From 5ded12a07d596e936511325faf3fd504bde0059c Mon Sep 17 00:00:00 2001
From: Christian Reitter <invd@inhq.net>
Date: Sat, 11 Nov 2023 15:41:20 +0100
Subject: [PATCH] tune and optimize Docker container and nginx configuration

---
 Dockerfile | 18 +++++++++++++++---
 nginx.conf | 43 +++++++++++++++++++++++++++++++++++++++++++
 2 files changed, 58 insertions(+), 3 deletions(-)
 create mode 100644 nginx.conf

diff --git a/Dockerfile b/Dockerfile
index d9698b1..8c94011 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -1,14 +1,26 @@
-FROM ruby:3.2.2-alpine AS builder
+FROM ruby:3.2-alpine AS builder
 LABEL stage=distrust-co-builder
-RUN apk update && apk add g++ make git git-lfs
+RUN apk update && apk add g++ make
 RUN mkdir -p /home
 COPY Gemfile /home
 COPY Gemfile.lock /home
-COPY _vendor /home/_vendor
+# copying _vendor is not needed at the moment
+# COPY _vendor /home/_vendor
 WORKDIR /home
 RUN bundle install
 COPY . /home
 RUN jekyll build
 
+FROM debian:bookworm AS mime-types
+RUN apt-get update && apt-get install -y media-types
+
+RUN echo 'types {' > /tmp/mime.types
+RUN sed -e '/^$/d' -e 's/$/;/' /etc/mime.types >> /tmp/mime.types
+RUN echo '}' >> /tmp/mime.types
+
 FROM nginx:1.25
+COPY nginx.conf /etc/nginx/nginx.conf
+# extend the recognized MIME types
+# this allows nginx to detect and compress font files
+COPY --from=mime-types /tmp/mime.types /etc/nginx/mime.types
 COPY --from=builder /home/_site /usr/share/nginx/html
diff --git a/nginx.conf b/nginx.conf
new file mode 100644
index 0000000..d6a26be
--- /dev/null
+++ b/nginx.conf
@@ -0,0 +1,43 @@
+
+user  nginx;
+worker_processes  auto;
+
+error_log  /var/log/nginx/error.log notice;
+pid        /var/run/nginx.pid;
+
+
+events {
+    worker_connections  1024;
+}
+
+
+http {
+    include       /etc/nginx/mime.types;
+    default_type  application/octet-stream;
+
+    log_format  main  '$remote_addr - $remote_user [$time_local] "$request" '
+                      '$status $body_bytes_sent "$http_referer" '
+                      '"$http_user_agent" "$http_x_forwarded_for"';
+
+    access_log  /var/log/nginx/access.log  main;
+
+    sendfile        on;
+    tcp_nopush     on;
+
+    keepalive_timeout  65;
+
+    # handle increased number of known file types
+    types_hash_max_size 1024;
+    types_hash_bucket_size 64;
+
+    # enable gzip compression
+    gzip on;
+
+    # don't send server version
+    server_tokens off;
+
+    # allow gzip for more file types
+    gzip_types text/plain text/css application/json application/javascript application/x-javascript text/xml application/xml application/xml+rss text/javascript image/svg+xml application/x-font-ttf font/opentype font/ttf;
+
+    include /etc/nginx/conf.d/*.conf;
+}