ServerName safecomms.virebent.art
RewriteEngine On
RewriteCond %{HTTPS} off
RewriteRule ^/?(.*) https://%{SERVER_NAME}/$1 [R=301,L]
ServerName localhost.localdomain
DocumentRoot /var/www/nofuture
# Enable SSL and specify the paths for Let's Encrypt certificates
SSLEngine on
SSLProtocol -all +TLSv1.3
SSLCertificateFile /etc/letsencrypt/live/localhost.localdomain/fullchain.pem
SSLCertificateKeyFile /etc/letsencrypt/live/localhost.localdomain/privkey.pem
# Enable HTTP/2
Protocols h2 http/1.1
# Example: if your backend handles exactly these 4 routes:
ProxyPreserveHost On
ProxyPass /api/ http://127.0.0.1:3000/api/ disablereuse=On
ProxyPassReverse /api/ http://127.0.0.1:3000/api/
# CORS Headers for API requests
Header always set Access-Control-Allow-Origin "*"
Header always set Access-Control-Allow-Methods "POST, OPTIONS"
Header always set Access-Control-Allow-Headers "Content-Type"
Header always set Content-Type "application/json"
# Handle OPTIONS requests
RewriteEngine On
RewriteCond %{REQUEST_METHOD} OPTIONS
RewriteRule ^(.*)$ $1 [R=204,L]
# for debugging
LogLevel warn
ErrorLog ${APACHE_LOG_DIR}/nofuture_error.log
# for this to work: a2enmod remoteip and uncomment LogFormat
# LogFormat "\"%{X-Forwarded-For}i\" %l %u %t \"%r\" %>s %b" anonymized_log
CustomLog ${APACHE_LOG_DIR}/nofuture_access.log anonymized_log
# a2enmod expires
Options FollowSymLinks
ExpiresActive On
ExpiresByType text/css "access plus 1 year"
ExpiresByType application/javascript "access plus 1 year"
Header set Cache-Control "public, immutable"
DirectoryIndex index.html
AllowOverride none
Require all granted
# protection for our files in DocumentRoot
Require all denied
# Headers
Header always set Strict-Transport-Security "max-age=63072000; includeSubDomains; preload"
Header always set X-Content-Type-Options "nosniff"
Header always set X-Frame-Options "DENY"
Header always set Permissions-Policy "geolocation=(), microphone=(), camera=()"
Header always set Referrer-Policy "no-referrer"
# Rate limiting per prevenire abusi
SetEnv ratelimit-ips 100
SetEnv ratelimit-window 60