From 9c68f70ccc574bc9b21d3b157b7a4decbb8ff926 Mon Sep 17 00:00:00 2001
From: Greg Sarjeant <1686767+gsarjeant@users.noreply.github.com>
Date: Sun, 15 Jun 2025 10:57:28 -0400
Subject: [PATCH] Add VPS apache examples. Move tkr to /var/www in nginx
examples. Add coments.
---
.../apache/{ => shared-hosting}/.htaccess | 12 ++-
.../apache/vps/root/tkr.my-domain.com.conf | 95 +++++++++++++++++++
.../apache/vps/subfolder/my-domain.com.conf | 87 +++++++++++++++++
examples/nginx/root/nginx.conf | 6 +-
examples/nginx/subfolder/nginx.conf | 6 +-
5 files changed, 197 insertions(+), 9 deletions(-)
rename examples/apache/{ => shared-hosting}/.htaccess (67%)
create mode 100644 examples/apache/vps/root/tkr.my-domain.com.conf
create mode 100644 examples/apache/vps/subfolder/my-domain.com.conf
diff --git a/examples/apache/.htaccess b/examples/apache/shared-hosting/.htaccess
similarity index 67%
rename from examples/apache/.htaccess
rename to examples/apache/shared-hosting/.htaccess
index 4b29c8d..49e4823 100644
--- a/examples/apache/.htaccess
+++ b/examples/apache/shared-hosting/.htaccess
@@ -19,16 +19,22 @@ RewriteRule ^(storage|src|templates|uploads|config)(/.*)?$ - [F,L]
# Security: Block access to hidden files
RewriteRule ^\..*$ - [F,L]
-# Cache static files for 1 hour
+# Cache CSS files for 1 hour
Header set Cache-Control "public, max-age=3600"
-# Serve the one static file we allow: css/tkr.css (but not css/custom/)
+# Serve the one static file that exists: css/tkr.css
+# (Pass requests to css/custom/ through to the PHP app)
RewriteCond %{REQUEST_URI} !^/css/custom/
RewriteRule ^css/tkr\.css$ public/css/tkr.css [L]
+# 404 all other static files (images, js, fonts, etc.)
+# so those requests don't hit the PHP app
+# (this is to reduce load on the PHP app from bots and scanners)
+RewriteRule \.(js|png|jpg|jpeg|gif|ico|svg|woff|woff2|ttf|eot|pdf|zip|mp3|mp4|avi|mov)$ - [R=404,L]
+
# Everything else goes to the front controller
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
-RewriteRule ^(.*)$ public/index.php [L]
\ No newline at end of file
+RewriteRule ^(.*)$ public/index.php [L]
diff --git a/examples/apache/vps/root/tkr.my-domain.com.conf b/examples/apache/vps/root/tkr.my-domain.com.conf
new file mode 100644
index 0000000..4969843
--- /dev/null
+++ b/examples/apache/vps/root/tkr.my-domain.com.conf
@@ -0,0 +1,95 @@
+# Apahe VirtualHost example
+# for serving tkr as a subdomain root
+# e.g. https://tkr.my-domain.com/
+
+ ServerName tkr.my-domain.com
+ DocumentRoot /var/www/tkr/public
+
+#####################################################################
+# Start commenting here to use with docker-compose
+#####################################################################
+ # Redirect HTTP to HTTPS
+ Redirect permanent / https://tkr.my-domain.com/
+
+
+
+ ServerName tkr.my-domain.com
+ DocumentRoot /var/www/tkr/public
+
+ # SSL Configuration
+ SSLEngine on
+ SSLCertificateFile /etc/letsencrypt/live/tkr.my-domain.com/fullchain.pem
+ SSLCertificateKeyFile /etc/letsencrypt/live/tkr.my-domain.com/privkey.pem
+#####################################################################
+# Start commenting here to use with docker-compose
+#####################################################################
+
+ # Security headers
+ Header always set X-Frame-Options "SAMEORIGIN"
+ Header always set X-XSS-Protection "1; mode=block"
+ Header always set X-Content-Type-Options "nosniff"
+ Header always set Strict-Transport-Security "max-age=31536000; includeSubDomains"
+
+ # Block access to sensitive directories
+
+ Require all denied
+
+
+ Require all denied
+
+
+ Require all denied
+
+
+ Require all denied
+
+
+ # Block access to hidden files
+
+ Require all denied
+
+
+ # Cache CSS files
+
+ Header set Cache-Control "public, max-age=3600"
+
+
+ # Serve static CSS file
+ Alias /css/tkr.css /var/www/tkr/public/css/tkr.css
+
+ # 404 all non-css static files (images, js, fonts, etc.)
+ # so those requests don't hit the PHP app
+ # (this is to reduce load on the PHP app from bots and scanners)
+
+
+ Require all denied
+
+
+
+ # Enable rewrite engine
+
+ Options -Indexes
+ AllowOverride None
+ Require all granted
+
+ RewriteEngine On
+
+ # Block direct PHP access
+ RewriteCond %{THE_REQUEST} \s/[^?\s]*\.php[\s?] [NC]
+ RewriteRule ^.*$ - [R=404,L]
+
+ # Serve the one static file that exists: css/tkr.css
+ # (Pass requests to css/custom/ through to the PHP app)
+ RewriteCond %{REQUEST_URI} !^/css/custom/
+ RewriteRule ^css/tkr\.css$ css/tkr.css [L]
+
+ # Everything else to front controller
+ RewriteCond %{REQUEST_FILENAME} !-f
+ RewriteCond %{REQUEST_FILENAME} !-d
+ RewriteRule ^(.*)$ index.php [L]
+
+
+ # Error and access logs
+ ErrorLog ${APACHE_LOG_DIR}/tkr_error.log
+ CustomLog ${APACHE_LOG_DIR}/tkr_access.log combined
+
diff --git a/examples/apache/vps/subfolder/my-domain.com.conf b/examples/apache/vps/subfolder/my-domain.com.conf
new file mode 100644
index 0000000..ff449ae
--- /dev/null
+++ b/examples/apache/vps/subfolder/my-domain.com.conf
@@ -0,0 +1,87 @@
+# Apahe VirtualHost example
+# for serving tkr as a subdirectory path
+# e.g. https://www.my-domain.com/tkr
+
+ ServerName my-domain.com
+ DocumentRoot /var/www/html
+
+#####################################################################
+# Start commenting here to use with docker-compose
+#####################################################################
+ # Redirect HTTP to HTTPS
+ Redirect permanent / https://my-domain.com/
+
+
+
+ ServerName my-domain.com
+ DocumentRoot /var/www/html
+
+ # SSL Configuration
+ SSLEngine on
+ SSLCertificateFile /etc/letsencrypt/live/my-domain.com/fullchain.pem
+ SSLCertificateKeyFile /etc/letsencrypt/live/my-domain.com/privkey.pem
+#####################################################################
+# Stop commenting here to use with docker-compose
+#####################################################################
+
+ # Security headers
+ Header always set X-Frame-Options "SAMEORIGIN"
+ Header always set X-XSS-Protection "1; mode=block"
+ Header always set X-Content-Type-Options "nosniff"
+ Header always set Strict-Transport-Security "max-age=31536000; includeSubDomains"
+
+ # tkr Application at /tkr
+ # NOTE: If you change the directory name,
+ # remember to update all instances of /var/www/tkr in this file to match
+ Alias /tkr /var/www/tkr/public
+
+ # Block access to sensitive TKR directories
+
+ Require all denied
+
+
+ Require all denied
+
+
+ Require all denied
+
+
+ Require all denied
+
+
+ # 404 all non-css static files in /tkr (images, js, fonts, etc.)
+ # so those requests don't hit the PHP app
+ # (this is to reduce load on the PHP app from bots and scanners)
+
+
+ Require all denied
+
+
+
+ # tkr application directory
+
+ Options -Indexes
+ AllowOverride None
+ Require all granted
+
+ RewriteEngine On
+
+ # Block direct PHP access
+ RewriteCond %{THE_REQUEST} \s/[^?\s]*\.php[\s?] [NC]
+ RewriteRule ^.*$ - [R=404,L]
+
+ # Serve the one static file that exists: css/tkr.css
+ # (Pass requests to css/custom/ through to the PHP app)
+ RewriteCond %{REQUEST_URI} !^/tkr/css/custom/
+ RewriteRule ^css/tkr\.css$ css/tkr.css [L]
+
+ # Send everything else to the front controller
+ RewriteCond %{REQUEST_FILENAME} !-f
+ RewriteCond %{REQUEST_FILENAME} !-d
+ RewriteRule ^(.*)$ index.php [L]
+
+
+ # Error and access logs
+ ErrorLog ${APACHE_LOG_DIR}/my-domain_error.log
+ CustomLog ${APACHE_LOG_DIR}/my-domain_access.log combined
+
diff --git a/examples/nginx/root/nginx.conf b/examples/nginx/root/nginx.conf
index 2bc476f..daa695e 100644
--- a/examples/nginx/root/nginx.conf
+++ b/examples/nginx/root/nginx.conf
@@ -2,7 +2,7 @@ server {
listen 80;
server_name localhost;
- root /var/www/html/tkr/public;
+ root /var/www/tkr/public;
index index.php;
# Security headers
@@ -40,7 +40,7 @@ server {
# so bots and scanners can't tell this is a php app
location = /index.php {
fastcgi_pass php:9000;
- fastcgi_param SCRIPT_FILENAME /var/www/html/tkr/public/index.php;
+ fastcgi_param SCRIPT_FILENAME /var/www/tkr/public/index.php;
include fastcgi_params;
fastcgi_param REQUEST_METHOD $request_method;
@@ -62,7 +62,7 @@ server {
# Fallback for /tkr routing - all non-file requests (e.g. /login) go to index.php
location @tkr_fallback {
fastcgi_pass php:9000;
- fastcgi_param SCRIPT_FILENAME /var/www/html/tkr/public/index.php;
+ fastcgi_param SCRIPT_FILENAME /var/www/tkr/public/index.php;
include fastcgi_params;
fastcgi_param REQUEST_METHOD $request_method;
diff --git a/examples/nginx/subfolder/nginx.conf b/examples/nginx/subfolder/nginx.conf
index d48d4dd..eb5dacf 100644
--- a/examples/nginx/subfolder/nginx.conf
+++ b/examples/nginx/subfolder/nginx.conf
@@ -21,7 +21,7 @@ server {
# PHP routing - everything under /tkr goes through index.php
location /tkr {
- alias /var/www/html/tkr/public;
+ alias /var/www/tkr/public;
index index.php;
# Cache static files
@@ -43,7 +43,7 @@ server {
# so bots and scanners can't tell this is a php app
location = /tkr/index.php {
fastcgi_pass php:9000;
- fastcgi_param SCRIPT_FILENAME /var/www/html/tkr/public/index.php;
+ fastcgi_param SCRIPT_FILENAME /var/www/tkr/public/index.php;
include fastcgi_params;
fastcgi_param REQUEST_METHOD $request_method;
@@ -65,7 +65,7 @@ server {
# Fallback for /tkr routing - all non-file requests (e.g. /login) go to index.php
location @tkr_fallback {
fastcgi_pass php:9000;
- fastcgi_param SCRIPT_FILENAME /var/www/html/tkr/public/index.php;
+ fastcgi_param SCRIPT_FILENAME /var/www/tkr/public/index.php;
include fastcgi_params;
fastcgi_param REQUEST_METHOD $request_method;