From 680e8a4e5675d04cf79365302fef93bd4bdb228f Mon Sep 17 00:00:00 2001
From: Brunobrno <brunovontor@gmail.com>
Date: Fri, 24 Oct 2025 03:11:15 +0200
Subject: [PATCH] k

---
 docker-compose.yml                   | 117 +++++++++++++++++++++++++++
 frontend/{.env-frontend => .env}     |   0
 frontend/Dockerfile.prod             |  16 ++++
 frontend/nginx/nginx.conf            |  70 ++++++++++++++++
 frontend/src/components/main/Nav.tsx |   2 +-
 5 files changed, 204 insertions(+), 1 deletion(-)
 create mode 100644 docker-compose.yml
 rename frontend/{.env-frontend => .env} (100%)
 create mode 100644 frontend/Dockerfile.prod
 create mode 100644 frontend/nginx/nginx.conf

diff --git a/docker-compose.yml b/docker-compose.yml
new file mode 100644
index 0000000..49eee3d
--- /dev/null
+++ b/docker-compose.yml
@@ -0,0 +1,117 @@
+services:
+  # backend:
+  #   container_name: backend-e-trznice
+  #   build:
+  #     context: ./backend
+  #     dockerfile: dockerfile
+  #   restart: always
+  #   env_file:
+  #     - ./backend/.env
+  #   networks:
+  #     - app_network
+  #   depends_on:
+  #     - db
+  #     - redis
+  #   volumes:
+  #     - static-data:/app/collectedstaticfiles
+  #     - media-data:/app/media
+  #   command: sh -c "
+  #     python manage.py migrate --verbosity 3 --noinput &&
+  #     python manage.py check &&
+  #     python manage.py collectstatic --clear --noinput --verbosity 3 &&
+  #     python manage.py seed_app_config &&
+  #     gunicorn -k uvicorn.workers.UvicornWorker trznice.asgi:application --bind 0.0.0.0:8000"
+  #   ports:
+  #     - "8000:8000"
+    
+  # db:
+  #   image: postgres:15-alpine
+  #   container_name: postgres-e-trznice
+  #   restart: always
+  #   env_file:
+  #     - ./backend/.env
+  #   volumes:
+  #     - db-data:/var/lib/postgresql/data
+  #   ports:
+  #     - "5432:5432"
+  #   networks:
+  #     - app_network
+  
+
+  # redis: #extremly fast db, stores data in RAM memory
+  #   container_name: redis-e-trznice
+  #   image: redis:alpine
+  #   restart: always
+  #   env_file:
+  #     - ./backend/.env
+  #   volumes:
+  #     - redis-data:/data
+  #   expose:
+  #     - "6379"
+  #   networks:
+  #     - app_network
+
+  # celery: #task queue for handling asynchronous/hard tasks
+  #   container_name: celery-e-trznice
+  #   build:
+  #     context: ./backend
+  #     dockerfile: dockerfile
+  #   command: sh -c "python manage.py migrate --noinput && celery -A trznice worker --loglevel=info"
+  #   restart: always
+  #   env_file:
+  #     - ./backend/.env
+  #   depends_on:
+  #     - redis
+  #     - db
+  #     - backend
+  #   networks:
+  #     - app_network
+
+  # celery-beat: #periodic tasks scheduler
+  #   container_name: celery-beat-e-trznice
+  #   build:
+  #     context: ./backend
+  #     dockerfile: dockerfile
+  #   command: sh -c "python manage.py migrate --noinput && celery -A trznice beat --loglevel=info"
+  #   restart: always
+  #   env_file:
+  #     - ./backend/.env
+  #   depends_on:
+  #     - redis
+  #     - db
+  #     - backend
+  #   networks:
+  #     - app_network
+
+#end of backend services -----------------------
+
+  nginx: #web server, reverse proxy, serves static files
+    container_name: nginx-STANDART
+    build:
+      context: ./frontend
+      dockerfile: Dockerfile.prod
+    env_file:
+      - ./frontend/.env
+    ports:
+     - 80:80
+      # - 9000:80
+    # depends_on:
+    #   - backend
+    networks:
+      - app_network
+    volumes:
+      - static-data:/app/collectedstaticfiles   # static (Django)
+      - media-data:/app/media                   # media (Django)
+      - ./frontend/nginx/nginx.conf:/etc/nginx/nginx.conf:ro
+    
+
+
+networks:
+  app_network:
+    driver: bridge
+
+volumes:
+  redis-data:
+  db-data:
+  static-data:
+  media-data:
\ No newline at end of file
diff --git a/frontend/.env-frontend b/frontend/.env
similarity index 100%
rename from frontend/.env-frontend
rename to frontend/.env
diff --git a/frontend/Dockerfile.prod b/frontend/Dockerfile.prod
new file mode 100644
index 0000000..90cdedf
--- /dev/null
+++ b/frontend/Dockerfile.prod
@@ -0,0 +1,16 @@
+# Step 1: Build React (Vite) app
+FROM node:22-alpine AS build
+WORKDIR /app
+COPY package*.json ./
+# If package-lock.json exists, npm ci is faster and reproducible
+RUN npm ci || npm install
+COPY . .
+ENV NODE_ENV=production
+RUN npm run build
+
+# Step 2: Nginx runtime
+FROM nginx:1.27-alpine
+COPY nginx/nginx.conf /etc/nginx/conf.d/default.conf
+COPY --from=build /app/dist /usr/share/nginx/html
+EXPOSE 80
+CMD ["nginx", "-g", "daemon off;"]
\ No newline at end of file
diff --git a/frontend/nginx/nginx.conf b/frontend/nginx/nginx.conf
new file mode 100644
index 0000000..0509634
--- /dev/null
+++ b/frontend/nginx/nginx.conf
@@ -0,0 +1,70 @@
+# nginx.conf
+worker_processes  auto;
+user nginx;
+
+events {
+    worker_connections 1024;
+}
+
+http {
+    include       /etc/nginx/mime.types;
+    default_type  application/octet-stream;
+    client_max_body_size 50m;
+
+    sendfile        on;
+    keepalive_timeout  65;
+
+    server {
+        listen 80;
+        server_name _;
+
+        # -------------------------
+        # React frontend
+        # -------------------------
+        root /usr/share/nginx/html;
+        index index.html;
+
+        location / {
+            try_files $uri /index.html;
+        }
+
+        # # -------------------------
+        # # Django backend API
+        # # -------------------------
+
+        # # Serve Django static and media volumes mounted into the container
+        # location /static/ {
+        #     alias /app/collectedstaticfiles/;
+        # }
+
+        # location /media/ {
+        #     alias /app/media/;
+        # }
+
+        # # Same-origin proxy for API -> avoids CORS and allows cookies
+        # location /api {
+        #     return 301 /api/;
+        # }
+        # location /api/ {
+        #     proxy_pass         http://backend:8000;
+        #     proxy_set_header   Host $host;
+        #     proxy_set_header   X-Real-IP $remote_addr;
+        #     proxy_set_header   X-Forwarded-For $proxy_add_x_forwarded_for;
+        #     proxy_set_header   X-Forwarded-Proto $scheme;
+        #     proxy_http_version 1.1;
+        #     proxy_set_header   Connection "";
+        #     proxy_buffering    off;
+        #     client_max_body_size 50m;
+        # }
+
+        # -------------------------
+        # Security headers
+        # -------------------------
+        add_header X-Frame-Options "SAMEORIGIN";
+        add_header X-Content-Type-Options "nosniff";
+        add_header Referrer-Policy "strict-origin-when-cross-origin";
+        
+        # Minimal, valid CSP for development
+    add_header Content-Security-Policy "default-src 'self'; frame-src 'self' https://www.google.com https://*.google.com https://*.google.cz; frame-ancestors 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob:; style-src 'self' 'unsafe-inline'; img-src 'self' data: blob: https:; connect-src 'self' http://127.0.0.1:8000 http://localhost:8000 ws: wss:; font-src 'self' data:";
+    }
+}
\ No newline at end of file
diff --git a/frontend/src/components/main/Nav.tsx b/frontend/src/components/main/Nav.tsx
index 2044dcc..9bec024 100644
--- a/frontend/src/components/main/Nav.tsx
+++ b/frontend/src/components/main/Nav.tsx
@@ -26,7 +26,7 @@ export default function Nav() {
                     {/* Brand */}
                     <Link to="/" className="flex items-center m-0 p-0" aria-label={t('nav.brandAlt')}>
                         <img
-                            src="/public/images/logo.png"
+                            src="/images/logo.png"
                             alt={t('nav.brandAlt')}
                             className="block h-16 w-auto m-0 p-0 object-contain select-none"
                             draggable={false}