diff options
Diffstat (limited to 'apache2-VH.conf')
| -rw-r--r-- | apache2-VH.conf | 71 |
1 files changed, 71 insertions, 0 deletions
diff --git a/apache2-VH.conf b/apache2-VH.conf new file mode 100644 index 0000000..3c86467 --- /dev/null +++ b/apache2-VH.conf @@ -0,0 +1,71 @@ +<VirtualHost *:80> + ServerName safecomms.virebent.art + RewriteEngine On + RewriteCond %{HTTPS} off + RewriteRule ^/?(.*) https://%{SERVER_NAME}/$1 [R=301,L] +</VirtualHost> +<VirtualHost *:443> + ServerName localhost.localdomain + DocumentRoot /var/www/nofuture + + # Enable SSL and specify the paths for Let's Encrypt certificates + SSLEngine on + SSLProtocol -all +TLSv1.3 + SSLCertificateFile /etc/letsencrypt/live/localhost.localdomain/fullchain.pem + SSLCertificateKeyFile /etc/letsencrypt/live/localhost.localdomain/privkey.pem + + # Enable HTTP/2 + Protocols h2 http/1.1 + # Example: if your backend handles exactly these 4 routes: + ProxyPreserveHost On + ProxyPass /api/ http://127.0.0.1:3000/api/ disablereuse=On + ProxyPassReverse /api/ http://127.0.0.1:3000/api/ + + # CORS Headers for API requests + <Location /api/> + Header always set Access-Control-Allow-Origin "*" + Header always set Access-Control-Allow-Methods "POST, OPTIONS" + Header always set Access-Control-Allow-Headers "Content-Type" + Header always set Content-Type "application/json" + # Handle OPTIONS requests + RewriteEngine On + RewriteCond %{REQUEST_METHOD} OPTIONS + RewriteRule ^(.*)$ $1 [R=204,L] + </Location> + + LogLevel warn + ErrorLog ${APACHE_LOG_DIR}/error.log + # for this to work: a2enmod remoteip and uncomment LogFormat + # LogFormat "\"%{X-Forwarded-For}i\" %l %u %t \"%r\" %>s %b" anonymized_log + CustomLog ${APACHE_LOG_DIR}/access.log anonymized_log + + # a2enmod expires +<Directory /var/www/nofuture/> + Options FollowSymLinks + ExpiresActive On + ExpiresByType text/css "access plus 1 year" + ExpiresByType application/javascript "access plus 1 year" + Header set Cache-Control "public, immutable" + DirectoryIndex index.html + AllowOverride none + Require all granted + + # protection for our files in DocumentRoot + <FilesMatch "\.(env|go|mod|sum|gitignore|md)$"> + Require all denied + </FilesMatch> + </Directory> + + # Headers + Header always set Strict-Transport-Security "max-age=63072000; includeSubDomains; preload" + Header always set X-Content-Type-Options "nosniff" + Header always set X-Frame-Options "DENY" + Header always set Permissions-Policy "geolocation=(), microphone=(), camera=()" + Header always set Referrer-Policy "no-referrer" + + # Rate limiting per prevenire abusi + <Location "/buddy_encrypt"> + SetEnv ratelimit-ips 100 + SetEnv ratelimit-window 60 + </Location> +</VirtualHost></pre> |
