From 6b89480377e1aa6c00ea0df1aaa59c199dc055b9 Mon Sep 17 00:00:00 2001
From: Kaveman <kevin@kavemans.dev>
Date: Fri, 24 Oct 2025 12:41:33 -0700
Subject: [PATCH] Add Docker Support

---
 .dockerignore      |  6 ++++++
 DockerFile         | 33 +++++++++++++++++++++++++++++++++
 docker-compose.yml | 25 +++++++++++++++++++++++++
 3 files changed, 64 insertions(+)
 create mode 100644 .dockerignore
 create mode 100644 DockerFile
 create mode 100644 docker-compose.yml

diff --git a/.dockerignore b/.dockerignore
new file mode 100644
index 0000000..514b6c2
--- /dev/null
+++ b/.dockerignore
@@ -0,0 +1,6 @@
+node_modules
+npm-debug.log
+.git
+Dockerfile*
+docker-compose*.yml
+.env*
diff --git a/DockerFile b/DockerFile
new file mode 100644
index 0000000..340b40d
--- /dev/null
+++ b/DockerFile
@@ -0,0 +1,33 @@
+# --- Build stage (if you transpile; otherwise this is basically a no-op)
+FROM node:20-alpine AS build
+WORKDIR /app
+COPY package*.json ./
+RUN npm ci --omit=dev
+COPY . .
+# If you transpile (TS/webpack/etc.), do it here:
+# RUN npm run build
+
+# --- Runtime stage
+FROM node:20-alpine
+ENV NODE_ENV=production
+# Avoid running as root
+RUN addgroup -S nodegrp && adduser -S nodeusr -G nodegrp
+WORKDIR /app
+
+# Copy only what's needed at runtime
+COPY --from=build /app/package*.json ./
+COPY --from=build /app/node_modules ./node_modules
+COPY --from=build /app/. ./
+
+# If your compiled output lives in /app/dist:
+# WORKDIR /app/dist
+
+# Healthcheck (customize the path/port if needed)
+HEALTHCHECK --interval=30s --timeout=3s --retries=3 \
+  CMD wget -qO- http://127.0.0.1:80/health || exit 1
+
+USER nodeusr
+EXPOSE 80
+EXPOSE 443
+# Ensure your server listens on 0.0.0.0:80 inside the container
+CMD ["npm", "start"]
diff --git a/docker-compose.yml b/docker-compose.yml
new file mode 100644
index 0000000..c8b3001
--- /dev/null
+++ b/docker-compose.yml
@@ -0,0 +1,25 @@
+version: "3.9"
+
+networks:
+  appnet:
+    external: true
+
+services:
+  proxy:
+    build:
+      context: .
+      dockerfile: DockerFile
+    image: kaveman/node-reverse-proxy:latest
+    container_name: node-reverse-proxy
+    restart: unless-stopped
+    environment:
+      NODE_ENV: "production"
+    ports:
+      # Bind to all interfaces on host
+      - "0.0.0.0:80:80"
+      - "0.0.0.0:443:443"
+    volumes:
+      # Make sure it has access to hosts db and certificates
+      - ./.env:/app/.env:ro
+    networks:
+      - appnet