Docker nginx updates

docker/Dockerfile

@@ -1,5 +1,6 @@
+# Stage 1: Build React App
 # base image
-FROM node:19.4.0-alpine as builder
+FROM node:20.5-alpine as builder
 # send signal to containers to stop them
 STOPSIGNAL SIGTERM
 # create working directory
@@ -10,13 +11,16 @@ WORKDIR /usr/src/reactapp
 COPY package*.json ./
 # install dependencies with precise, for more stories visit - https://yarnpkg.com/lang/en/docs/cli/install/
 RUN yarn install --silent --non-interactive --frozen-lockfile --ignore-optional
+# Copy the entire project
 COPY . .
+# Build the app
 RUN PUBLIC_URL=/ yarn run build
-FROM nginx:1.23.3-alpine as reactapp
+# Stage 2: Serve App with Nginx
+FROM nginx:1.25.2-alpine as reactapp
 # Install a self signed SSL certificate with no locally cached packages
-FROM debian:11.6-slim
-# Open SSL Version pinning - https://debian.pkgs.org/11/debian-main-amd64/openssl_1.1.1n-0+deb11u3_amd64.deb.html
-RUN apt-get update && apt-get install -y --no-install-recommends nginx openssl=1.1.1n-0+deb11u3 \
+FROM debian:11.7-slim
+# Open SSL Version pinning - https://debian.pkgs.org/11/debian-main-amd64/openssl_1.1.1n-0+deb11u4_amd64.deb.html
+RUN apt-get update && apt-get install -y --no-install-recommends nginx openssl=1.1.1n-0+deb11u4 \
     && apt-get clean \
     && rm -rf /var/lib/apt/lists/* \
     && openssl req \
@@ -27,12 +31,16 @@ RUN apt-get update && apt-get install -y --no-install-recommends nginx openssl=1
       -new \
       -newkey rsa:2048 \
       -keyout /etc/ssl/private/nginx-selfsigned.key \
-      -out /etc/ssl/certs/nginx-selfsigned.crt
-
+      -out /etc/ssl/certs/nginx-selfsigned.crt \
+# Remove the default content in the Nginx document root directory before copying the built React app into it.
 RUN rm -rf /usr/share/nginx/html/*
+# Copy Nginx configuration files
 COPY --from=builder /usr/src/reactapp/nginx/nginx.conf /etc/nginx/nginx.conf
 COPY --from=builder /usr/src/reactapp/nginx/nginxconfig/general.conf /etc/nginx/general.conf
 COPY --from=builder /usr/src/reactapp/nginx/nginxconfig/security.conf /etc/nginx/security.conf
+# Copy built React app
 COPY --from=builder /usr/src/reactapp/build /usr/share/nginx/html
+# Expose ports
 EXPOSE 80 443
-CMD ["/bin/bash", "-c", "nginx -g \"daemon off;\""]
+# Start Nginx
+CMD ["nginx", "-g", "daemon off;"]

docker/nginx.conf

@@ -121,7 +121,7 @@ http
     # http://blog.mozilla.org/security/2013/07/29/ocsp-stapling-in-firefox/
     #Cloudflare resolver 1dot1dot1dot1.cloudflare-dns.com
     # Enables or disables stapling of OCSP responses by the server.
-    ssl_stapling off;
+    ssl_stapling on;
     ssl_stapling_verify on;
     resolver 1.1.1.1 1.0.0.1 [2606:4700:4700::1111] [2606:4700:4700::1001] 8.8.8.8 8.8.4.4 [2001:4860:4860::8888] [2001:4860:4860::8844] 208.67.222.222 208.67.220.220 [2620:119:35::35] [2620:119:53::53] 9.9.9.9 149.112.112.112 [2620:fe::fe] [2620:fe::9] 64.6.64.6 64.6.65.6 [2620:74:1b::1:1] [2620:74:1c::2:2] valid=60s;
     resolver_timeout 5s;

docker/nginxconfig/general.conf

@@ -43,12 +43,6 @@ if ($request_method !~ ^(GET|PUT|POST)$ )
 {
   return 444;
 }
-## In this case, it does not accept other HTTP method such as HEAD, DELETE, SEARCH, TRACE ##
-##  Only allow access to these domains/sub-domains kakbima.com and localhost
-#if ($host !~ ^(accounts.kakbima.com|accounts.kakbima.dev|mua.kakbima.co.ke)$ )
-#{
-#  return 444;
-#}
 #Gzip can help reduce the amount of network transfer Nginx deals with. However, be careful increasing the gzip_comp_level too high as the server will begin wasting cpu cycles.
 #For those using Cloudflare as their CDN this is already taken care of - https://support.cloudflare.com/hc/en-us/articles/200168086-Does-Cloudflare-compress-resources-
 #If you want to enable compression, set the value of this directive to on. By default, it is disabled.