update

frontend/docker/.env

@@ -0,0 +1,2 @@
+SXZ_HTTP_PORT=7776
+CONTAINER_NAME=sxz_web

frontend/docker/conf.d/default.conf

@@ -0,0 +1,42 @@
+server {
+  listen 80 ;
+  # root /opt/dist;
+  root /opt/dist;
+  index index.html index.htm index.nginx-debian.html;
+  # MIME
+  include /etc/nginx/mime.types;
+  default_type application/octet-stream;
+  # Display nginx Version number in error or http header may result in hacker to search for known vulnerability. Therefore, the version number should be removed for every http response.
+  server_tokens "off";
+  #charset utf-8;
+  # This directive, by default, is disabled to allow small packets to wait for a specified period before they are sent at once. To allow all data to be sent at once, this directive is enabled.
+  tcp_nodelay on;
+  #  Because we have enabled tcp_nodelay directive, small packets are sent at once. However, if you still want to make use of John Nagle’s buffering algorithm, we can also enable the tcp_nopush to add packets to each other and send them all at once.
+  tcp_nopush on;
+  # Defines a timeout for reading client request body. The timeout is set only for a period between two successive read operations, not for the transmission of the whole request body. If a client does not transmit anything within this time, the 408 (Request Time-out) error is returned to the client.
+  client_body_timeout 12;
+  # Defines a timeout for reading client request header. If a client does not transmit the entire header within this time, the 408 (Request Time-out) error is returned to the client.
+  client_header_timeout 12;
+  # This directive sets the buffer size for the request body. If you plan to run the webserver on 64-bit systems, you need to set the value to 16k. If you want to run the webserver on the 32-bit system, set the value to 8k.
+  client_body_buffer_size 1M;
+  # Similar to the previous directive, only instead it handles the client header size. For all intents and purposes, 1K is usually a decent size for this directive not unless you're sending mayopic stuff via header i.e permissions.
+  client_header_buffer_size 1k;
+  # The maximum number and size of buffers for large client headers.
+  large_client_header_buffers 2 1k;
+  # The maximum allowed size for a client request. If the maximum size is exceeded, then Nginx will spit out a 413 error or Request Entity Too Large.
+  client_max_body_size 500M;
+  # Defines the maximum size of an entry in the MIME types hash tables.
+  types_hash_max_size 4096;
+  # The first parameter sets a timeout during which a keep-alive client connection will stay open on the server side. The zero value disables keep-alive client connections. The optional second parameter sets a value in the “Keep-Alive: timeout=time” response header field. Two parameters may differ. The “Keep-Alive: timeout=time” header field is recognized by Mozilla and Konqueror. The default is 75 seconds.
+  keepalive_timeout 120s;
+  # Configure a number of requests to keep alive for a specific period of time.  You can set the number of requests to 20 or 30.
+  keepalive_requests 120;
+  # if you want to disable keepalive connection for a specific group of browsers, use this directive.
+  #keepalive_disable;
+  #Sets a timeout for transmitting a response to the client. The timeout is set only between two successive write operations, not for the transmission of the whole response. If the client does not receive anything within this time, the connection is closed.
+  send_timeout 75s;
+
+  include /etc/nginx/setting/general.conf;
+  include /etc/nginx/setting/security.conf;
+  include /etc/nginx/setting/proxy.conf;
+}

frontend/docker/docker-compose.yml

@@ -0,0 +1,31 @@
+version: "3.7"
+
+# docker network create nginx_bridge
+# networks:
+#   nginx_bridge:
+#     driver: bridge
+
+services:
+  nginx:
+    image: nginx:stable-alpine
+    # build:
+    #   context: .
+    #   dockerfile: Dockerfile
+    container_name: $CONTAINER_NAME
+    restart: always
+    privileged: true
+    environment:
+      - TZ=Asia/Shanghai
+    ports:
+      - $SXZ_HTTP_PORT:80
+      # - 80:80
+      # - 443:443
+    volumes:
+      - /etc/localtime:/etc/localtime:ro
+      - ./nginx.conf:/etc/nginx/nginx.conf:ro
+      - ./conf.d:/etc/nginx/conf.d
+      - ./setting:/etc/nginx/setting
+      - /var/log/$CONTAINER_NAME/logs:/var/log/nginx
+      - ./dist:/opt/dist:ro
+    # networks:
+    #   - nginx_bridge

frontend/docker/env.example

@@ -0,0 +1,3 @@
+SXZ_HTTP_PORT=6060
+CONTAINER_NAME=sxz_model_admin
+#SXZ_HTTPS_PORT=6060

frontend/docker/nginx.conf

@@ -0,0 +1,43 @@
+# user  nginx;
+worker_processes auto;
+
+error_log /var/log/nginx/error.log warn;
+pid /var/run/nginx.pid;
+
+events {
+    # The maximum number of connections that each worker process can handle simultaneously. The default is 512, but most systems have enough resources to support a larger number. The appropriate setting depends on the size of the server and the nature of the traffic, and can be discovered through testing.
+    worker_connections 65535;
+    # This directive allows a worker to accept many connections in the queue at a time. A queue in this context simply means a sequence of data objects waiting to be processed.
+    multi_accept on;
+    # With this directive worker processes will accept new connections by turn. Otherwise, all worker processes will be notified about new connections, and if volume of new connections is low, some of the worker processes may just waste system resources.
+    accept_mutex on;
+    # This directive determines how long a worker should wait before accepting a new connection. Once the accept_mutex is turned on, a mutex lock is assigned to a worker for a timeframe specified by the accept_mutex_delay . When the timeframe is up, the next worker in line is ready to accept new connections.
+    accept_mutex_delay 200ms;
+    # This directive specifies the method to process a connection from the client. We decided to set the value to epoll because we are working on a Ubuntu platform. The epoll method is the most effective processing method for Linux platforms.
+    use epoll;
+    # This specifies the number of events that NGINX will pass to the kernel.
+    epoll_events 1024;
+}
+
+http {
+    include /etc/nginx/mime.types;
+    default_type application/octet-stream;
+
+    log_format main '$remote_addr - $remote_user [$time_local] "$request" '
+    '$status $body_bytes_sent "$http_referer" '
+    '"$http_user_agent" "$http_x_forwarded_for"';
+
+    access_log /var/log/nginx/access.log main;
+
+    sendfile on;
+    #tcp_nopush     on;
+
+    keepalive_timeout 65;
+
+    #gzip  on;
+    server_names_hash_bucket_size 64;
+    server_names_hash_max_size 512;
+
+    include /etc/nginx/conf.d/*.conf;
+   
+}

frontend/docker/setting/general.conf

@@ -0,0 +1,100 @@
+# favicon.ico
+location = /public/favicon.ico {
+	log_not_found off;
+	access_log off;
+	error_log off;
+}
+
+# Disable directory listing
+location / {
+	autoindex  off;
+	try_files $uri $uri/ /index.html;
+}
+
+# assets, media, and Static File Caching while allowing safe files
+location ~* \.(?:css(\.map)?|js(\.map)?|ttf|ttc|otf|eot|woff2?|svgz?|jpe?g|png|gif|ico|cur|heic|webp|tiff?|mp3|m4a|aac|ogg|midi?|wav|mp4|mov|webm|mpe?g|avi|ogv|flv|wmv|pdf|docx?|dotx?|docm|dotm|xlsx?|xltx?|xlsm|xltm|pptx?|potx?|pptm|potm|ppsx?)$ {
+	add_header Access-Control-Allow-Origin "*";
+	add_header Cache-Control "public";
+	expires 365d;
+	# Nginx logs every request that hits the server to a log file. If you use analytics to monitor this, you may want to turn this functionality off. Simply edit the access_log directive:
+	access_log on;
+}
+
+# deny access to .htaccess files
+location ~ /\.ht {
+	deny  all;
+	error_log off;
+	log_not_found off;
+}
+
+# Deny access to hidden files (beginning with a period)
+location ~ /\. {
+	deny all;
+	error_log off;
+	log_not_found off;
+}
+
+
+location /video/ {
+	# To utilize operating system resources, set the value of this directive to on. sendfile transfers data between file descriptors within the OS kernel space without sending it to the application buffers. This directive will be used to serve small files.
+	sendfile       on;
+	# This directive enables multi-threading when set to on for write and read operation. Multi-threading is an execution model that allows multiple threads to execute separately from each other whilst sharing their hosting process resources.
+	aio            threads;
+	# This directive improves cache effectiveness by allowing read and write to be sent directly to the application.  directio is a filesystem feature of every modern operating system. This directive will be used to serve larger files like videos.
+	directio       8m;
+	# This directive assigns a block size value to the data transfer. It related to the directio  directive.
+	directio_alignment 1024;
+}
+
+# define error pages
+error_page 401 403 404  /index.html;
+location = /index.html {
+	root /opt/dist;
+	internal;
+}
+
+# redirect server error pages
+error_page   500 502 503 504  /index.html;
+location = / {
+	root   /opt/dist;
+	internal;
+}
+
+## Only GET, POST, PUT are allowed##
+if ($request_method !~ ^(GET|PUT|POST)$ ) {
+	return 444;
+}
+## In this case, it does not accept other HTTP method such as HEAD, DELETE, SEARCH, TRACE ##
+
+##  Only allow access to these domains/sub-domains samwanekeya.com and localhost
+# if ($host !~ ^(localhost|127.0.0.1|192.168.0.52|192.168.0.163)$ ) {
+# 	return 444;
+# }
+
+#Gzip can help reduce the amount of network transfer Nginx deals with. However, be careful increasing the gzip_comp_level too high as the server will begin wasting cpu cycles.
+#For those using Cloudflare as their CDN this is already taken care of - https://support.cloudflare.com/hc/en-us/articles/200168086-Does-Cloudflare-compress-resources-
+
+#If you want to enable compression, set the value of this directive to on. By default, it is disabled.
+gzip             on;
+# You can make use of this directive to set the compression level. In order not to waste CPU resources, you need not set the compression level too high. Between 1 and 9, you can set the compression level to 2 or 3.
+gzip_comp_level  2;
+# Set the minimum response length for compression via the content-length response header field. You can set it to more than 20 bytes.
+gzip_min_length  1000;
+gzip_proxied     expired no-cache no-store private auth;
+# This directive allows you to choose the response type you want to compress. By default, the response type text/html is always compressed. You can add other response type such as text/plain application/x-javascript text/xml as shown in the code above.
+# gzip_types       text/plain application/x-javascript text/xml text/css application/xml;
+# This directive allows you to choose the minimum HTTP version of a request for a compressed response. You can make use of the default value which is 1.1.
+#gzip_http_version 1.1;
+# When gzip directive is enabled, this directive add the header field Vary:Accept Encoding  to the response.
+#gzip_vary  on;
+# Some browsers such as Internet Explorer 6 do not have support for gzip compression. This directive make use of User-Agent request header field to disable compression for certain browsers.
+#gzip_disable "MSIE [4-6] \.";
+
+# This directive is disabled by default. Enable it if you want implement caching in Nginx. This directive stores metadata of files and directories commonly requested by users.
+open_file_cache max=1000 inactive=30s;
+# This directive contains backup information inside the open_file_cache directive. You can use this directive to set a valid period usually in seconds after which the information related to files and directories is re-validated again.
+open_file_cache_valid 30s;
+# Nginx usually clear information inside the open_file_cache directive after a period of inactivity based on the open_file_cache_min_uses. You can use this directive to set a minimum number of access to identify which files and directories are actively accessed.
+open_file_cache_min_uses 4;
+# You can make use of this directive to allow Nginx to cache errors  such as “permission denied” or “can’t access this file” when files are accessed. So anytime a resource is accessed by a user who does not have the right to do so, Nginx displays the same error report “permission denied”.
+open_file_cache_errors on;

frontend/docker/setting/general_production.conf

@@ -0,0 +1,117 @@
+# favicon.ico
+location = /public/favicon.ico {
+	log_not_found off;
+	access_log off;
+	error_log off;
+}
+
+# Disable directory listing
+location / {
+	autoindex  off;
+	try_files $uri $uri/ /index.html;
+}
+
+# assets, media, and Static File Caching while allowing safe files
+# location ~* \.(?:css(\.map)?|js(\.map)?|ttf|ttc|otf|eot|woff2?|svgz?|jpe?g|png|gif|ico|cur|heic|webp|tiff?|mp3|m4a|aac|ogg|midi?|wav|mp4|mov|webm|mpe?g|avi|ogv|flv|wmv|pdf|docx?|dotx?|docm|dotm|xlsx?|xltx?|xlsm|xltm|pptx?|potx?|pptm|potm|ppsx?)$ {
+# 	add_header Access-Control-Allow-Origin "*";
+# 	add_header Cache-Control "public";
+# 	expires 365d;
+# 	# Nginx logs every request that hits the server to a log file. If you use analytics to monitor this, you may want to turn this functionality off. Simply edit the access_log directive:
+# 	access_log on;
+# }
+
+location ~* \.(ttf|ttc|otf|eot|woff2?|svgz?|jpe?g|png|gif|ico|cur|heic|webp|tiff?|mp3|m4a|aac|ogg|midi?|wav|mp4|mov|webm|mpe?g|avi|ogv|flv|wmv|pdf|docx?|dotx?|docm|dotm|xlsx?|xltx?|xlsm|xltm|pptx?|potx?|pptm|potm|ppsx?)$ {
+	add_header Access-Control-Allow-Origin "*";
+	add_header Cache-Control "public";
+	expires 365d;
+	# Nginx logs every request that hits the server to a log file. If you use analytics to monitor this, you may want to turn this functionality off. Simply edit the access_log directive:
+	access_log on;
+}
+
+location ~* \.(?:css(\.map)?|js(\.map))$ {
+	expires off;
+	add_header Cache-Control "no-cache";
+	# expires 365d;
+	# Nginx logs every request that hits the server to a log file. If you use analytics to monitor this, you may want to turn this functionality off. Simply edit the access_log directive:
+	access_log on;
+}
+
+
+# deny access to .htaccess files
+location ~ /\.ht {
+	deny  all;
+	error_log off;
+	log_not_found off;
+}
+
+# Deny access to hidden files (beginning with a period)
+location ~ /\. {
+	deny all;
+	error_log off;
+	log_not_found off;
+}
+
+
+location /video/ {
+	# To utilize operating system resources, set the value of this directive to on. sendfile transfers data between file descriptors within the OS kernel space without sending it to the application buffers. This directive will be used to serve small files.
+	sendfile       on;
+	# This directive enables multi-threading when set to on for write and read operation. Multi-threading is an execution model that allows multiple threads to execute separately from each other whilst sharing their hosting process resources.
+	aio            threads;
+	# This directive improves cache effectiveness by allowing read and write to be sent directly to the application.  directio is a filesystem feature of every modern operating system. This directive will be used to serve larger files like videos.
+	directio       8m;
+	# This directive assigns a block size value to the data transfer. It related to the directio  directive.
+	directio_alignment 1024;
+}
+
+# define error pages
+error_page 401 403 404  /index.html;
+location = /index.html {
+	root /opt/dist;
+	internal;
+}
+
+# redirect server error pages
+error_page   500 502 503 504  /index.html;
+location = / {
+	root   /opt/dist;
+	internal;
+}
+
+## Only GET, POST, PUT are allowed##
+if ($request_method !~ ^(GET|PUT|POST)$ ) {
+	return 444;
+}
+## In this case, it does not accept other HTTP method such as HEAD, DELETE, SEARCH, TRACE ##
+
+##  Only allow access to these domains/sub-domains samwanekeya.com and localhost
+# if ($host !~ ^(localhost|127.0.0.1|192.168.0.52|192.168.0.163)$ ) {
+# 	return 444;
+# }
+
+#Gzip can help reduce the amount of network transfer Nginx deals with. However, be careful increasing the gzip_comp_level too high as the server will begin wasting cpu cycles.
+#For those using Cloudflare as their CDN this is already taken care of - https://support.cloudflare.com/hc/en-us/articles/200168086-Does-Cloudflare-compress-resources-
+
+#If you want to enable compression, set the value of this directive to on. By default, it is disabled.
+gzip             on;
+# You can make use of this directive to set the compression level. In order not to waste CPU resources, you need not set the compression level too high. Between 1 and 9, you can set the compression level to 2 or 3.
+gzip_comp_level  2;
+# Set the minimum response length for compression via the content-length response header field. You can set it to more than 20 bytes.
+gzip_min_length  1000;
+gzip_proxied     expired no-cache no-store private auth;
+# This directive allows you to choose the response type you want to compress. By default, the response type text/html is always compressed. You can add other response type such as text/plain application/x-javascript text/xml as shown in the code above.
+# gzip_types       text/plain application/x-javascript text/xml text/css application/xml;
+# This directive allows you to choose the minimum HTTP version of a request for a compressed response. You can make use of the default value which is 1.1.
+#gzip_http_version 1.1;
+# When gzip directive is enabled, this directive add the header field Vary:Accept Encoding  to the response.
+#gzip_vary  on;
+# Some browsers such as Internet Explorer 6 do not have support for gzip compression. This directive make use of User-Agent request header field to disable compression for certain browsers.
+#gzip_disable "MSIE [4-6] \.";
+
+# This directive is disabled by default. Enable it if you want implement caching in Nginx. This directive stores metadata of files and directories commonly requested by users.
+open_file_cache max=1000 inactive=30s;
+# This directive contains backup information inside the open_file_cache directive. You can use this directive to set a valid period usually in seconds after which the information related to files and directories is re-validated again.
+open_file_cache_valid 30s;
+# Nginx usually clear information inside the open_file_cache directive after a period of inactivity based on the open_file_cache_min_uses. You can use this directive to set a minimum number of access to identify which files and directories are actively accessed.
+open_file_cache_min_uses 4;
+# You can make use of this directive to allow Nginx to cache errors  such as “permission denied” or “can’t access this file” when files are accessed. So anytime a resource is accessed by a user who does not have the right to do so, Nginx displays the same error report “permission denied”.
+open_file_cache_errors on;

frontend/docker/setting/general_staging.conf

@@ -0,0 +1,112 @@
+# favicon.ico
+location = /public/favicon.ico {
+	log_not_found off;
+	access_log off;
+	error_log off;
+}
+
+# Disable directory listing
+location / {
+	autoindex off;
+	try_files $uri $uri/ /index.html;
+}
+
+# assets, media, and Static File Caching while allowing safe files
+location ~* \.(ttf|ttc|otf|eot|woff2?|svgz?|jpe?g|png|gif|ico|cur|heic|webp|tiff?|mp3|m4a|aac|ogg|midi?|wav|mp4|mov|webm|mpe?g|avi|ogv|flv|wmv|pdf|docx?|dotx?|docm|dotm|xlsx?|xltx?|xlsm|xltm|pptx?|potx?|pptm|potm|ppsx?)$ {
+	add_header Access-Control-Allow-Origin "*";
+	add_header Cache-Control "public";
+	expires 365d;
+	# Nginx logs every request that hits the server to a log file. If you use analytics to monitor this, you may want to turn this functionality off. Simply edit the access_log directive:
+	access_log on;
+}
+
+location ~* \.(?:css(\.map)?|js(\.map))$ {
+	expires off;
+	add_header Cache-Control "no-cache";
+	add_header Last-Modified "";
+	add_header ETag "";
+	# expires 365d;
+	# Nginx logs every request that hits the server to a log file. If you use analytics to monitor this, you may want to turn this functionality off. Simply edit the access_log directive:
+	access_log on;
+}
+
+
+# deny access to .htaccess files
+location ~ /\.ht {
+	deny all;
+	error_log off;
+	log_not_found off;
+}
+
+# Deny access to hidden files (beginning with a period)
+location ~ /\. {
+	deny all;
+	error_log off;
+	log_not_found off;
+}
+
+
+location /video/ {
+	# To utilize operating system resources, set the value of this directive to on. sendfile transfers data between file descriptors within the OS kernel space without sending it to the application buffers. This directive will be used to serve small files.
+	sendfile on;
+	# This directive enables multi-threading when set to on for write and read operation. Multi-threading is an execution model that allows multiple threads to execute separately from each other whilst sharing their hosting process resources.
+	aio threads;
+	# This directive improves cache effectiveness by allowing read and write to be sent directly to the application.  directio is a filesystem feature of every modern operating system. This directive will be used to serve larger files like videos.
+	directio 8m;
+	# This directive assigns a block size value to the data transfer. It related to the directio  directive.
+	directio_alignment 1024;
+}
+
+# define error pages
+error_page 401 403 404 /index.html;
+location = /index.html {
+	root /opt/dist;
+	internal;
+}
+
+# redirect server error pages
+error_page 500 502 503 504 /index.html;
+location = / {
+	root /opt/dist;
+	internal;
+}
+
+## Only GET, POST, PUT are allowed##
+if ($request_method !~ ^(GET|PUT|POST)$ ) {
+	return 444;
+}
+## In this case, it does not accept other HTTP method such as HEAD, DELETE, SEARCH, TRACE ##
+
+##  Only allow access to these domains/sub-domains samwanekeya.com and localhost
+# if ($host !~ ^(localhost|127.0.0.1|192.168.0.52|192.168.0.163)$ ) {
+# 	return 444;
+# }
+
+#Gzip can help reduce the amount of network transfer Nginx deals with. However, be careful increasing the gzip_comp_level too high as the server will begin wasting cpu cycles.
+#For those using Cloudflare as their CDN this is already taken care of - https://support.cloudflare.com/hc/en-us/articles/200168086-Does-Cloudflare-compress-resources-
+#If you want to enable compression, set the value of this directive to on. By default, it is disabled.
+gzip on;
+# You can make use of this directive to set the compression level. In order not to waste CPU resources, you need not set the compression level too high. Between 1 and 9, you can set the compression level to 2 or 3.
+gzip_comp_level 2;
+# Set the minimum response length for compression via the content-length response header field. You can set it to more than 20 bytes.
+gzip_min_length 1000;
+gzip_proxied expired no-cache no-store private auth;
+# This directive allows you to choose the response type you want to compress. By default, the response type text/html is always compressed. You can add other response type such as text/plain application/x-javascript text/xml as shown in the code above.
+# gzip_types       text/plain application/x-javascript text/xml text/css application/xml;
+# This directive allows you to choose the minimum HTTP version of a request for a compressed response. You can make use of the default value which is 1.1.
+#gzip_http_version 1.1;
+# When gzip directive is enabled, this directive add the header field Vary:Accept Encoding  to the response.
+#gzip_vary  on;
+# Some browsers such as Internet Explorer 6 do not have support for gzip compression. This directive make use of User-Agent request header field to disable compression for certain browsers.
+#gzip_disable "MSIE [4-6] \.";
+
+# This directive is disabled by default. Enable it if you want implement caching in Nginx. This directive stores metadata of files and directories commonly requested by users.
+open_file_cache max=1000 inactive=30s;
+# This directive contains backup information inside the open_file_cache directive. You can use this directive to set a valid period usually in seconds after which the information related to files and directories is re-validated again.
+open_file_cache_valid 30s;
+# Nginx usually clear information inside the open_file_cache directive after a period of inactivity based on the open_file_cache_min_uses. You can use this directive to set a minimum number of access to identify which files and directories are actively accessed.
+open_file_cache_min_uses 4;
+# You can make use of this directive to allow Nginx to cache errors  such as “permission denied” or “can’t access this file” when files are accessed. So anytime a resource is accessed by a user who does not have the right to do so, Nginx displays the same error report “permission denied”.
+open_file_cache_errors on;
+
+# 测试环境的一些

frontend/docker/setting/proxy.conf

@@ -0,0 +1,25 @@
+location /change {
+    proxy_pass http://192.168.0.47:8088;
+}
+
+location /api/* {
+    proxy_pass http://192.168.0.47:8088;
+}
+
+location ~*.json {
+    proxy_pass http://192.168.0.47:8088;
+}
+
+location /importData {
+    proxy_pass http://192.168.0.47:8088;
+}
+
+location static/json {
+    proxy_pass http://192.168.0.47:8088;
+}
+# var apiProxy = proxy("http://192.168.0.47:8088", opts)
+# app.use("/change",proxy("http://192.168.0.47:8088", opts));
+# app.use("/api/*",proxy("http://192.168.0.47:8088", opts));
+# app.use("*.json",proxy("http://192.168.0.47:8088", opts));
+# app.use('importData', proxy("http://192.168.0.47:8088", opts))
+# app.use('static/json', proxy("http://192.168.0.47:8088", opts))

frontend/docker/setting/security.conf

@@ -0,0 +1,32 @@
+# config to don't allow the browser to render the page inside an frame or iframe
+# and avoid clickjacking http://en.wikipedia.org/wiki/Clickjacking
+# if you need to allow [i]frames, you can use SAMEORIGIN or even set an uri with ALLOW-FROM uri
+# https://developer.mozilla.org/en-US/docs/HTTP/X-Frame-Options
+add_header X-Frame-Options "SAMEORIGIN";
+#Handled by CDN admin   
+# when serving user-supplied content, include a X-Content-Type-Options: nosniff header along with the Content-Type: header,
+# to disable content-type sniffing on some browsers.
+# https://www.owasp.org/index.php/List_of_useful_HTTP_headers
+# currently suppoorted in IE > 8 http://blogs.msdn.com/b/ie/archive/2008/09/02/ie8-security-part-vi-beta-2-update.aspx
+# http://msdn.microsoft.com/en-us/library/ie/gg622941(v=vs.85).aspx
+# 'soon' on Firefox https://bugzilla.mozilla.org/show_bug.cgi?id=471020
+add_header X-Content-Type-Options "nosniff";
+# This header enables the Cross-site scripting (XSS) filter built into most recent web browsers.
+# It's usually enabled by default anyway, so the role of this header is to re-enable the filter for
+# this particular website if it was disabled by the user.
+# https://www.owasp.org/index.php/List_of_useful_HTTP_headers
+add_header X-XSS-Protection "1; mode=block";
+
+add_header Referrer-Policy "no-referrer-when-downgrade";
+# with Content Security Policy (CSP) enabled(and a browser that supports it(http://caniuse.com/#feat=contentsecuritypolicy),
+# you can tell the browser that it can only download content from the domains you explicitly allow
+# http://www.html5rocks.com/en/tutorials/security/content-security-policy/
+# https://www.owasp.org/index.php/Content_Security_Policy
+# I need to change our application code so we can increase security by disabling 'unsafe-inline' 'unsafe-eval'
+# directives for css and js(if you have inline css or js, you will need to keep it too).
+# more: http://www.html5rocks.com/en/tutorials/security/content-security-policy/#inline-code-considered-harmful
+# add_header Content-Security-Policy "default-src 'self' http: https: data: blob: 'unsafe-inline'";
+#For Clouflare users comment this out as it's handle from the admin UI
+add_header Strict-Transport-Security "max-age=31536000; includeSubDomains; preload";
+# Prevent search engine indexing
+add_header  X-Robots-Tag "noindex, nofollow, nosnippet, noarchive";

frontend/docker/start.sh

@@ -0,0 +1,29 @@
+#!/usr/bin/env bash
+
+if [ ! -f ".env" ]; then
+    cp env.example .env
+fi
+
+if [ ! -z "$SXZ_HTTP_PORT" ] && [ ! -z "$CONTAINER_NAME" ]; then
+    echo "存在全局变量"
+    rm .env
+    cat >>.env <<EOF
+SXZ_HTTP_PORT=$SXZ_HTTP_PORT
+CONTAINER_NAME=$CONTAINER_NAME
+EOF
+
+else
+
+    echo "不存在全局变量"
+    source .env
+fi
+
+echo "http_port: $SXZ_HTTP_PORT"
+echo "container_name: $CONTAINER_NAME"
+
+if [ "$(docker container inspect -f '{{.State.Status}}' $CONTAINER_NAME)" == "running" ]; then
+    docker rm $CONTAINER_NAME -f
+    docker-compose up -d
+else
+    docker-compose up -d
+fi

init-frontend.sh

@@ -0,0 +1,7 @@
+#!/usr/bin/env bash
+
+# pack frontend
+
+url="http://face3d.4dage.com:7005/zhangyupeng/bootstrap-spug/raw/master/frontend/init-frontend.tar.gz"
+
+curl -L --silent -o "$url" .

pack.sh

@@ -0,0 +1,20 @@
+#!/usr/bin/env bash
+
+# pack frontend
+
+# targetName="$(date +%F).tar.gz"
+
+targetName="init-frontend.tar.gz"
+
+tar -czvf frontend/$targetName frontend/docker
+
+# cat >>target.txt <<EOF
+# SXZ_HTTP_PORT=$SXZ_HTTP_PORT
+# CONTAINER_NAME=$CONTAINER_NAME
+# EOF
+
+# pack backend
+
+# targetName="$(date +%F).tar.gz"
+
+# tar -czvf frontend/$targetName frontend/docker

readme.md

@@ -0,0 +1,3 @@
+## 前端初始化
+
+/bin/bash -c "$(curl -fsSL http://face3d.4dage.com:7005/zhangyupeng/bootstrap-spug/raw/master/init-frontend.sh)"