-
Notifications
You must be signed in to change notification settings - Fork 14
/
Copy pathapache2-example.conf
101 lines (79 loc) · 2.22 KB
/
apache2-example.conf
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
#
# api.openthc
#
Define "api_host" "api.openthc.example.com"
Define "api_root" "/opt/openthc/api"
# webroot
<Directory ${api_root}/webroot>
<LimitExcept GET HEAD POST>
Require all denied
</LimitExcept>
AllowOverride None
Options FollowSymLinks Indexes
Require all granted
# Headers
Header set referrer-policy "same-origin"
Header set x-content-type-options "nosniff"
Header set x-frame-options "deny"
Header set x-xss-protection "1; mode=block"
# Main Controller
RewriteEngine On
RewriteCond %{REQUEST_FILENAME} !-d
RewriteCond %{REQUEST_FILENAME} !-f
RewriteRule .* /main.php [L,QSA]
# PHP Settings
php_flag allow_url_fopen off
php_flag allow_url_include off
php_flag define_syslog_variables on
php_flag display_errors on
php_flag display_startup_errors on
php_flag enable_dl off
php_flag error_log on
php_flag expose_php off
php_flag html_errors off
php_flag ignore_repeated_errors on
php_flag ignore_repeated_source on
php_flag implicit_flush off
php_flag log_errors on
php_flag magic_quotes_runtime off
php_flag mail.add_x_header off
php_value date.timezone UTC
php_value error_reporting -1
php_value max_execution_time 60
php_value max_input_vars 128
php_value memory_limit 128M
php_value post_max_size 12M
php_value upload_max_filesize 8M
# Session Data
php_flag session.auto_start off
php_flag session.cookie_httponly on
php_flag session.cookie_secure on
php_flag session.use_strict_mode on
php_value session.cookie_lifetime 14400
php_value session.cookie_samesite strict
php_value session.gc_maxlifetime 3600
php_value session.name openthc
</Directory>
#
# HTTP
<VirtualHost *:80>
ServerName ${api_host}
DocumentRoot ${api_root}/webroot
RewriteEngine On
RewriteCond %{HTTPS} !=on
RewriteRule ^/.well-known - [END]
RewriteRule .* https://%{SERVER_NAME}%{REQUEST_URI} [R=301,L]
</VirtualHost>
#
# HTTPS
<VirtualHost *:443>
ServerName ${api_host}
DocumentRoot ${api_root}/webroot
SSLEngine On
SSLCertificateFile /etc/letsencrypt/live/${api_host}/fullchain.pem
SSLCertificateKeyFile /etc/letsencrypt/live/${api_host}/privkey.pem
# Authorization Header
RewriteEngine On
RewriteCond %{HTTP:Authorization} .
RewriteRule .* - [E=HTTP_AUTHORIZATION:%{HTTP:Authorization}]
</VirtualHost>