90 lines
3.0 KiB
Plaintext
90 lines
3.0 KiB
Plaintext
# Example Apache VirtualHost
|
|
# for serving tkr as a subdirectory path with SSL
|
|
# e.g. https://www.my-domain.com/tkr
|
|
#
|
|
# Use SSL in production.
|
|
# This is a minimal SSL confiuration
|
|
# For more robust SSL configuration, refer to https://ssl-config.mozilla.org/
|
|
<VirtualHost *:80>
|
|
# Replace localhost with your subdomain, e.g. tkr.my-domain.com
|
|
ServerName localhost
|
|
DocumentRoot /var/www/html
|
|
# Redirect HTTP to HTTPS
|
|
Redirect permanent / https://my-domain.com/
|
|
</VirtualHost>
|
|
|
|
<VirtualHost *:443>
|
|
# Replace localhost with your subdomain, e.g. tkr.my-domain.com
|
|
ServerName localhost
|
|
DocumentRoot /var/www/html
|
|
|
|
# SSL Configuration
|
|
SSLEngine on
|
|
|
|
# Assumes you're using letsencrypt for cert generation
|
|
# Replace with the actual paths to your cert and key
|
|
SSLCertificateFile /etc/letsencrypt/live/my-domain.com/fullchain.pem
|
|
SSLCertificateKeyFile /etc/letsencrypt/live/my-domain.com/privkey.pem
|
|
|
|
# Security headers
|
|
Header always set X-Frame-Options "SAMEORIGIN"
|
|
Header always set X-XSS-Protection "1; mode=block"
|
|
Header always set X-Content-Type-Options "nosniff"
|
|
Header always set Strict-Transport-Security "max-age=31536000; includeSubDomains"
|
|
|
|
# tkr Application at /tkr
|
|
# NOTE: If you change the directory name,
|
|
# remember to update all instances of /var/www/tkr in this file to match
|
|
Alias /tkr /var/www/tkr/public
|
|
|
|
# Block access to sensitive TKR directories
|
|
<Directory "/var/www/tkr/storage">
|
|
Require all denied
|
|
</Directory>
|
|
<Directory "/var/www/tkr/src">
|
|
Require all denied
|
|
</Directory>
|
|
<Directory "/var/www/tkr/templates">
|
|
Require all denied
|
|
</Directory>
|
|
<Directory "/var/www/tkr/config">
|
|
Require all denied
|
|
</Directory>
|
|
|
|
# 404 all non-css static files in /tkr (images, js, fonts, etc.)
|
|
# so those requests don't hit the PHP app
|
|
# (this is to reduce load on the PHP app from bots and scanners)
|
|
<LocationMatch "^/tkr/.*\.(js|png|jpg|jpeg|gif|ico|svg|woff|woff2|ttf|eot|pdf|zip|mp3|mp4|avi|mov)$">
|
|
<RequireAll>
|
|
Require all denied
|
|
</RequireAll>
|
|
</LocationMatch>
|
|
|
|
# tkr application directory
|
|
<Directory "/var/www/tkr/public">
|
|
Options -Indexes
|
|
AllowOverride None
|
|
Require all granted
|
|
|
|
RewriteEngine On
|
|
|
|
# Block direct PHP access
|
|
RewriteCond %{THE_REQUEST} \s/[^?\s]*\.php[\s?] [NC]
|
|
RewriteRule ^.*$ - [R=404,L]
|
|
|
|
# Serve the one static file that exists: css/tkr.css
|
|
# (Pass requests to css/custom/ through to the PHP app)
|
|
RewriteCond %{REQUEST_URI} !^/tkr/css/custom/
|
|
RewriteRule ^css/tkr\.css$ css/tkr.css [L]
|
|
|
|
# Send everything else to the front controller
|
|
RewriteCond %{REQUEST_FILENAME} !-f
|
|
RewriteCond %{REQUEST_FILENAME} !-d
|
|
RewriteRule ^(.*)$ index.php [L]
|
|
</Directory>
|
|
|
|
# Error and access logs
|
|
ErrorLog ${APACHE_LOG_DIR}/my-domain_error.log
|
|
CustomLog ${APACHE_LOG_DIR}/my-domain_access.log combined
|
|
</VirtualHost>
|