build(container): replace nginx with caddy for static SPA serving (no TLS); embed Caddyfile; keep health endpoint on /health

Dockerfile

@@ -53,25 +53,36 @@ ENV NODE_ENV=$NODE_ENV
 RUN bun run build
 
 # Production stage
-FROM nginx:alpine AS production
+FROM caddy:2-alpine AS production
 
 # Install curl for health checks
 RUN apk add --no-cache curl
 
 # Copy built files from builder stage
-COPY --from=builder /app/dist /usr/share/nginx/html
+COPY --from=builder /app/dist /usr/share/caddy
 
-# Copy nginx configuration
-COPY nginx.conf /etc/nginx/conf.d/default.conf
+# Configure Caddy to serve SPA with health endpoint (no TLS)
+RUN cat > /etc/caddy/Caddyfile <<'CADDY'
+:80 {
+  encode zstd gzip
+  root * /usr/share/caddy
 
-# Set proper permissions for nginx
-RUN chown -R nginx:nginx /usr/share/nginx/html && \
-  chown -R nginx:nginx /var/cache/nginx && \
-  chown -R nginx:nginx /var/log/nginx && \
-  chown -R nginx:nginx /etc/nginx/conf.d
+  handle_path /health {
+    respond "ok" 200
+  }
 
-# Switch to nginx user
-USER nginx
+  file_server
+
+  @spa not file
+  rewrite @spa /index.html
+}
+CADDY
+
+# Set proper permissions for caddy
+RUN chown -R caddy:caddy /usr/share/caddy /etc/caddy
+
+# Switch to caddy user
+USER caddy
 
 # Expose port
 EXPOSE 80
@@ -80,5 +91,5 @@ EXPOSE 80
 HEALTHCHECK --interval=30s --timeout=3s --start-period=5s --retries=3 \
   CMD curl -f http://localhost/health || exit 1
 
-# Start nginx
-CMD ["nginx", "-g", "daemon off;"]
+# Start caddy
+CMD ["caddy", "run", "--config", "/etc/caddy/Caddyfile", "--adapter", "caddyfile"]