# Harheimer TC Website - HTTPS VirtualHost
# Speichern unter: /etc/apache2/sites-available/harheimertc.tsschulz.de-ssl.conf
ServerName harheimertc.tsschulz.de
ServerAdmin admin@tsschulz.de
DocumentRoot /var/www/harheimertc/dist
ErrorLog ${APACHE_LOG_DIR}/harheimertc-ssl-error.log
CustomLog ${APACHE_LOG_DIR}/harheimertc-ssl-access.log combined
# SSL-Konfiguration
SSLEngine on
SSLCertificateFile /etc/letsencrypt/live/harheimertc.tsschulz.de/fullchain.pem
SSLCertificateKeyFile /etc/letsencrypt/live/harheimertc.tsschulz.de/privkey.pem
# Moderne SSL-Konfiguration
SSLProtocol all -SSLv3 -TLSv1 -TLSv1.1
SSLCipherSuite ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384
SSLHonorCipherOrder off
SSLSessionTickets off
# Security Headers
Header always set Strict-Transport-Security "max-age=63072000; includeSubDomains; preload"
Header always set X-Frame-Options DENY
Header always set X-Content-Type-Options nosniff
Header always set Referrer-Policy "strict-origin-when-cross-origin"
Header always set Permissions-Policy "geolocation=(), microphone=(), camera=()"
# SPA Fallback für Nuxt.js
Options Indexes FollowSymLinks
AllowOverride All
Require all granted
# Fallback für Client-Side Routing
RewriteEngine On
RewriteBase /
RewriteRule ^index\.html$ - [L]
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule . /index.html [L]
# API-Routes für Nuxt Server (falls Server-Side Rendering verwendet wird)
ProxyPreserveHost On
ProxyPass /api/ http://localhost:3100/api/
ProxyPassReverse /api/ http://localhost:3100/api/
# HTTP zu HTTPS Redirect
ServerName harheimertc.tsschulz.de
ServerAdmin admin@tsschulz.de
ErrorLog ${APACHE_LOG_DIR}/harheimertc-redirect-error.log
CustomLog ${APACHE_LOG_DIR}/harheimertc-redirect-access.log combined
# Redirect zu HTTPS
RewriteEngine On
RewriteCond %{SERVER_NAME} =harheimertc.tsschulz.de
RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [END,NE,R=permanent]