Remove HSTS headers & ssl_session_cache & use nginx:alpine

The HSTS headers are already set by Traefik and the ssl session cache does not make sense for a HTTP only container, with a proxy that handles TLS.

Also the docker image will now use the latest alpine image instead of the old fixed version.

_docker/Dockerfile

@@ -1,4 +1,4 @@
-FROM nginx:1.17-alpine
+FROM nginx:alpine
 
 COPY ./public/ /usr/share/nginx/html/
 

_docker/default.conf

@@ -13,12 +13,6 @@ map $sent_http_content_type $expires {
 
 proxy_cache_path  /tmp/nginx-cache  levels=1:2 keys_zone=STATIC:10m inactive=24h  max_size=1g;
 
-# Set HSTS if forwarded proto is https
-map $http_x_forwarded_proto $hsts_header {
-  default "";
-  https "max-age=31536000; includeSubDomains;";
-}
-
 server {
 
     root /usr/share/nginx/html;
@@ -33,13 +27,9 @@ server {
 
     set_real_ip_from  172.16.0.0/12;
 
-    ssl_session_timeout 1d;
-    ssl_session_cache shared:SSL:50m;
-
-    add_header Strict-Transport-Security $hsts_header;
     add_header X-Frame-Options "DENY";
     add_header Referrer-Policy "no-referrer";
-    add_header Content-Security-Policy "default-src 'none'; script-src 'self'; img-src data: 'self'; style-src 'self' 'unsafe-inline'; font-src data: 'self'; object-src data:; base-uri 'none'; form-action 'none'; worker-src 'self'; connect-src 'self'";
+    add_header Content-Security-Policy "default-src 'none'; script-src 'self'; img-src data: 'self'; style-src 'self' 'unsafe-inline'; font-src data: 'self'; object-src data:; base-uri 'none'; form-action 'none'; worker-src 'self'; connect-src 'self'; manifest-src 'self'";
     add_header Feature-Policy "geolocation 'none'; midi 'none'; notifications 'none'; push 'none'; sync-xhr 'none'; microphone 'none'; camera 'none'; magnetometer 'none'; gyroscope 'none'; speaker 'none'; vibrate 'none'; fullscreen 'self'; payment 'none'; usb 'none';";
     add_header Allow "GET, HEAD" always;