From e30acae533d5be255e1c72282474209eed736a01 Mon Sep 17 00:00:00 2001
From: Gab <24553253+gabrix73@users.noreply.github.com>
Date: Tue, 11 Feb 2025 18:08:35 +0100
Subject: Create apache2-VH.conf
---
apache2-VH.conf | 71 +++++++++++++++++++++++++++++++++++++++++++++++++++++++++
1 file changed, 71 insertions(+)
create mode 100644 apache2-VH.conf
(limited to 'apache2-VH.conf')
diff --git a/apache2-VH.conf b/apache2-VH.conf
new file mode 100644
index 0000000..3c86467
--- /dev/null
+++ b/apache2-VH.conf
@@ -0,0 +1,71 @@
+
+ ServerName safecomms.virebent.art
+ RewriteEngine On
+ RewriteCond %{HTTPS} off
+ RewriteRule ^/?(.*) https://%{SERVER_NAME}/$1 [R=301,L]
+
+
+ ServerName localhost.localdomain
+ DocumentRoot /var/www/nofuture
+
+ # Enable SSL and specify the paths for Let's Encrypt certificates
+ SSLEngine on
+ SSLProtocol -all +TLSv1.3
+ SSLCertificateFile /etc/letsencrypt/live/localhost.localdomain/fullchain.pem
+ SSLCertificateKeyFile /etc/letsencrypt/live/localhost.localdomain/privkey.pem
+
+ # Enable HTTP/2
+ Protocols h2 http/1.1
+ # Example: if your backend handles exactly these 4 routes:
+ ProxyPreserveHost On
+ ProxyPass /api/ http://127.0.0.1:3000/api/ disablereuse=On
+ ProxyPassReverse /api/ http://127.0.0.1:3000/api/
+
+ # CORS Headers for API requests
+
+ Header always set Access-Control-Allow-Origin "*"
+ Header always set Access-Control-Allow-Methods "POST, OPTIONS"
+ Header always set Access-Control-Allow-Headers "Content-Type"
+ Header always set Content-Type "application/json"
+ # Handle OPTIONS requests
+ RewriteEngine On
+ RewriteCond %{REQUEST_METHOD} OPTIONS
+ RewriteRule ^(.*)$ $1 [R=204,L]
+
+
+ LogLevel warn
+ ErrorLog ${APACHE_LOG_DIR}/error.log
+ # for this to work: a2enmod remoteip and uncomment LogFormat
+ # LogFormat "\"%{X-Forwarded-For}i\" %l %u %t \"%r\" %>s %b" anonymized_log
+ CustomLog ${APACHE_LOG_DIR}/access.log anonymized_log
+
+ # a2enmod expires
+
+ Options FollowSymLinks
+ ExpiresActive On
+ ExpiresByType text/css "access plus 1 year"
+ ExpiresByType application/javascript "access plus 1 year"
+ Header set Cache-Control "public, immutable"
+ DirectoryIndex index.html
+ AllowOverride none
+ Require all granted
+
+ # protection for our files in DocumentRoot
+
+ Require all denied
+
+
+
+ # Headers
+ Header always set Strict-Transport-Security "max-age=63072000; includeSubDomains; preload"
+ Header always set X-Content-Type-Options "nosniff"
+ Header always set X-Frame-Options "DENY"
+ Header always set Permissions-Policy "geolocation=(), microphone=(), camera=()"
+ Header always set Referrer-Policy "no-referrer"
+
+ # Rate limiting per prevenire abusi
+
+ SetEnv ratelimit-ips 100
+ SetEnv ratelimit-window 60
+
+
--
cgit v1.2.3