114 lines
4.3 KiB
ApacheConf
114 lines
4.3 KiB
ApacheConf
# ==============================================================================
|
|
# COMPLETE APACHE VIRTUALHOST CONFIGURATION
|
|
# ==============================================================================
|
|
# Complete VirtualHost configuration for Video Optimizer on Apache
|
|
# Domain: ai-sandbox.oliver.solutions/video-optimizer
|
|
#
|
|
# Installation:
|
|
# 1. Copy this file to /etc/apache2/sites-available/video-optimizer.conf
|
|
# 2. Enable required Apache modules:
|
|
# sudo a2enmod proxy proxy_http headers rewrite ssl
|
|
# 3. Enable the site:
|
|
# sudo a2ensite video-optimizer
|
|
# 4. Test configuration:
|
|
# sudo apache2ctl configtest
|
|
# 5. Reload Apache:
|
|
# sudo systemctl reload apache2
|
|
# ==============================================================================
|
|
|
|
<VirtualHost *:80>
|
|
ServerName ai-sandbox.oliver.solutions
|
|
ServerAlias www.ai-sandbox.oliver.solutions
|
|
|
|
# Redirect all HTTP traffic to HTTPS
|
|
RewriteEngine On
|
|
RewriteCond %{HTTPS} off
|
|
RewriteRule ^ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]
|
|
</VirtualHost>
|
|
|
|
<VirtualHost *:443>
|
|
ServerName ai-sandbox.oliver.solutions
|
|
ServerAlias www.ai-sandbox.oliver.solutions
|
|
|
|
# SSL Configuration (adjust certificate paths as needed)
|
|
SSLEngine on
|
|
SSLCertificateFile /etc/ssl/certs/ai-sandbox.oliver.solutions.crt
|
|
SSLCertificateKeyFile /etc/ssl/private/ai-sandbox.oliver.solutions.key
|
|
SSLCertificateChainFile /etc/ssl/certs/ca-bundle.crt
|
|
|
|
# Modern SSL/TLS Configuration
|
|
SSLProtocol all -SSLv2 -SSLv3 -TLSv1 -TLSv1.1
|
|
SSLCipherSuite ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384
|
|
SSLHonorCipherOrder off
|
|
SSLSessionTickets off
|
|
|
|
# Security Headers
|
|
Header always set X-Frame-Options "SAMEORIGIN"
|
|
Header always set X-Content-Type-Options "nosniff"
|
|
Header always set X-XSS-Protection "1; mode=block"
|
|
Header always set Referrer-Policy "strict-origin-when-cross-origin"
|
|
Header always set Permissions-Policy "geolocation=(), microphone=(), camera=()"
|
|
|
|
# HSTS (HTTP Strict Transport Security) - enable after testing
|
|
# Header always set Strict-Transport-Security "max-age=31536000; includeSubDomains; preload"
|
|
|
|
# Logging
|
|
ErrorLog ${APACHE_LOG_DIR}/video-optimizer-error.log
|
|
CustomLog ${APACHE_LOG_DIR}/video-optimizer-access.log combined
|
|
|
|
# ==============================================================================
|
|
# VIDEO OPTIMIZER APPLICATION
|
|
# ==============================================================================
|
|
|
|
# Frontend - Serve static files from /var/www/html/video-optimizer/
|
|
Alias /video-optimizer /var/www/html/video-optimizer
|
|
<Directory /var/www/html/video-optimizer>
|
|
Options -Indexes +FollowSymLinks
|
|
AllowOverride None
|
|
Require all granted
|
|
|
|
# Cache static assets
|
|
<FilesMatch "\.(css|js|png|jpg|jpeg|gif|ico|svg|woff|woff2|ttf|eot)$">
|
|
Header set Cache-Control "public, max-age=31536000"
|
|
</FilesMatch>
|
|
|
|
# Don't cache HTML files
|
|
<FilesMatch "\.(html)$">
|
|
Header set Cache-Control "no-cache, no-store, must-revalidate"
|
|
</FilesMatch>
|
|
|
|
# Enable compression
|
|
<IfModule mod_deflate.c>
|
|
AddOutputFilterByType DEFLATE text/html text/plain text/css application/javascript application/json
|
|
</IfModule>
|
|
</Directory>
|
|
|
|
# Backend API - Proxy to Flask backend on localhost:5000
|
|
<Location /video-optimizer/api>
|
|
ProxyPass http://127.0.0.1:5000/api
|
|
ProxyPassReverse http://127.0.0.1:5000/api
|
|
|
|
# Set proxy timeout (increase for large video uploads)
|
|
ProxyTimeout 600
|
|
|
|
# Preserve host header
|
|
ProxyPreserveHost On
|
|
|
|
# Add X-Forwarded headers
|
|
RequestHeader set X-Forwarded-Proto "https"
|
|
RequestHeader set X-Forwarded-Port "443"
|
|
</Location>
|
|
|
|
# ==============================================================================
|
|
# DEFAULT DOCUMENT ROOT (if you have other content on this domain)
|
|
# ==============================================================================
|
|
DocumentRoot /var/www/html
|
|
<Directory /var/www/html>
|
|
Options -Indexes +FollowSymLinks
|
|
AllowOverride All
|
|
Require all granted
|
|
</Directory>
|
|
|
|
</VirtualHost>
|
|
|
|
# vim: syntax=apache ts=4 sw=4 sts=4 sr noet
|