<VirtualHost *:443>
    ServerName cp.example.com

    DocumentRoot /var/www/cp/public
    
    <Directory "/var/www/cp/public">
        Options -Indexes +FollowSymLinks
        AllowOverride None
        Require all granted

        # Enable rewrite engine
        RewriteEngine On

        # Forward all requests not pointing directly to files or directories to index.php
        # and append the query string
        RewriteCond %{REQUEST_FILENAME} !-f
        RewriteCond %{REQUEST_FILENAME} !-d
        RewriteRule ^ index.php [QSA,L]
    </Directory>

    # PHP via FastCGI for main site
    <FilesMatch \.php$>
        SetHandler "proxy:unix:/run/php/php8.2-fpm.sock|fcgi://localhost"
    </FilesMatch>

    # PHP via FastCGI specifically for Adminer
    Alias /adminer /usr/share/adminer
    <Directory /usr/share/adminer>
        <Files adminer.php>
            SetHandler "proxy:unix:/run/php/php8.2-fpm.sock|fcgi://localhost"
        </Files>
    </Directory>

    # Gzip Encoding
    AddOutputFilterByType DEFLATE text/plain text/css application/json application/javascript text/xml application/xml application/xml+rss text/javascript

    # Security Headers
    Header always unset Server
    Header always set Referrer-Policy "same-origin"
    Header always set Strict-Transport-Security "max-age=31536000; includeSubDomains"
    Header always set X-Content-Type-Options "nosniff"
    Header always set X-Frame-Options "DENY"
    Header always set X-XSS-Protection "1; mode=block"
    #Header always set Content-Security-Policy "default-src 'none'; object-src 'none'; base-uri 'self'; frame-ancestors 'none'; img-src https:; font-src 'self'; style-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline'; form-action 'self'; worker-src 'none'; frame-src 'none';"

    # Log configuration
    CustomLog /var/log/apache2/cp_access.log combined
    ErrorLog /var/log/apache2/cp_error.log
</VirtualHost>