From c8b917bda5d3b7ce92fb392e1b1a43ee098c2aab Mon Sep 17 00:00:00 2001
From: sendevia <me@sendevia.top>
Date: Wed, 4 Mar 2026 20:44:01 +0800
Subject: [PATCH] feat(Dockerfile): add Dockerfile for building and serving the
 application with Nginx

---
 Dockerfile | 97 ++++++++++++++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 97 insertions(+)
 create mode 100644 Dockerfile

diff --git a/Dockerfile b/Dockerfile
new file mode 100644
index 0000000..b501b2e
--- /dev/null
+++ b/Dockerfile
@@ -0,0 +1,97 @@
+# 构建阶段
+FROM node:trixie-slim AS builder
+
+# 安装 git
+RUN apt-get update && apt-get install -y git \
+    && rm -rf /var/lib/apt/lists/*
+
+# 设置工作目录
+WORKDIR /app
+
+# 拉取项目代码
+RUN git clone https://github.com/sendevia/website .
+
+# 安装依赖并构建
+RUN npm i && npm run docs:build
+
+# 最终阶段
+FROM nginx:stable-perl
+
+# 生成自签名证书
+RUN mkdir -p /etc/nginx/certs && \
+    openssl req -x509 -nodes -days 365 -newkey rsa:2048 \
+    -keyout /etc/nginx/certs/server.key \
+    -out /etc/nginx/certs/server.crt \
+    -subj "/C=CN/ST=State/L=City/O=Organization/CN=localhost"
+
+# 从构建阶段复制 dist 产物到 workdir
+COPY --from=builder /app/.vitepress/dist /app/dist
+
+# 配置 nginx
+# 删除默认配置
+RUN rm -f /etc/nginx/conf.d/default.conf
+
+# 创建自定义 nginx 配置
+RUN cat > /etc/nginx/conf.d/vitepress.conf <<'EOF'
+# 日志配置
+error_log /var/log/nginx/error.log warn;
+
+# HTTP 重定向到 HTTPS
+server {
+    listen 80 default_server;
+    listen [::]:80 default_server;
+    
+    server_name _;
+    access_log off;
+    return 301 https://$host$request_uri;
+}
+
+# HTTPS 服务器配置
+server {
+    listen 443 ssl default_server;
+    listen [::]:443 ssl default_server;
+    
+    server_name _;
+    access_log off;
+    
+    # SSL 证书配置
+    ssl_certificate /etc/nginx/certs/server.crt;
+    ssl_certificate_key /etc/nginx/certs/server.key;
+    
+    # SSL 安全配置
+    ssl_protocols TLSv1.2 TLSv1.3;
+    ssl_ciphers HIGH:!aNULL:!MD5;
+    ssl_prefer_server_ciphers on;
+    
+    # 设置根目录指向构建产物
+    root /app/dist;
+    
+    # VitePress SPA 路由配置
+    location / {
+        try_files $uri $uri/ /index.html;
+        expires 30d;
+        add_header Cache-Control "public, immutable";
+    }
+    
+    # 静态资源缓存配置
+    location ~* \.(js|css|woff2|png|jpg|jpeg|gif|svg|ico)$ {
+        expires 365d;
+        add_header Cache-Control "public, immutable";
+    }
+    
+    # 禁用缓存 HTML 文件
+    location ~* \.html$ {
+        expires off;
+        add_header Cache-Control "no-cache, no-store, must-revalidate";
+    }
+}
+EOF
+
+# 验证 nginx 配置
+RUN nginx -t
+
+# 暴露端口（80 HTTP 和 443 HTTPS）
+EXPOSE 80 443
+
+# 启动 nginx
+CMD ["nginx", "-g", "daemon off;"]