Added support for Nginx and Apache2 in manual install

2025-05-20 11:29:22 +02:00 · 2024-02-12 14:43:55 +02:00 · 2024-02-12 14:43:55 +02:00 · dcb1094311
commit dcb1094311
parent 3058c714e1
7 changed files with 298 additions and 3 deletions
--- a/docs/apache2/cp.conf
+++ b/docs/apache2/cp.conf
@ -0,0 +1,49 @@
+<VirtualHost *:443>
+    ServerName cp.example.com
+
+    DocumentRoot /var/www/cp/public
+    
+    <Directory "/var/www/cp/public">
+        Options -Indexes +FollowSymLinks
+        AllowOverride None
+        Require all granted
+
+        # Enable rewrite engine
+        RewriteEngine On
+
+        # Forward all requests not pointing directly to files or directories to index.php
+        # and append the query string
+        RewriteCond %{REQUEST_FILENAME} !-f
+        RewriteCond %{REQUEST_FILENAME} !-d
+        RewriteRule ^ index.php [QSA,L]
+    </Directory>
+
+    # PHP via FastCGI for main site
+    <FilesMatch \.php$>
+        SetHandler "proxy:unix:/run/php/php8.2-fpm.sock|fcgi://localhost"
+    </FilesMatch>
+
+    # PHP via FastCGI specifically for Adminer
+    Alias /adminer /usr/share/adminer
+    <Directory /usr/share/adminer>
+        <Files adminer.php>
+            SetHandler "proxy:unix:/run/php/php8.2-fpm.sock|fcgi://localhost"
+        </Files>
+    </Directory>
+
+    # Gzip Encoding
+    AddOutputFilterByType DEFLATE text/plain text/css application/json application/javascript text/xml application/xml application/xml+rss text/javascript
+
+    # Security Headers
+    Header always unset Server
+    Header always set Referrer-Policy "same-origin"
+    Header always set Strict-Transport-Security "max-age=31536000; includeSubDomains"
+    Header always set X-Content-Type-Options "nosniff"
+    Header always set X-Frame-Options "DENY"
+    Header always set X-XSS-Protection "1; mode=block"
+    #Header always set Content-Security-Policy "default-src 'none'; object-src 'none'; base-uri 'self'; frame-ancestors 'none'; img-src https:; font-src 'self'; style-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline'; form-action 'self'; worker-src 'none'; frame-src 'none';"
+
+    # Log configuration
+    CustomLog /var/log/apache2/cp_access.log combined
+    ErrorLog /var/log/apache2/cp_error.log
+</VirtualHost>
--- a/docs/apache2/rdap.conf
+++ b/docs/apache2/rdap.conf
@ -0,0 +1,23 @@
+<VirtualHost *:443>
+    ServerName rdap.example.com
+
+    # Reverse Proxy to localhost:7500
+    ProxyPass / http://localhost:7500/
+    ProxyPassReverse / http://localhost:7500/
+
+    # Gzip Encoding
+    AddOutputFilterByType DEFLATE text/plain text/css application/json application/javascript text/xml application/xml application/xml+rss text/javascript
+
+    # Security Headers
+    Header always set Referrer-Policy "no-referrer"
+    Header always set Strict-Transport-Security "max-age=31536000; includeSubDomains"
+    Header always set X-Content-Type-Options "nosniff"
+    Header always set X-Frame-Options "DENY"
+    Header always set X-XSS-Protection "1; mode=block"
+    Header always set Content-Security-Policy "default-src 'none'; object-src 'none'; base-uri 'self'; frame-ancestors 'none'; img-src https:; font-src 'self'; style-src 'self' 'unsafe-inline'; script-src 'none'; form-action 'self'; worker-src 'none'; frame-src 'none';"
+    Header unset Server
+
+    # Log configuration
+    CustomLog /var/log/apache2/rdap_access.log combined
+    ErrorLog /var/log/apache2/rdap_error.log
+</VirtualHost>
--- a/docs/apache2/whois.conf
+++ b/docs/apache2/whois.conf
@ -0,0 +1,26 @@
+<VirtualHost *:443>
+    ServerName whois.example.com
+
+    DocumentRoot /var/www/whois
+
+    # PHP via FastCGI
+    <FilesMatch \.php$>
+        SetHandler "proxy:unix:/run/php/php8.2-fpm.sock|fcgi://localhost"
+    </FilesMatch>
+
+    # Gzip Encoding
+    AddOutputFilterByType DEFLATE text/plain text/css application/json application/javascript text/xml application/xml application/xml+rss text/javascript
+
+    # Security Headers
+    Header always unset Server
+    Header always set Referrer-Policy "no-referrer"
+    Header always set Strict-Transport-Security "max-age=31536000; includeSubDomains"
+    Header always set X-Content-Type-Options "nosniff"
+    Header always set X-Frame-Options "DENY"
+    Header always set X-XSS-Protection "1; mode=block"
+    Header always set Content-Security-Policy "default-src 'self'; object-src 'none'; base-uri 'self'; frame-ancestors 'none'; img-src https:; font-src 'self'; style-src 'self' 'unsafe-inline'; script-src 'unsafe-inline'; form-action 'self'; worker-src 'none'; frame-src 'none';"
+
+    # Log configuration
+    CustomLog /var/log/apache2/whois_access.log combined
+    ErrorLog /var/log/apache2/whois_error.log
+</VirtualHost>