traefik_network`
heyy Signed-off-by: Max Schmidt <max.schmidt@outlook.de> 2023-05-17 07:18:08 +00:00
test Signed-off-by: Max Schmidt <max.schmidt@outlook.de> 2023-05-17 14:27:48 +00:00			`networks:`
			`traefik_network:`
			`external: true`