ServerName safecomms.virebent.art RewriteEngine On RewriteCond %{HTTPS} off RewriteRule ^/?(.*) https://%{SERVER_NAME}/$1 [R=301,L] ServerName localhost.localdomain DocumentRoot /var/www/nofuture # Enable SSL and specify the paths for Let's Encrypt certificates SSLEngine on SSLProtocol -all +TLSv1.3 SSLCertificateFile /etc/letsencrypt/live/localhost.localdomain/fullchain.pem SSLCertificateKeyFile /etc/letsencrypt/live/localhost.localdomain/privkey.pem # Enable HTTP/2 Protocols h2 http/1.1 # Example: if your backend handles exactly these 4 routes: ProxyPreserveHost On ProxyPass /api/ http://127.0.0.1:3000/api/ disablereuse=On ProxyPassReverse /api/ http://127.0.0.1:3000/api/ # CORS Headers for API requests Header always set Access-Control-Allow-Origin "*" Header always set Access-Control-Allow-Methods "POST, OPTIONS" Header always set Access-Control-Allow-Headers "Content-Type" Header always set Content-Type "application/json" # Handle OPTIONS requests RewriteEngine On RewriteCond %{REQUEST_METHOD} OPTIONS RewriteRule ^(.*)$ $1 [R=204,L] # for debugging LogLevel warn ErrorLog ${APACHE_LOG_DIR}/nofuture_error.log # for this to work: a2enmod remoteip and uncomment LogFormat # LogFormat "\"%{X-Forwarded-For}i\" %l %u %t \"%r\" %>s %b" anonymized_log CustomLog ${APACHE_LOG_DIR}/nofuture_access.log anonymized_log # a2enmod expires Options FollowSymLinks ExpiresActive On ExpiresByType text/css "access plus 1 year" ExpiresByType application/javascript "access plus 1 year" Header set Cache-Control "public, immutable" DirectoryIndex index.html AllowOverride none Require all granted # protection for our files in DocumentRoot Require all denied # Headers Header always set Strict-Transport-Security "max-age=63072000; includeSubDomains; preload" Header always set X-Content-Type-Options "nosniff" Header always set X-Frame-Options "DENY" Header always set Permissions-Policy "geolocation=(), microphone=(), camera=()" Header always set Referrer-Policy "no-referrer" # Rate limiting per prevenire abusi SetEnv ratelimit-ips 100 SetEnv ratelimit-window 60