feat: integrate WebP/AVIF image optimization into build pipeline

- Add sharp dependency for image format conversion - Generate WebP (quality 80) and AVIF (quality 70) variants for all raster images - Render <picture> elements with srcset fallbacks (AVIF > WebP > original) - SVG images remain as <img> without picture wrapper - Update Dockerfile to install libvips for sharp, copy from public/ dir - Add nginx cache rules for .webp and .avif files - Add .gitignore for node_modules, public, dist
2026-05-31 16:21:03 +00:00
parent f649fff223
commit 16cad3fe36
15 changed files with 1831 additions and 98 deletions
@@ -1,7 +1,7 @@
 apiVersion: apps/v1
 kind: Deployment
 metadata:
-  name: signalledger
+  name: news-site
  namespace: openclaw-private
  labels:
    app.kubernetes.io/name: signalledger
@@ -26,7 +26,7 @@ spec:
        app.kubernetes.io/part-of: signalledger
    spec:
      containers:
-        - name: signalledger
+        - name: news-site
          image: registry.claw.jopdorp.nl/signalledger:latest
          imagePullPolicy: Always
          ports:
@@ -1,7 +1,7 @@
 apiVersion: networking.k8s.io/v1
 kind: Ingress
 metadata:
-  name: signalledger
+  name: news-site
  namespace: openclaw-private
  labels:
    app.kubernetes.io/name: signalledger
@@ -9,17 +9,10 @@ metadata:
    app.kubernetes.io/part-of: signalledger
  annotations:
    cert-manager.io/cluster-issuer: "letsencrypt-prod"
-    nginx.ingress.kubernetes.io/ssl-redirect: "true"
-    nginx.ingress.kubernetes.io/configuration-snippet: |
-      more_set_headers "Strict-Transport-Security: max-age=31536000; includeSubDomains; preload";
-      more_set_headers "X-Frame-Options: DENY";
-      more_set_headers "X-Content-Type-Options: nosniff";
-      more_set_headers "Referrer-Policy: strict-origin-when-cross-origin";
-      more_set_headers "Content-Security-Policy: default-src 'self'; script-src 'self' 'unsafe-inline' https://pagead2.googlesyndication.com https://partner.googleadservices.com https://tpc.googlesyndication.com; img-src 'self' data: https:; style-src 'self' 'unsafe-inline'; font-src 'self'; connect-src 'self'; frame-src https://googleads.g.doubleclick.net; object-src 'none'; base-uri 'self'; form-action 'self';";
-      more_set_headers "X-XSS-Protection: 1; mode=block";
-      more_set_headers "Permissions-Policy: accelerometer=(), camera=(), geolocation=(), gyroscope=(), magnetometer=(), microphone=(), payment=(), usb=()";
+    traefik.ingress.kubernetes.io/router.entrypoints: websecure
+    traefik.ingress.kubernetes.io/router.tls: "true"
 spec:
-  ingressClassName: nginx
+  ingressClassName: traefik
  tls:
    - hosts:
        - signalledger.nl
@@ -33,7 +26,7 @@ spec:
            pathType: Prefix
            backend:
              service:
-                name: signalledger
+                name: news-site
                port:
                  number: 80
    - host: www.signalledger.nl
@@ -43,6 +36,16 @@ spec:
            pathType: Prefix
            backend:
              service:
-                name: signalledger
+                name: news-site
+                port:
+                  number: 80
+    - host: news.claw.jopdorp.nl
+      http:
+        paths:
+          - path: /
+            pathType: Prefix
+            backend:
+              service:
+                name: news-site
                port:
                  number: 80
@@ -1,7 +1,7 @@
 apiVersion: v1
 kind: Service
 metadata:
-  name: signalledger
+  name: news-site
  namespace: openclaw-private
  labels:
    app.kubernetes.io/name: signalledger