Source code for ladiosa.fr, a personal culinary blog and recipe catalog.
This repository contains only the technical structure (server + frontend). No recipes, articles, media, or secrets are versioned here. All content lives on the production server.
- Backend: Node.js 20 + Express (REST API, RSS, sitemap, OG share, comment moderation)
- Frontend: Vanilla JS SPA (
index.html, hash-based routing), secure Markdown rendering via DOMPurify, installable as PWA - Persistence: JSON files +
medias/folder on a bind-mount volume (no database) - Deployment: Docker image published to
ghcr.io, running on a Synology NAS behind DSM reverse proxy with Let's Encrypt HTTPS
server.js Hardened Express server
index.html Full SPA frontend
assets/icons/ Logos and favicons
public/ Static files (manifest, sw.js, robots, well-known, offline)
Dockerfile Non-root image with tini and healthcheck
docker-compose.yml Synology profile
.github/workflows/ Build and push to ghcr.io
-
Create the folder structure:
/volume1/docker/ladiosa/ docker-compose.yml (copy from this repo) .env (copy .env.example and fill in) data/ (empty on first run) -
Set at minimum in
.env:PUBLIC_ORIGIN=https://ladiosa.frALLOWED_ORIGINS=https://ladiosa.frADMIN_PASSWORD=<strong 12+ char password>(can be removed after first launch)
-
Set permissions:
chmod 700 data && chmod 600 .env -
Start:
docker compose pull docker compose up -d docker compose logs -f
-
In DSM: Application Portal / Reverse Proxy, map
https://ladiosa.fr(443) to127.0.0.1:1106. Enable HSTS + HTTP/2 + Let's Encrypt.
Admin panel: https://ladiosa.fr/#/tulum
cd /volume1/docker/ladiosa
docker compose pull
docker compose up -dEach push to main triggers a build and push of ghcr.io/<owner>/ladiosa:latest via GitHub Actions.
See SECURITY.md for the threat model, mitigations, and vulnerability reporting contact.
Personal source code. All rights reserved. Site content included.