62 lines
2.4 KiB
Plaintext
62 lines
2.4 KiB
Plaintext
# Harheimer TC Website - Statische Website (HTTPS)
|
|
# Speichern unter: /etc/apache2/sites-available/harheimertc.tsschulz.de-static.conf
|
|
|
|
<VirtualHost *:443>
|
|
ServerName harheimertc.tsschulz.de
|
|
ServerAdmin admin@tsschulz.de
|
|
|
|
DocumentRoot /var/www/harheimertc/dist
|
|
|
|
ErrorLog ${APACHE_LOG_DIR}/harheimertc-static-error.log
|
|
CustomLog ${APACHE_LOG_DIR}/harheimertc-static-access.log combined
|
|
|
|
# SSL-Konfiguration
|
|
SSLEngine on
|
|
SSLCertificateFile /etc/letsencrypt/live/harheimertc.tsschulz.de/fullchain.pem
|
|
SSLCertificateKeyFile /etc/letsencrypt/live/harheimertc.tsschulz.de/privkey.pem
|
|
|
|
# Moderne SSL-Konfiguration
|
|
SSLProtocol all -SSLv3 -TLSv1 -TLSv1.1
|
|
SSLCipherSuite ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384
|
|
SSLHonorCipherOrder off
|
|
SSLSessionTickets off
|
|
|
|
# Security Headers
|
|
Header always set Strict-Transport-Security "max-age=63072000; includeSubDomains; preload"
|
|
Header always set X-Frame-Options SAMEORIGIN
|
|
Header always set X-Content-Type-Options nosniff
|
|
Header always set Referrer-Policy "strict-origin-when-cross-origin"
|
|
|
|
# Optional: Content Security Policy (zuerst Report-Only testen)
|
|
# Header always set Content-Security-Policy-Report-Only "default-src 'self'; base-uri 'self'; object-src 'none'; frame-ancestors 'self'; font-src 'self' https://fonts.gstatic.com data:; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; script-src 'self'; img-src 'self' data: blob:; connect-src 'self'"
|
|
|
|
# SPA Fallback für Nuxt.js
|
|
<Directory "/var/www/harheimertc/dist">
|
|
Options Indexes FollowSymLinks
|
|
AllowOverride All
|
|
Require all granted
|
|
|
|
# Fallback für Client-Side Routing
|
|
RewriteEngine On
|
|
RewriteBase /
|
|
RewriteRule ^index\.html$ - [L]
|
|
RewriteCond %{REQUEST_FILENAME} !-f
|
|
RewriteCond %{REQUEST_FILENAME} !-d
|
|
RewriteRule . /index.html [L]
|
|
</Directory>
|
|
</VirtualHost>
|
|
|
|
# HTTP zu HTTPS Redirect
|
|
<VirtualHost *:80>
|
|
ServerName harheimertc.tsschulz.de
|
|
ServerAdmin admin@tsschulz.de
|
|
|
|
ErrorLog ${APACHE_LOG_DIR}/harheimertc-redirect-error.log
|
|
CustomLog ${APACHE_LOG_DIR}/harheimertc-redirect-access.log combined
|
|
|
|
# Redirect zu HTTPS
|
|
RewriteEngine On
|
|
RewriteCond %{SERVER_NAME} =harheimertc.tsschulz.de
|
|
RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [END,NE,R=permanent]
|
|
</VirtualHost>
|