diff --git a/Dockerfile b/Dockerfile index 7f530b6..84446d4 100644 --- a/Dockerfile +++ b/Dockerfile @@ -15,7 +15,7 @@ WORKDIR /app COPY package*.json ./ # 安装依赖 -RUN npm install +RUN npm install --legacy-peer-deps # 复制源代码 COPY . . @@ -24,7 +24,14 @@ COPY . . RUN npm run build # 生产阶段 -FROM nginx:alpine +FROM nginx:stable-alpine + +# 安装基础工具 +RUN apk add --no-cache bash curl + +# 创建非root用户 +RUN addgroup -g 101 -S nginx \ + && adduser -S -D -H -u 101 -h /var/cache/nginx -s /sbin/nologin -G nginx nginx # 复制 nginx 配置 COPY nginx.conf /etc/nginx/conf.d/default.conf @@ -32,6 +39,17 @@ COPY nginx.conf /etc/nginx/conf.d/default.conf # 从构建阶段复制构建结果 COPY --from=builder /app/dist /usr/share/nginx/html +# 修改目录权限 +RUN chown -R nginx:nginx /usr/share/nginx/html \ + && chmod -R 755 /usr/share/nginx/html + +# 使用非root用户运行 +USER nginx + EXPOSE 80 +# 健康检查 +HEALTHCHECK --interval=30s --timeout=3s \ + CMD curl -f http://localhost/ || exit 1 + CMD ["nginx", "-g", "daemon off;"] \ No newline at end of file diff --git a/nginx.conf b/nginx.conf index 89a90b6..d68e7a4 100644 --- a/nginx.conf +++ b/nginx.conf @@ -1,6 +1,13 @@ server { listen 80; server_name localhost; + + # 添加 gzip 压缩 + gzip on; + gzip_types text/plain text/css application/json application/javascript text/xml application/xml application/xml+rss text/javascript; + + # 设置客户端最大body大小 + client_max_body_size 20M; root /usr/share/nginx/html; index index.html; @@ -8,16 +15,27 @@ server { # 支持 history 路由模式 location / { try_files $uri $uri/ /index.html; + add_header Cache-Control "no-cache, no-store, must-revalidate"; } # 缓存静态资源 location /assets { expires 1y; add_header Cache-Control "public, no-transform"; + access_log off; } # 禁止访问 . 文件 location ~ /\. { deny all; + access_log off; + log_not_found off; + } + + # 错误页面配置 + error_page 404 /index.html; + error_page 500 502 503 504 /50x.html; + location = /50x.html { + root /usr/share/nginx/html; } } \ No newline at end of file