From e30acae533d5be255e1c72282474209eed736a01 Mon Sep 17 00:00:00 2001 From: Gab <24553253+gabrix73@users.noreply.github.com> Date: Tue, 11 Feb 2025 18:08:35 +0100 Subject: Create apache2-VH.conf --- apache2-VH.conf | 71 +++++++++++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 71 insertions(+) create mode 100644 apache2-VH.conf diff --git a/apache2-VH.conf b/apache2-VH.conf new file mode 100644 index 0000000..3c86467 --- /dev/null +++ b/apache2-VH.conf @@ -0,0 +1,71 @@ + + ServerName safecomms.virebent.art + RewriteEngine On + RewriteCond %{HTTPS} off + RewriteRule ^/?(.*) https://%{SERVER_NAME}/$1 [R=301,L] + + + ServerName localhost.localdomain + DocumentRoot /var/www/nofuture + + # Enable SSL and specify the paths for Let's Encrypt certificates + SSLEngine on + SSLProtocol -all +TLSv1.3 + SSLCertificateFile /etc/letsencrypt/live/localhost.localdomain/fullchain.pem + SSLCertificateKeyFile /etc/letsencrypt/live/localhost.localdomain/privkey.pem + + # Enable HTTP/2 + Protocols h2 http/1.1 + # Example: if your backend handles exactly these 4 routes: + ProxyPreserveHost On + ProxyPass /api/ http://127.0.0.1:3000/api/ disablereuse=On + ProxyPassReverse /api/ http://127.0.0.1:3000/api/ + + # CORS Headers for API requests + + Header always set Access-Control-Allow-Origin "*" + Header always set Access-Control-Allow-Methods "POST, OPTIONS" + Header always set Access-Control-Allow-Headers "Content-Type" + Header always set Content-Type "application/json" + # Handle OPTIONS requests + RewriteEngine On + RewriteCond %{REQUEST_METHOD} OPTIONS + RewriteRule ^(.*)$ $1 [R=204,L] + + + LogLevel warn + ErrorLog ${APACHE_LOG_DIR}/error.log + # for this to work: a2enmod remoteip and uncomment LogFormat + # LogFormat "\"%{X-Forwarded-For}i\" %l %u %t \"%r\" %>s %b" anonymized_log + CustomLog ${APACHE_LOG_DIR}/access.log anonymized_log + + # a2enmod expires + + Options FollowSymLinks + ExpiresActive On + ExpiresByType text/css "access plus 1 year" + ExpiresByType application/javascript "access plus 1 year" + Header set Cache-Control "public, immutable" + DirectoryIndex index.html + AllowOverride none + Require all granted + + # protection for our files in DocumentRoot + + Require all denied + + + + # Headers + Header always set Strict-Transport-Security "max-age=63072000; includeSubDomains; preload" + Header always set X-Content-Type-Options "nosniff" + Header always set X-Frame-Options "DENY" + Header always set Permissions-Policy "geolocation=(), microphone=(), camera=()" + Header always set Referrer-Policy "no-referrer" + + # Rate limiting per prevenire abusi + + SetEnv ratelimit-ips 100 + SetEnv ratelimit-window 60 + + -- cgit v1.2.3