Add Docker self-hosting and CI/CD pipeline

- Dockerfile: Caddy + PHP-FPM + app in single Alpine container - Caddyfile: auto-HTTPS, security headers, short URL rewrite - docker-compose.yml: app + Watchtower for auto-updates - install.sh: one-liner for fresh VPS setup - GitHub Actions: build & push to Docker Hub + GHCR on tag Self-host with: curl -sL https://xmrpay.link/install.sh | sh -s your-domain.com
2026-03-27 08:26:30 +01:00
parent 5212f586c7
commit 64eee4ebc5
7 changed files with 265 additions and 0 deletions
--- a/24
+++ b/24
@@ -0,0 +1,24 @@
+{$DOMAIN:localhost} {
+	root * /srv
+	encode gzip
+
+	# Security headers
+	header {
+		Strict-Transport-Security "max-age=31536000; includeSubDomains; preload"
+		X-Content-Type-Options "nosniff"
+		X-Frame-Options "DENY"
+		Referrer-Policy "no-referrer"
+		Permissions-Policy "geolocation=(), microphone=(), camera=()"
+		Content-Security-Policy "default-src 'none'; script-src 'self'; style-src 'self' 'unsafe-inline'; img-src 'self' data: blob:; font-src 'self'; connect-src 'self'; form-action 'none'; frame-ancestors 'none'; base-uri 'none'"
+	}
+
+	# Short URL rewrite: /s/CODE -> s.php?c=CODE
+	@shorturl path_regexp short ^/s/([a-zA-Z0-9]+)$
+	rewrite @shorturl /s.php?c={re.short.1}
+
+	# PHP via FPM
+	php_fastcgi 127.0.0.1:9000
+
+	# Static files
+	file_server
+}