Add custom 404, Lunr search, and security updates #21
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Deploy Docusaurus to Webserver | |
| on: | |
| push: | |
| branches: | |
| - main | |
| jobs: | |
| build-and-deploy: | |
| runs-on: ubuntu-latest | |
| steps: | |
| - uses: actions/checkout@v4 | |
| with: | |
| fetch-depth: 0 | |
| - uses: actions/setup-node@v4 | |
| with: | |
| node-version: 20 | |
| cache: yarn | |
| - name: 📦 Install Dependencies | |
| run: yarn install --frozen-lockfile | |
| - name: 🏗️ Build Project | |
| run: yarn build | |
| - name: 🚀 Deploy to Server via SCP | |
| uses: appleboy/scp-action@v0.1.7 | |
| with: | |
| host: ${{ secrets.FTP_SERVER }} | |
| username: ${{ secrets.FTP_USERNAME }} | |
| key: ${{ secrets.SSH_PRIVATE_KEY }} | |
| port: ${{ secrets.FTP_PORT }} | |
| source: "build/*" | |
| target: "/var/www/html/docs_chezza/" | |
| strip_components: 1 | |
| - name: 🛠️ Post-Deploy Setup (Permissions & Security Headers) | |
| uses: appleboy/ssh-action@v1.0.3 | |
| with: | |
| host: ${{ secrets.FTP_SERVER }} | |
| username: ${{ secrets.FTP_USERNAME }} | |
| key: ${{ secrets.SSH_PRIVATE_KEY }} | |
| port: ${{ secrets.FTP_PORT }} | |
| script: | | |
| # Datei-Besitzer setzen | |
| chown -R www-data:www-data /var/www/html/docs_chezza/ | |
| # mod_headers aktivieren (falls noch nicht aktiv) | |
| a2enmod headers | |
| # Security-Header via .htaccess setzen | |
| cat > /var/www/html/docs_chezza/.htaccess << 'EOF' | |
| <IfModule mod_headers.c> | |
| Header always set X-Frame-Options "SAMEORIGIN" | |
| Header always set X-Content-Type-Options "nosniff" | |
| Header always set X-XSS-Protection "1; mode=block" | |
| Header always set Referrer-Policy "strict-origin-when-cross-origin" | |
| Header always set Strict-Transport-Security "max-age=31536000; includeSubDomains" | |
| Header always set Permissions-Policy "camera=(), microphone=(), geolocation=()" | |
| Header always set Content-Security-Policy "default-src 'self'; script-src 'self' 'unsafe-inline'; style-src 'self' 'unsafe-inline'; img-src 'self' data:; font-src 'self' data:; connect-src 'self'; frame-ancestors 'none';" | |
| </IfModule> | |
| EOF | |
| # Apache2 Konfiguration testen und neu laden | |
| apachectl configtest && systemctl reload apache2 |