Оптимизация для Ubuntu+Traefik

2025-10-25 08:47:39 +00:00
parent d688d93bc0
commit 9f77a9c773
14 changed files with 707 additions and 1 deletions
--- a/docker-compose.yml
+++ b/docker-compose.yml
@@ -0,0 +1,54 @@
+
+version: '3.8'
+
+services:
+  global-it24-web:
+    build:
+      context: .
+      dockerfile: Dockerfile
+      args:
+        NEXT_PUBLIC_SITE_URL: ${NEXT_PUBLIC_SITE_URL:-https://global-it24.local}
+    container_name: global-it24-landing
+    restart: unless-stopped
+    environment:
+      - NODE_ENV=production
+      - NEXT_PUBLIC_SITE_URL=${NEXT_PUBLIC_SITE_URL:-https://global-it24.local}
+    networks:
+      - traefik-public
+    labels:
+      # Включаем Traefik для этого контейнера
+      - "traefik.enable=true"
+      
+      # Настройка HTTP
+      - "traefik.http.routers.global-it24.rule=Host(`${DOMAIN:-global-it24.local}`)"
+      - "traefik.http.routers.global-it24.entrypoints=web"
+      - "traefik.http.routers.global-it24.middlewares=redirect-to-https@docker"
+      
+      # Настройка HTTPS
+      - "traefik.http.routers.global-it24-secure.rule=Host(`${DOMAIN:-global-it24.local}`)"
+      - "traefik.http.routers.global-it24-secure.entrypoints=websecure"
+      - "traefik.http.routers.global-it24-secure.tls=true"
+      - "traefik.http.routers.global-it24-secure.tls.certresolver=letsencrypt"
+      
+      # Middleware для редиректа HTTP -> HTTPS
+      - "traefik.http.middlewares.redirect-to-https.redirectscheme.scheme=https"
+      - "traefik.http.middlewares.redirect-to-https.redirectscheme.permanent=true"
+      
+      # Указываем порт сервиса
+      - "traefik.http.services.global-it24.loadbalancer.server.port=3000"
+      
+      # Middleware для заголовков безопасности
+      - "traefik.http.middlewares.security-headers.headers.customResponseHeaders.X-Frame-Options=SAMEORIGIN"
+      - "traefik.http.middlewares.security-headers.headers.customResponseHeaders.X-Content-Type-Options=nosniff"
+      - "traefik.http.middlewares.security-headers.headers.customResponseHeaders.X-XSS-Protection=1; mode=block"
+      - "traefik.http.routers.global-it24-secure.middlewares=security-headers@docker"
+    healthcheck:
+      test: ["CMD", "wget", "--quiet", "--tries=1", "--spider", "http://localhost:3000/"]
+      interval: 30s
+      timeout: 10s
+      retries: 3
+      start_period: 40s
+
+networks:
+  traefik-public:
+    external: true