diff options
| author | Gab <24553253+gabrix73@users.noreply.github.com> | 2025-02-11 18:08:35 +0100 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2025-02-11 18:08:35 +0100 |
| commit | e30acae533d5be255e1c72282474209eed736a01 (patch) | |
| tree | e9fbc4d0830f38cd3a3ca35e8c0fff51b16823c8 | |
| parent | 87cd583e5ab8585d57dd1469dfdec1247b96f211 (diff) | |
| download | nofuture-go-memguard-e30acae533d5be255e1c72282474209eed736a01.tar.gz nofuture-go-memguard-e30acae533d5be255e1c72282474209eed736a01.tar.xz nofuture-go-memguard-e30acae533d5be255e1c72282474209eed736a01.zip | |
Create apache2-VH.conf
| -rw-r--r-- | apache2-VH.conf | 71 |
1 files changed, 71 insertions, 0 deletions
diff --git a/apache2-VH.conf b/apache2-VH.conf new file mode 100644 index 0000000..3c86467 --- /dev/null +++ b/apache2-VH.conf @@ -0,0 +1,71 @@ +<VirtualHost *:80> + ServerName safecomms.virebent.art + RewriteEngine On + RewriteCond %{HTTPS} off + RewriteRule ^/?(.*) https://%{SERVER_NAME}/$1 [R=301,L] +</VirtualHost> +<VirtualHost *:443> + ServerName localhost.localdomain + DocumentRoot /var/www/nofuture + + # Enable SSL and specify the paths for Let's Encrypt certificates + SSLEngine on + SSLProtocol -all +TLSv1.3 + SSLCertificateFile /etc/letsencrypt/live/localhost.localdomain/fullchain.pem + SSLCertificateKeyFile /etc/letsencrypt/live/localhost.localdomain/privkey.pem + + # Enable HTTP/2 + Protocols h2 http/1.1 + # Example: if your backend handles exactly these 4 routes: + ProxyPreserveHost On + ProxyPass /api/ http://127.0.0.1:3000/api/ disablereuse=On + ProxyPassReverse /api/ http://127.0.0.1:3000/api/ + + # CORS Headers for API requests + <Location /api/> + Header always set Access-Control-Allow-Origin "*" + Header always set Access-Control-Allow-Methods "POST, OPTIONS" + Header always set Access-Control-Allow-Headers "Content-Type" + Header always set Content-Type "application/json" + # Handle OPTIONS requests + RewriteEngine On + RewriteCond %{REQUEST_METHOD} OPTIONS + RewriteRule ^(.*)$ $1 [R=204,L] + </Location> + + LogLevel warn + ErrorLog ${APACHE_LOG_DIR}/error.log + # for this to work: a2enmod remoteip and uncomment LogFormat + # LogFormat "\"%{X-Forwarded-For}i\" %l %u %t \"%r\" %>s %b" anonymized_log + CustomLog ${APACHE_LOG_DIR}/access.log anonymized_log + + # a2enmod expires +<Directory /var/www/nofuture/> + Options FollowSymLinks + ExpiresActive On + ExpiresByType text/css "access plus 1 year" + ExpiresByType application/javascript "access plus 1 year" + Header set Cache-Control "public, immutable" + DirectoryIndex index.html + AllowOverride none + Require all granted + + # protection for our files in DocumentRoot + <FilesMatch "\.(env|go|mod|sum|gitignore|md)$"> + Require all denied + </FilesMatch> + </Directory> + + # Headers + Header always set Strict-Transport-Security "max-age=63072000; includeSubDomains; preload" + Header always set X-Content-Type-Options "nosniff" + Header always set X-Frame-Options "DENY" + Header always set Permissions-Policy "geolocation=(), microphone=(), camera=()" + Header always set Referrer-Policy "no-referrer" + + # Rate limiting per prevenire abusi + <Location "/buddy_encrypt"> + SetEnv ratelimit-ips 100 + SetEnv ratelimit-window 60 + </Location> +</VirtualHost></pre> |
