nycki.net/tools/site.conf

# https://palmure.fr/blog.html#default-https-but-only-for-recent-browsers

#<VirtualHost *:80>
#  <Location />
#    Require all denied
#  </Location>
#</VirtualHost>

#<VirtualHost *:443>
#  SSLEngine on
#  Include /etc/letsencrypt/options-ssl-apache.conf
#  SSLCertificateFile /etc/letsencrypt/live/klay.gay/fullchain.pem
#  SSLCertificateKeyFile /etc/letsencrypt/live/klay.gay/privkey.pem
#  <Location />
#    Require all denied
#  </Location>
#</VirtualHost>

<VirtualHost *:80 *:443>
  ServerName nycki.net
  SSLEngine on
  Include /etc/letsencrypt/options-ssl-apache.conf
  SSLCertificateFile /etc/letsencrypt/live/klay.gay/fullchain.pem
  SSLCertificateKeyFile /etc/letsencrypt/live/klay.gay/privkey.pem

  #Header always add Strict-Transport-Security: "max-age=31536000; includeSubDomains; preload;"
  <If "%{HTTPS} == 'off'">
    <If "%{HTTP:Upgrade-Insecure-Requests} == 1">
      Header always add Vary: Upgrade-Insecure-Requests
      Redirect / https://nycki.net 
    </If>
  </If>

  DocumentRoot /data/nycki.net/site
  ErrorDocument 404 /404.html
  RewriteEngine on
  #LogLevel alert rewrite:trace3

  RewriteCond "%{DOCUMENT_ROOT}/%{REQUEST_URI}" -f
  RewriteRule "(.+)" "/$1" [L]
  <Directory />
    Options FollowSymLinks MultiViews
    Require all granted
  </Directory>

  # If file isn't in repo, fall back on public_html
  Define public_html "/home/nycki/public_html"
  Alias /p ${public_html}
  RewriteCond "${public_html}/%{REQUEST_URI}" -f
  RewriteRule "(.+)" "/p/$1" [PT,L]
  <Directory ${public_html}>
    Options FollowSymLinks
    Require all granted
  </Directory>
</VirtualHost>

<VirtualHost *:443>
  ServerName rss.nycki.net
  SSLEngine on
  Include /etc/letsencrypt/options-ssl-apache.conf
  <Location />
    ProxyPass http://localhost:8400/
  </Location>
  SSLCertificateFile /etc/letsencrypt/live/klay.gay/fullchain.pem
  SSLCertificateKeyFile /etc/letsencrypt/live/klay.gay/privkey.pem
</VirtualHost>

<VirtualHost *:443>
  ServerName git.nycki.net
  SSLEngine on
  Include /etc/letsencrypt/options-ssl-apache.conf

  # https://stackoverflow.com/a/9933890/3821202
  AllowEncodedSlashes NoDecode
  <Location />
    ProxyPass http://localhost:8500/ nocanon
  </Location>
  SSLCertificateFile /etc/letsencrypt/live/klay.gay/fullchain.pem
  SSLCertificateKeyFile /etc/letsencrypt/live/klay.gay/privkey.pem
</VirtualHost>
commit site.conf 2024-12-24 19:13:18 +00:00			`# https://palmure.fr/blog.html#default-https-but-only-for-recent-browsers`

			`#<VirtualHost *:80>`
			`# <Location />`
			`# Require all denied`
			`# </Location>`
			`#</VirtualHost>`

			`#<VirtualHost *:443>`
			`# SSLEngine on`
			`# Include /etc/letsencrypt/options-ssl-apache.conf`
			`# SSLCertificateFile /etc/letsencrypt/live/klay.gay/fullchain.pem`
			`# SSLCertificateKeyFile /etc/letsencrypt/live/klay.gay/privkey.pem`
			`# <Location />`
			`# Require all denied`
			`# </Location>`
			`#</VirtualHost>`

			`<VirtualHost :80 :443>`
			`ServerName nycki.net`
			`SSLEngine on`
			`Include /etc/letsencrypt/options-ssl-apache.conf`
try public html 2024-12-27 23:59:47 +00:00			`SSLCertificateFile /etc/letsencrypt/live/klay.gay/fullchain.pem`
			`SSLCertificateKeyFile /etc/letsencrypt/live/klay.gay/privkey.pem`
commit site.conf 2024-12-24 19:13:18 +00:00
try public html 2024-12-27 23:59:47 +00:00			`#Header always add Strict-Transport-Security: "max-age=31536000; includeSubDomains; preload;"`
commit site.conf 2024-12-24 19:13:18 +00:00			`<If "%{HTTPS} == 'off'">`
			`<If "%{HTTP:Upgrade-Insecure-Requests} == 1">`
			`Header always add Vary: Upgrade-Insecure-Requests`
			`Redirect / https://nycki.net`
			`</If>`
			`</If>`

try public html 2024-12-27 23:59:47 +00:00			`DocumentRoot /data/nycki.net/site`
use public_html fallback 2024-12-28 00:40:27 +00:00			`ErrorDocument 404 /404.html`
			`RewriteEngine on`
			`#LogLevel alert rewrite:trace3`

			`RewriteCond "%{DOCUMENT_ROOT}/%{REQUEST_URI}" -f`
			`RewriteRule "(.+)" "/$1" [L]`
commit site.conf 2024-12-24 19:13:18 +00:00			`<Directory />`
			`Options FollowSymLinks MultiViews`
			`Require all granted`
			`</Directory>`
try public html 2024-12-27 23:59:47 +00:00
use public_html fallback 2024-12-28 00:40:27 +00:00			`# If file isn't in repo, fall back on public_html`
			`Define public_html "/home/nycki/public_html"`
			`Alias /p ${public_html}`
			`RewriteCond "${public_html}/%{REQUEST_URI}" -f`
			`RewriteRule "(.+)" "/p/$1" [PT,L]`
			`<Directory ${public_html}>`
try public html 2024-12-27 23:59:47 +00:00			`Options FollowSymLinks`
			`Require all granted`
			`</Directory>`
commit site.conf 2024-12-24 19:13:18 +00:00			`</VirtualHost>`

			`<VirtualHost *:443>`
			`ServerName rss.nycki.net`
			`SSLEngine on`
			`Include /etc/letsencrypt/options-ssl-apache.conf`
			`<Location />`
			`ProxyPass http://localhost:8400/`
			`</Location>`
use public_html fallback 2024-12-28 00:40:27 +00:00			`SSLCertificateFile /etc/letsencrypt/live/klay.gay/fullchain.pem`
			`SSLCertificateKeyFile /etc/letsencrypt/live/klay.gay/privkey.pem`
commit site.conf 2024-12-24 19:13:18 +00:00			`</VirtualHost>`

			`<VirtualHost *:443>`
			`ServerName git.nycki.net`
			`SSLEngine on`
			`Include /etc/letsencrypt/options-ssl-apache.conf`

			`# https://stackoverflow.com/a/9933890/3821202`
			`AllowEncodedSlashes NoDecode`
			`<Location />`
			`ProxyPass http://localhost:8500/ nocanon`
			`</Location>`
use public_html fallback 2024-12-28 00:40:27 +00:00			`SSLCertificateFile /etc/letsencrypt/live/klay.gay/fullchain.pem`
			`SSLCertificateKeyFile /etc/letsencrypt/live/klay.gay/privkey.pem`
commit site.conf 2024-12-24 19:13:18 +00:00			`</VirtualHost>`