🚀 MAJOR: Complete Website Enhancement & Production Ready

docker/apache-config.conf

@@ -0,0 +1,107 @@
+# UK Data Services - Production Apache Configuration
+
+<VirtualHost *:80>
+    ServerName ukdataservices.co.uk
+    ServerAlias www.ukdataservices.co.uk
+    DocumentRoot /var/www/html
+    
+    # Security Headers
+    Header always set X-Content-Type-Options nosniff
+    Header always set X-Frame-Options DENY
+    Header always set X-XSS-Protection "1; mode=block"
+    Header always set Strict-Transport-Security "max-age=31536000; includeSubDomains; preload"
+    Header always set Referrer-Policy "strict-origin-when-cross-origin"
+    Header always unset Server
+    Header always unset X-Powered-By
+    
+    # HSTS Redirect to HTTPS (uncomment for production)
+    # RewriteEngine On
+    # RewriteCond %{HTTPS} off
+    # RewriteRule ^(.*)$ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]
+    
+    # Performance: Enable compression
+    LoadModule deflate_module modules/mod_deflate.so
+    <Location />
+        SetOutputFilter DEFLATE
+        SetEnvIfNoCase Request_URI \
+            \.(?:gif|jpe?g|png)$ no-gzip dont-vary
+        SetEnvIfNoCase Request_URI \
+            \.(?:exe|t?gz|zip|bz2|sit|rar)$ no-gzip dont-vary
+    </Location>
+    
+    # Performance: Enable expires headers
+    LoadModule expires_module modules/mod_expires.so
+    ExpiresActive On
+    ExpiresByType text/css "access plus 1 year"
+    ExpiresByType application/javascript "access plus 1 year"
+    ExpiresByType image/png "access plus 1 year"
+    ExpiresByType image/jpg "access plus 1 year"
+    ExpiresByType image/jpeg "access plus 1 year"
+    ExpiresByType image/gif "access plus 1 year"
+    ExpiresByType image/svg+xml "access plus 1 year"
+    
+    # Directory Configuration
+    <Directory /var/www/html>
+        Options -Indexes +FollowSymLinks
+        AllowOverride All
+        Require all granted
+        
+        # Security: Hide sensitive files
+        <FilesMatch "\.(htaccess|htpasswd|ini|log|sh|inc|bak)$">
+            Require all denied
+        </FilesMatch>
+        
+        # Security: Prevent access to Git files
+        <DirectoryMatch "\.git">
+            Require all denied
+        </DirectoryMatch>
+    </Directory>
+    
+    # Logs
+    ErrorLog /var/www/html/logs/apache_error.log
+    CustomLog /var/www/html/logs/apache_access.log combined
+    LogLevel warn
+    
+    # Asset optimization
+    <LocationMatch "\.(css|js|png|jpg|jpeg|gif|ico|svg|woff|woff2|ttf|eot)$">
+        ExpiresActive On
+        ExpiresDefault "access plus 1 year"
+        Header append Cache-Control "public, immutable"
+    </LocationMatch>
+    
+    # PHP Configuration
+    <FilesMatch \.php$>
+        SetHandler application/x-httpd-php
+    </FilesMatch>
+    
+    # Security: Limit request size (50MB for file uploads)
+    LimitRequestBody 52428800
+    
+    # Rate limiting (if mod_security is available)
+    # SecRuleEngine On
+    # SecRule REMOTE_ADDR "@detectXSS" "id:1001,deny,status:403,msg:'XSS Attack Detected'"
+</VirtualHost>
+
+# HTTPS Configuration (uncomment and configure for production)
+# <VirtualHost *:443>
+#     ServerName ukdataservices.co.uk
+#     ServerAlias www.ukdataservices.co.uk
+#     DocumentRoot /var/www/html
+#     
+#     # SSL Configuration
+#     SSLEngine on
+#     SSLCertificateFile /etc/ssl/certs/ukds/cert.pem
+#     SSLCertificateKeyFile /etc/ssl/certs/ukds/privkey.pem
+#     SSLCertificateChainFile /etc/ssl/certs/ukds/chain.pem
+#     
+#     # SSL Security
+#     SSLProtocol all -SSLv2 -SSLv3 -TLSv1 -TLSv1.1
+#     SSLCipherSuite ECDHE+AESGCM:ECDHE+AES256:ECDHE+AES128:!aNULL:!MD5:!DSS
+#     SSLHonorCipherOrder on
+#     SSLCompression off
+#     SSLUseStapling on
+#     SSLStaplingCache "shmcb:logs/stapling-cache(150000)"
+#     
+#     # Include all other directives from port 80
+#     Include /etc/apache2/sites-available/000-default.conf
+# </VirtualHost>