mirror of
https://github.com/d0zingcat/ghost-docker.git
synced 2026-05-14 07:26:45 +00:00
e6d4754682
no refs The current setup runs the base Ghost installation without Traffic Analytics functionality. This commit adds: - `tinybird-sync` service, which copies the latest Tinybird datafiles from the `ghost` container into a shared volume - `tinybird-deploy` service & Dockerfile that includes the `tb` CLI, and runs `tb --cloud deploy` on boot - Instructions for one-time manual setup of the Tinybird workspace in `TINYBIRD.md` After the one-time manual setup, this configuration should automatically update Tinybird's datasources and endpoints in sync with the Ghost container when it is updated. The initial setup is a bit clumsy and requires more manual steps than expected: - The tinybird datafiles are in the Ghost image, but we need to access them from the `tinybird-deploy` service, which includes the `tb` CLI. - When creating a new workspace in Tinybird, you can't access your admin token right away. Instead, it forces you to run `tb login` and `tb --cloud deploy` before you can access the rest of your workspace UI. This requires the user to install the `tb` CLI locally, and run an interactive login to authenticate with their Tinybird workspace. The generated `.tinyb` file is then mounted into the `tinybird-deploy` container, so this is only required for initial setup. - Ghost requires the Tinybird `stats` and `tracker` token to be provided at boot. This means the user has to manually copy these tokens (either from CLI or the Workspace UI) and add them to their `.env` file manually. - We may want to either publish the Docker image with the Tinybird CLI installed, or possibly add the `tb` CLI to the traffic-analytics container.
50 lines
1.2 KiB
Caddyfile
50 lines
1.2 KiB
Caddyfile
# Replace your-domain.com with your actual domain
|
|
{$DOMAIN} {
|
|
# Log all requests
|
|
log {
|
|
output stdout
|
|
format console
|
|
level INFO
|
|
}
|
|
|
|
# Proxy analytics requests with any prefix (e.g. /.ghost/analytics/ or /blog/.ghost/analytics/)
|
|
@analytics_paths path_regexp analytics_match ^(.*)/\.ghost/analytics(.*)$
|
|
handle @analytics_paths {
|
|
rewrite * {re.analytics_match.2}
|
|
reverse_proxy traffic-analytics:3000
|
|
}
|
|
|
|
# Default proxy to Ghost
|
|
handle {
|
|
reverse_proxy ghost:2368
|
|
}
|
|
|
|
# Optional: Enable gzip compression
|
|
encode gzip
|
|
|
|
# Optional: Add security headers
|
|
header {
|
|
# Enable HSTS
|
|
Strict-Transport-Security max-age=31536000;
|
|
# Prevent embedding in frames
|
|
X-Frame-Options DENY
|
|
# Enable XSS protection
|
|
X-XSS-Protection "1; mode=block"
|
|
# Prevent MIME sniffing
|
|
X-Content-Type-Options nosniff
|
|
# Referrer policy
|
|
Referrer-Policy strict-origin-when-cross-origin
|
|
}
|
|
}
|
|
|
|
# Redirect www to non-www (optional)
|
|
www.{$DOMAIN} {
|
|
# Log all requests
|
|
log {
|
|
output stdout
|
|
format console
|
|
level INFO
|
|
}
|
|
redir https://{$DOMAIN}{uri}
|
|
}
|