151 lines
4.7 KiB
ApacheConf
151 lines
4.7 KiB
ApacheConf
<VirtualHost *:80>
|
|
# The ServerName directive sets the request scheme, hostname and port that
|
|
# the server uses to identify itself. This is used when creating
|
|
# redirection URLs. In the context of virtual hosts, the ServerName
|
|
# specifies what hostname must appear in the request's Host: header to
|
|
# match this virtual host. For the default virtual host (this file) this
|
|
# value is not decisive as it is used as a last resort host regardless.
|
|
# However, you must set it for any further virtual host explicitly.
|
|
#ServerName www.example.com
|
|
|
|
ServerAdmin webmaster@localhost
|
|
DocumentRoot /var/www/html
|
|
|
|
# Available loglevels: trace8, ..., trace1, debug, info, notice, warn,
|
|
# error, crit, alert, emerg.
|
|
# It is also possible to configure the loglevel for particular
|
|
# modules, e.g.
|
|
#LogLevel info ssl:warn
|
|
|
|
ErrorLog ${APACHE_LOG_DIR}/error.log
|
|
CustomLog ${APACHE_LOG_DIR}/access.log combined
|
|
|
|
# For most configuration files from conf-available/, which are
|
|
# enabled or disabled at a global level, it is possible to
|
|
# include a line for only one particular virtual host. For example the
|
|
# following line enables the CGI configuration for this host only
|
|
# after it has been globally disabled with "a2disconf".
|
|
#Include conf-available/serve-cgi-bin.conf
|
|
<Directory /var/www/html>
|
|
AllowOverride None
|
|
<IfModule mod_headers.c>
|
|
<IfModule mod_setenvif.c>
|
|
<IfModule mod_fcgid.c>
|
|
SetEnvIfNoCase ^Authorization$ "(.+)" XAUTHORIZATION=$1
|
|
RequestHeader set XAuthorization %{XAUTHORIZATION}e env=XAUTHORIZATION
|
|
</IfModule>
|
|
<IfModule mod_proxy_fcgi.c>
|
|
SetEnvIfNoCase Authorization "(.+)" HTTP_AUTHORIZATION=$1
|
|
</IfModule>
|
|
</IfModule>
|
|
|
|
<IfModule mod_env.c>
|
|
# Add security and privacy related headers
|
|
|
|
# Avoid doubled headers by unsetting headers in "onsuccess" table,
|
|
# then add headers to "always" table: https://github.com/nextcloud/server/pull/19002
|
|
Header onsuccess unset Referrer-Policy
|
|
Header always set Referrer-Policy "no-referrer"
|
|
|
|
Header onsuccess unset X-Content-Type-Options
|
|
Header always set X-Content-Type-Options "nosniff"
|
|
|
|
Header onsuccess unset X-Download-Options
|
|
Header always set X-Download-Options "noopen"
|
|
|
|
Header onsuccess unset X-Frame-Options
|
|
Header always set X-Frame-Options "SAMEORIGIN"
|
|
|
|
Header onsuccess unset X-Permitted-Cross-Domain-Policies
|
|
Header always set X-Permitted-Cross-Domain-Policies "none"
|
|
|
|
Header onsuccess unset X-Robots-Tag
|
|
Header always set X-Robots-Tag "none"
|
|
|
|
Header onsuccess unset X-XSS-Protection
|
|
Header always set X-XSS-Protection "1; mode=block"
|
|
|
|
SetEnv modHeadersAvailable true
|
|
</IfModule>
|
|
|
|
# Add cache control for static resources
|
|
<FilesMatch "\.(css|js|svg|gif)$">
|
|
Header set Cache-Control "max-age=15778463"
|
|
</FilesMatch>
|
|
|
|
# Let browsers cache WOFF files for a week
|
|
<FilesMatch "\.woff2?$">
|
|
Header set Cache-Control "max-age=604800"
|
|
</FilesMatch>
|
|
</IfModule>
|
|
<IfModule mod_php7.c>
|
|
php_value mbstring.func_overload 0
|
|
php_value default_charset 'UTF-8'
|
|
php_value output_buffering 0
|
|
<IfModule mod_env.c>
|
|
SetEnv htaccessWorking true
|
|
</IfModule>
|
|
</IfModule>
|
|
<IfModule mod_rewrite.c>
|
|
RewriteEngine on
|
|
RewriteCond %{HTTP_USER_AGENT} DavClnt
|
|
RewriteRule ^$ /remote.php/webdav/ [L,R=302]
|
|
RewriteRule .* - [env=HTTP_AUTHORIZATION:%{HTTP:Authorization}]
|
|
RewriteRule ^\.well-known/host-meta /public.php?service=host-meta [QSA,L]
|
|
RewriteRule ^\.well-known/host-meta\.json /public.php?service=host-meta-json [QSA,L]
|
|
RewriteRule ^\.well-known/webfinger /public.php?service=webfinger [QSA,L]
|
|
RewriteRule ^\.well-known/nodeinfo /public.php?service=nodeinfo [QSA,L]
|
|
RewriteRule ^\.well-known/carddav /remote.php/dav/ [R=301,L]
|
|
RewriteRule ^\.well-known/caldav /remote.php/dav/ [R=301,L]
|
|
RewriteRule ^remote/(.*) remote.php [QSA,L]
|
|
RewriteRule ^(?:build|tests|config|lib|3rdparty|templates)/.* - [R=404,L]
|
|
RewriteCond %{REQUEST_URI} !^/\.well-known/(acme-challenge|pki-validation)/.*
|
|
RewriteRule ^(?:\.|autotest|occ|issue|indie|db_|console).* - [R=404,L]
|
|
</IfModule>
|
|
<IfModule mod_mime.c>
|
|
AddType image/svg+xml svg svgz
|
|
AddEncoding gzip svgz
|
|
</IfModule>
|
|
<IfModule mod_dir.c>
|
|
DirectoryIndex index.php index.html
|
|
</IfModule>
|
|
AddDefaultCharset utf-8
|
|
Options -Indexes
|
|
<IfModule pagespeed_module>
|
|
ModPagespeed Off
|
|
</IfModule>
|
|
|
|
</Directory>
|
|
|
|
<Directory /var/www/html/config>
|
|
AllowOverride None
|
|
# Section for Apache 2.4 to 2.6
|
|
<IfModule mod_authz_core.c>
|
|
Require all denied
|
|
</IfModule>
|
|
<IfModule mod_access_compat.c>
|
|
Order Allow,Deny
|
|
Deny from all
|
|
Satisfy All
|
|
</IfModule>
|
|
|
|
# Section for Apache 2.2
|
|
<IfModule !mod_authz_core.c>
|
|
<IfModule !mod_access_compat.c>
|
|
<IfModule mod_authz_host.c>
|
|
Order Allow,Deny
|
|
Deny from all
|
|
</IfModule>
|
|
Satisfy All
|
|
</IfModule>
|
|
</IfModule>
|
|
|
|
# Section for Apache 2.2 to 2.6
|
|
<IfModule mod_autoindex.c>
|
|
IndexIgnore *
|
|
</IfModule>
|
|
</Directory>
|
|
</VirtualHost>
|
|
|
|
# vim: syntax=apache ts=4 sw=4 sts=4 sr noet
|