summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorGab <24553253+gabrix73@users.noreply.github.com>2025-02-11 18:08:35 +0100
committerGitHub <noreply@github.com>2025-02-11 18:08:35 +0100
commite30acae533d5be255e1c72282474209eed736a01 (patch)
treee9fbc4d0830f38cd3a3ca35e8c0fff51b16823c8
parent87cd583e5ab8585d57dd1469dfdec1247b96f211 (diff)
downloadnofuture-go-memguard-e30acae533d5be255e1c72282474209eed736a01.tar.gz
nofuture-go-memguard-e30acae533d5be255e1c72282474209eed736a01.tar.xz
nofuture-go-memguard-e30acae533d5be255e1c72282474209eed736a01.zip
Create apache2-VH.conf
-rw-r--r--apache2-VH.conf71
1 files changed, 71 insertions, 0 deletions
diff --git a/apache2-VH.conf b/apache2-VH.conf
new file mode 100644
index 0000000..3c86467
--- /dev/null
+++ b/apache2-VH.conf
@@ -0,0 +1,71 @@
+<VirtualHost *:80>
+ ServerName safecomms.virebent.art
+ RewriteEngine On
+ RewriteCond %{HTTPS} off
+ RewriteRule ^/?(.*) https://%{SERVER_NAME}/$1 [R=301,L]
+</VirtualHost>
+<VirtualHost *:443>
+ ServerName localhost.localdomain
+ DocumentRoot /var/www/nofuture
+
+ # Enable SSL and specify the paths for Let's Encrypt certificates
+ SSLEngine on
+ SSLProtocol -all +TLSv1.3
+ SSLCertificateFile /etc/letsencrypt/live/localhost.localdomain/fullchain.pem
+ SSLCertificateKeyFile /etc/letsencrypt/live/localhost.localdomain/privkey.pem
+
+ # Enable HTTP/2
+ Protocols h2 http/1.1
+ # Example: if your backend handles exactly these 4 routes:
+ ProxyPreserveHost On
+ ProxyPass /api/ http://127.0.0.1:3000/api/ disablereuse=On
+ ProxyPassReverse /api/ http://127.0.0.1:3000/api/
+
+ # CORS Headers for API requests
+ <Location /api/>
+ Header always set Access-Control-Allow-Origin "*"
+ Header always set Access-Control-Allow-Methods "POST, OPTIONS"
+ Header always set Access-Control-Allow-Headers "Content-Type"
+ Header always set Content-Type "application/json"
+ # Handle OPTIONS requests
+ RewriteEngine On
+ RewriteCond %{REQUEST_METHOD} OPTIONS
+ RewriteRule ^(.*)$ $1 [R=204,L]
+ </Location>
+
+ LogLevel warn
+ ErrorLog ${APACHE_LOG_DIR}/error.log
+ # for this to work: a2enmod remoteip and uncomment LogFormat
+ # LogFormat "\"%{X-Forwarded-For}i\" %l %u %t \"%r\" %>s %b" anonymized_log
+ CustomLog ${APACHE_LOG_DIR}/access.log anonymized_log
+
+ # a2enmod expires
+<Directory /var/www/nofuture/>
+ Options FollowSymLinks
+ ExpiresActive On
+ ExpiresByType text/css "access plus 1 year"
+ ExpiresByType application/javascript "access plus 1 year"
+ Header set Cache-Control "public, immutable"
+ DirectoryIndex index.html
+ AllowOverride none
+ Require all granted
+
+ # protection for our files in DocumentRoot
+ <FilesMatch "\.(env|go|mod|sum|gitignore|md)$">
+ Require all denied
+ </FilesMatch>
+ </Directory>
+
+ # Headers
+ Header always set Strict-Transport-Security "max-age=63072000; includeSubDomains; preload"
+ Header always set X-Content-Type-Options "nosniff"
+ Header always set X-Frame-Options "DENY"
+ Header always set Permissions-Policy "geolocation=(), microphone=(), camera=()"
+ Header always set Referrer-Policy "no-referrer"
+
+ # Rate limiting per prevenire abusi
+ <Location "/buddy_encrypt">
+ SetEnv ratelimit-ips 100
+ SetEnv ratelimit-window 60
+ </Location>
+</VirtualHost></pre>