Commit Graph

2 Commits

Author SHA1 Message Date
tomasz-syn-grzegorza f4775366ef Harden production security: Dockerfile build, nginx whitelist, and CSP.
Replace Dokploy runtime git clone with Dockerfile build to keep tokens out of the container, add nginx security headers and path whitelist, and scrub templates from the running image after HTML generation.

Co-authored-by: Cursor <cursoragent@cursor.com>
2026-06-27 16:58:27 +02:00
tomasz-syn-grzegorza 3a843c53f3 Move template assets to .env-driven generation.
Site metadata, images, favicons, and YouTube settings are now configured via .env and rendered from HTML/manifest templates at dev or container startup.

Co-authored-by: Cursor <cursoragent@cursor.com>
2026-06-26 15:45:04 +02:00