feat: robots.txt, Sitemap und Staging-noindex für SEO

Google Search Console: echte robots.txt und sitemap.xml für Produktion; Staging blockiert Crawler per X-Robots-Tag und Disallow in robots.txt. Co-authored-by: Cursor <cursoragent@cursor.com>
2026-06-12 10:58:21 +02:00
parent 9634370a08
commit 0b46154696
7 changed files with 35 additions and 2 deletions
@@ -64,3 +64,8 @@ NTFY_TOKEN=tk_example_ntfy_access_token
 # Staging:    PLAUSIBLE_ENABLED=false (default in docker-compose.staging.yml)
 PLAUSIBLE_ENABLED=true
 PLAUSIBLE_HOST=https://plausible.elpatron.me
+
+# SEO (frontend container — robots.txt, X-Robots-Tag)
+# Production: ROBOTS_NOINDEX=false (default)
+# Staging:    ROBOTS_NOINDEX=true (default in docker-compose.staging.yml)
+# ROBOTS_NOINDEX=false
@@ -16,8 +16,22 @@ case "$(printf '%s' "$PLAUSIBLE_ENABLED" | tr '[:upper:]' '[:lower:]')" in
    ;;
 esac

+ROBOTS_NOINDEX="${ROBOTS_NOINDEX:-false}"
+case "$(printf '%s' "$ROBOTS_NOINDEX" | tr '[:upper:]' '[:lower:]')" in
+  true|1|yes)
+    export ROBOTS_NOINDEX_HEADER='    add_header X-Robots-Tag "noindex, nofollow" always;'
+    cat > /usr/share/nginx/html/robots.txt <<'EOF'
+User-agent: *
+Disallow: /
+EOF
+    ;;
+  *)
+    export ROBOTS_NOINDEX_HEADER=''
+    ;;
+esac
+
 export PLAUSIBLE_CSP
-envsubst '${PLAUSIBLE_CSP}' < /etc/nginx/templates/default.conf.template > /etc/nginx/conf.d/default.conf
+envsubst '${PLAUSIBLE_CSP} ${ROBOTS_NOINDEX_HEADER}' < /etc/nginx/templates/default.conf.template > /etc/nginx/conf.d/default.conf

 cat > /usr/share/nginx/html/runtime-config.json <<EOF
 {"plausibleEnabled":${PLAUSIBLE_ENABLED_JSON},"plausibleHost":"${PLAUSIBLE_HOST}"}
@@ -9,6 +9,7 @@ server {
    add_header Referrer-Policy "strict-origin-when-cross-origin" always;
    add_header Permissions-Policy "camera=(self), geolocation=(self), microphone=(self)" always;
    add_header Content-Security-Policy "default-src 'self'; script-src 'self'${PLAUSIBLE_CSP}; connect-src 'self'${PLAUSIBLE_CSP}; img-src 'self' data: blob: https://*.tile.openstreetmap.org; media-src 'self' blob: data:; style-src 'self' 'unsafe-inline'; font-src 'self'; object-src 'none'; base-uri 'self'; frame-ancestors 'self';" always;
+${ROBOTS_NOINDEX_HEADER}

    # Service worker and app shell must revalidate so PWA updates are detected
    location ~* ^/(sw\.js|workbox-.*\.js|manifest\.webmanifest|version\.json)$ {
@@ -0,0 +1,4 @@
+User-agent: *
+Allow: /
+
+Sitemap: https://kapteins-daagbok.eu/sitemap.xml
@@ -0,0 +1,8 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<urlset xmlns="http://www.sitemaps.org/schemas/sitemap/0.9">
+  <url>
+    <loc>https://kapteins-daagbok.eu/</loc>
+    <changefreq>monthly</changefreq>
+    <priority>1.0</priority>
+  </url>
+</urlset>
@@ -60,6 +60,7 @@ services:
    environment:
      PLAUSIBLE_ENABLED: ${PLAUSIBLE_ENABLED:-false}
      PLAUSIBLE_HOST: ${PLAUSIBLE_HOST:-https://plausible.elpatron.me}
+      ROBOTS_NOINDEX: ${ROBOTS_NOINDEX:-true}
    ports:
      - "80:80"
    depends_on:
@@ -83,7 +83,7 @@ Notfall ohne Checks: `SKIP_PREDEPLOY_CHECK=1 ./scripts/update-remotes.sh -dest s
 | Forward Port | `80` |
 | SSL | Let's Encrypt |

-Empfohlen: Custom Header `X-Robots-Tag: noindex, nofollow` (Staging nicht indexieren).
+Staging ist per Default nicht indexierbar: `ROBOTS_NOINDEX=true` im Frontend-Container setzt `X-Robots-Tag: noindex, nofollow` und liefert `robots.txt` mit `Disallow: /` (siehe `docker-compose.staging.yml`).

 Details zu Proxy-Headern und Security: [npm-security.md](npm-security.md).