Add VPS apache examples. Move tkr to /var/www in nginx examples. Add coments.

examples/apache/shared-hosting/.htaccess

@@ -19,15 +19,21 @@ RewriteRule ^(storage|src|templates|uploads|config)(/.*)?$ - [F,L]
 # Security: Block access to hidden files
 RewriteRule ^\..*$ - [F,L]
 
-# Cache static files for 1 hour
+# Cache CSS files for 1 hour
 <FilesMatch "\.css$">
     Header set Cache-Control "public, max-age=3600"
 </FilesMatch>
 
-# Serve the one static file we allow: css/tkr.css (but not css/custom/)
+# Serve the one static file that exists: css/tkr.css
+# (Pass requests to css/custom/ through to the PHP app)
 RewriteCond %{REQUEST_URI} !^/css/custom/
 RewriteRule ^css/tkr\.css$ public/css/tkr.css [L]
 
+# 404 all other static files (images, js, fonts, etc.)
+# so those requests don't hit the PHP app 
+# (this is to reduce load on the PHP app from bots and scanners)
+RewriteRule \.(js|png|jpg|jpeg|gif|ico|svg|woff|woff2|ttf|eot|pdf|zip|mp3|mp4|avi|mov)$ - [R=404,L]
+
 # Everything else goes to the front controller
 RewriteCond %{REQUEST_FILENAME} !-f
 RewriteCond %{REQUEST_FILENAME} !-d

examples/apache/vps/root/tkr.my-domain.com.conf

@@ -0,0 +1,95 @@
+# Apahe VirtualHost example
+# for serving tkr as a subdomain root
+# e.g. https://tkr.my-domain.com/
+<VirtualHost *:80>
+    ServerName tkr.my-domain.com
+    DocumentRoot /var/www/tkr/public
+ 
+#####################################################################
+# Start commenting here to use with docker-compose
+#####################################################################
+    # Redirect HTTP to HTTPS
+    Redirect permanent / https://tkr.my-domain.com/
+</VirtualHost>
+
+<VirtualHost *:443>
+    ServerName tkr.my-domain.com
+    DocumentRoot /var/www/tkr/public
+
+    # SSL Configuration
+    SSLEngine on
+    SSLCertificateFile /etc/letsencrypt/live/tkr.my-domain.com/fullchain.pem
+    SSLCertificateKeyFile /etc/letsencrypt/live/tkr.my-domain.com/privkey.pem
+#####################################################################
+# Start commenting here to use with docker-compose
+#####################################################################
+ 
+    # Security headers
+    Header always set X-Frame-Options "SAMEORIGIN"
+    Header always set X-XSS-Protection "1; mode=block"
+    Header always set X-Content-Type-Options "nosniff"
+    Header always set Strict-Transport-Security "max-age=31536000; includeSubDomains"
+ 
+    # Block access to sensitive directories
+    <Directory "/var/www/tkr/storage">
+        Require all denied
+    </Directory>
+    <Directory "/var/www/tkr/src">
+        Require all denied
+    </Directory>
+    <Directory "/var/www/tkr/templates">
+        Require all denied
+    </Directory>
+    <Directory "/var/www/tkr/config">
+        Require all denied
+    </Directory>
+
+    # Block access to hidden files
+    <DirectoryMatch "^\.|/\.">
+        Require all denied
+    </DirectoryMatch>
+
+    # Cache CSS files
+    <LocationMatch "\.css$">
+        Header set Cache-Control "public, max-age=3600"
+    </LocationMatch>
+
+    # Serve static CSS file
+    Alias /css/tkr.css /var/www/tkr/public/css/tkr.css
+
+    # 404 all non-css static files (images, js, fonts, etc.)
+    # so those requests don't hit the PHP app 
+    # (this is to reduce load on the PHP app from bots and scanners)
+    <LocationMatch "\.(js|png|jpg|jpeg|gif|ico|svg|woff|woff2|ttf|eot|pdf|zip|mp3|mp4|avi|mov)$">
+        <RequireAll>
+            Require all denied
+        </RequireAll>
+    </LocationMatch>
+
+    # Enable rewrite engine
+    <Directory "/var/www/tkr/public">
+        Options -Indexes
+        AllowOverride None
+        Require all granted
+
+        RewriteEngine On
+
+        # Block direct PHP access
+        RewriteCond %{THE_REQUEST} \s/[^?\s]*\.php[\s?] [NC]
+        RewriteRule ^.*$ - [R=404,L]
+
+        # Serve the one static file that exists: css/tkr.css
+        # (Pass requests to css/custom/ through to the PHP app)
+        RewriteCond %{REQUEST_URI} !^/css/custom/
+        RewriteRule ^css/tkr\.css$ css/tkr.css [L]
+
+        # Everything else to front controller  
+        RewriteCond %{REQUEST_FILENAME} !-f
+        RewriteCond %{REQUEST_FILENAME} !-d
+        RewriteRule ^(.*)$ index.php [L]
+    </Directory>
+
+    # Error and access logs
+    ErrorLog ${APACHE_LOG_DIR}/tkr_error.log
+    CustomLog ${APACHE_LOG_DIR}/tkr_access.log combined
+</VirtualHost>

examples/apache/vps/subfolder/my-domain.com.conf

@@ -0,0 +1,87 @@
+# Apahe VirtualHost example
+# for serving tkr as a subdirectory path
+# e.g. https://www.my-domain.com/tkr
+<VirtualHost *:80>
+    ServerName my-domain.com
+    DocumentRoot /var/www/html
+
+#####################################################################
+# Start commenting here to use with docker-compose
+#####################################################################
+    # Redirect HTTP to HTTPS
+    Redirect permanent / https://my-domain.com/
+</VirtualHost>
+
+<VirtualHost *:443>
+    ServerName my-domain.com
+    DocumentRoot /var/www/html
+    
+    # SSL Configuration
+    SSLEngine on
+    SSLCertificateFile /etc/letsencrypt/live/my-domain.com/fullchain.pem
+    SSLCertificateKeyFile /etc/letsencrypt/live/my-domain.com/privkey.pem
+#####################################################################
+# Stop commenting here to use with docker-compose
+#####################################################################
+    
+    # Security headers
+    Header always set X-Frame-Options "SAMEORIGIN"
+    Header always set X-XSS-Protection "1; mode=block"
+    Header always set X-Content-Type-Options "nosniff"
+    Header always set Strict-Transport-Security "max-age=31536000; includeSubDomains"
+    
+    # tkr Application at /tkr
+    # NOTE: If you change the directory name,
+    # remember to update all instances of /var/www/tkr in this file to match 
+    Alias /tkr /var/www/tkr/public
+    
+    # Block access to sensitive TKR directories
+    <Directory "/var/www/tkr/storage">
+        Require all denied
+    </Directory>
+    <Directory "/var/www/tkr/src">
+        Require all denied
+    </Directory>
+    <Directory "/var/www/tkr/templates">
+        Require all denied
+    </Directory>
+    <Directory "/var/www/tkr/config">
+        Require all denied
+    </Directory>
+    
+    # 404 all non-css static files in /tkr (images, js, fonts, etc.)
+    # so those requests don't hit the PHP app 
+    # (this is to reduce load on the PHP app from bots and scanners)
+    <LocationMatch "^/tkr/.*\.(js|png|jpg|jpeg|gif|ico|svg|woff|woff2|ttf|eot|pdf|zip|mp3|mp4|avi|mov)$">
+        <RequireAll>
+            Require all denied
+        </RequireAll>
+    </LocationMatch>
+    
+    # tkr application directory
+    <Directory "/var/www/tkr/public">
+        Options -Indexes
+        AllowOverride None
+        Require all granted
+        
+        RewriteEngine On
+        
+        # Block direct PHP access
+        RewriteCond %{THE_REQUEST} \s/[^?\s]*\.php[\s?] [NC]
+        RewriteRule ^.*$ - [R=404,L]
+        
+        # Serve the one static file that exists: css/tkr.css
+        # (Pass requests to css/custom/ through to the PHP app)
+        RewriteCond %{REQUEST_URI} !^/tkr/css/custom/
+        RewriteRule ^css/tkr\.css$ css/tkr.css [L]
+
+        # Send everything else to the front controller
+        RewriteCond %{REQUEST_FILENAME} !-f
+        RewriteCond %{REQUEST_FILENAME} !-d
+        RewriteRule ^(.*)$ index.php [L]
+    </Directory>
+    
+    # Error and access logs
+    ErrorLog ${APACHE_LOG_DIR}/my-domain_error.log
+    CustomLog ${APACHE_LOG_DIR}/my-domain_access.log combined
+</VirtualHost>

examples/nginx/root/nginx.conf

@@ -2,7 +2,7 @@ server {
     listen 80;
     server_name localhost;
     
-    root /var/www/html/tkr/public;
+    root /var/www/tkr/public;
     index index.php;
 
     # Security headers
@@ -40,7 +40,7 @@ server {
         # so bots and scanners can't tell this is a php app
         location = /index.php {
             fastcgi_pass php:9000;
-            fastcgi_param SCRIPT_FILENAME /var/www/html/tkr/public/index.php;
+            fastcgi_param SCRIPT_FILENAME /var/www/tkr/public/index.php;
             include fastcgi_params;
             
             fastcgi_param REQUEST_METHOD $request_method;
@@ -62,7 +62,7 @@ server {
     # Fallback for /tkr routing - all non-file requests (e.g. /login) go to index.php
     location @tkr_fallback {
         fastcgi_pass php:9000;
-        fastcgi_param SCRIPT_FILENAME /var/www/html/tkr/public/index.php;
+        fastcgi_param SCRIPT_FILENAME /var/www/tkr/public/index.php;
         include fastcgi_params;
         
         fastcgi_param REQUEST_METHOD $request_method;

examples/nginx/subfolder/nginx.conf

@@ -21,7 +21,7 @@ server {
 
     # PHP routing - everything under /tkr goes through index.php
     location /tkr {
-        alias /var/www/html/tkr/public;
+        alias /var/www/tkr/public;
         index index.php;
 
         # Cache static files
@@ -43,7 +43,7 @@ server {
         # so bots and scanners can't tell this is a php app
         location = /tkr/index.php {
             fastcgi_pass php:9000;
-            fastcgi_param SCRIPT_FILENAME /var/www/html/tkr/public/index.php;
+            fastcgi_param SCRIPT_FILENAME /var/www/tkr/public/index.php;
             include fastcgi_params;
             
             fastcgi_param REQUEST_METHOD $request_method;
@@ -65,7 +65,7 @@ server {
     # Fallback for /tkr routing - all non-file requests (e.g. /login) go to index.php
     location @tkr_fallback {
         fastcgi_pass php:9000;
-        fastcgi_param SCRIPT_FILENAME /var/www/html/tkr/public/index.php;
+        fastcgi_param SCRIPT_FILENAME /var/www/tkr/public/index.php;
         include fastcgi_params;
         
         fastcgi_param REQUEST_METHOD $request_method;