Skip to content

feat: add simplified single-machine deployment configuration#4

Merged
jimmieme merged 1 commit intoao-space:devfrom
jimmieme:dev
Feb 7, 2026
Merged

feat: add simplified single-machine deployment configuration#4
jimmieme merged 1 commit intoao-space:devfrom
jimmieme:dev

Conversation

@jimmieme
Copy link
Member

@jimmieme jimmieme commented Feb 7, 2026

Summary

Add nginx configuration for simplified single-machine deployment with security
hardening.

Changes

New Files

  • Dockerfile.simple: Dockerfile for simplified nginx build
  • entrypoint-simple.sh: Entrypoint script with security-hardened configuration

Security Features

  • Rate Limiting: Configurable requests per second with burst handling
  • Security Headers:
    • HSTS (Strict-Transport-Security)
    • X-Frame-Options
    • X-Content-Type-Options
    • X-XSS-Protection
    • Referrer-Policy
  • Modern TLS: TLS 1.2/1.3 with secure cipher suites
  • HTTP/2: Enabled for better performance
  • Blocked Paths: Prevents access to sensitive files (.git, .env, etc.)

Configuration Options

Variable Default Description
USER_DOMAIN required Base domain (e.g., example.com)
RATE_LIMIT_RPS 10 Requests per second limit
ENABLE_HSTS true Enable HSTS header
PROXY_HOST proxy Platform proxy hostname
SERVICES_HOST services Platform services hostname

Routing

  • example.com, platform.example.com → Platform API (services:8080)
  • *.example.com → User spaces (proxy:80)

Test Plan

  • Nginx configuration generates correctly
  • SSL certificate detection works (custom or self-signed fallback)
  • Rate limiting zones configured properly
  • Security headers added to responses
  • HTTP to HTTPS redirect works

Generated with Claude Code

@jimmieme @claude
feat: add simplified single-machine deployment config
e7eb4c8 
- Add Dockerfile.simple for simplified nginx build
- Add entrypoint-simple.sh with security hardening:
  - Rate limiting (configurable RPS)
  - Security headers (HSTS, X-Frame-Options, etc.)
  - Modern TLS configuration (TLS 1.2/1.3)
  - HTTP/2 support
  - Blocked sensitive paths

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
@jimmieme jimmieme merged commit bb80514 into ao-space:dev Feb 7, 2026
1 check passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@jimmieme