peter/ukaiautomation
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
c07d1260443e18f54ddd8c6e688009d1cd8f1fa5
ukaiautomation/docker/apache-config.conf

107 lines
3.7 KiB
Plaintext
Raw Blame History

# UK Data Services - Production Apache Configuration
<VirtualHost *:80>
ServerName ukdataservices.co.uk
ServerAlias www.ukdataservices.co.uk
DocumentRoot /var/www/html
# Security Headers
Header always set X-Content-Type-Options nosniff
Header always set X-Frame-Options DENY
Header always set X-XSS-Protection "1; mode=block"
Header always set Strict-Transport-Security "max-age=31536000; includeSubDomains; preload"
Header always set Referrer-Policy "strict-origin-when-cross-origin"
Header always unset Server
Header always unset X-Powered-By
# HSTS Redirect to HTTPS (uncomment for production)
# RewriteEngine On
# RewriteCond %{HTTPS} off
# RewriteRule ^(.*)$ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]
# Performance: Enable compression
LoadModule deflate_module modules/mod_deflate.so
<Location />
SetOutputFilter DEFLATE
SetEnvIfNoCase Request_URI \
\.(?:gif|jpe?g|png)$ no-gzip dont-vary
SetEnvIfNoCase Request_URI \
\.(?:exe|t?gz|zip|bz2|sit|rar)$ no-gzip dont-vary
</Location>
# Performance: Enable expires headers
LoadModule expires_module modules/mod_expires.so
ExpiresActive On
ExpiresByType text/css "access plus 1 year"
ExpiresByType application/javascript "access plus 1 year"
ExpiresByType image/png "access plus 1 year"
ExpiresByType image/jpg "access plus 1 year"
ExpiresByType image/jpeg "access plus 1 year"
ExpiresByType image/gif "access plus 1 year"
ExpiresByType image/svg+xml "access plus 1 year"
# Directory Configuration
<Directory /var/www/html>
Options -Indexes +FollowSymLinks
AllowOverride All
Require all granted
# Security: Hide sensitive files
<FilesMatch "\.(htaccess|htpasswd|ini|log|sh|inc|bak)$">
Require all denied
</FilesMatch>
# Security: Prevent access to Git files
<DirectoryMatch "\.git">
Require all denied
</DirectoryMatch>
</Directory>
# Logs
ErrorLog /var/www/html/logs/apache_error.log
CustomLog /var/www/html/logs/apache_access.log combined
LogLevel warn
# Asset optimization
<LocationMatch "\.(css|js|png|jpg|jpeg|gif|ico|svg|woff|woff2|ttf|eot)$">
ExpiresActive On
ExpiresDefault "access plus 1 year"
Header append Cache-Control "public, immutable"
</LocationMatch>
# PHP Configuration
<FilesMatch \.php$>
SetHandler application/x-httpd-php
</FilesMatch>
# Security: Limit request size (50MB for file uploads)
LimitRequestBody 52428800
# Rate limiting (if mod_security is available)
# SecRuleEngine On
# SecRule REMOTE_ADDR "@detectXSS" "id:1001,deny,status:403,msg:'XSS Attack Detected'"
</VirtualHost>
# HTTPS Configuration (uncomment and configure for production)
# <VirtualHost *:443>
# ServerName ukdataservices.co.uk
# ServerAlias www.ukdataservices.co.uk
# DocumentRoot /var/www/html
#
# # SSL Configuration
# SSLEngine on
# SSLCertificateFile /etc/ssl/certs/ukds/cert.pem
# SSLCertificateKeyFile /etc/ssl/certs/ukds/privkey.pem
# SSLCertificateChainFile /etc/ssl/certs/ukds/chain.pem
#
# # SSL Security
# SSLProtocol all -SSLv2 -SSLv3 -TLSv1 -TLSv1.1
# SSLCipherSuite ECDHE+AESGCM:ECDHE+AES256:ECDHE+AES128:!aNULL:!MD5:!DSS
# SSLHonorCipherOrder on
# SSLCompression off
# SSLUseStapling on
# SSLStaplingCache "shmcb:logs/stapling-cache(150000)"
#
# # Include all other directives from port 80
# Include /etc/apache2/sites-available/000-default.conf
# </VirtualHost>
Reference in New Issue View Git Blame Copy Permalink