/
etc
/
apache2
/
sites-enabled
/
Upload File
HOME
<IfModule mod_ssl.c> <VirtualHost *:443> # The ServerName directive sets the request scheme, hostname and port that # the server uses to identify itself. This is used when creating # redirection URLs. In the context of virtual hosts, the ServerName # specifies what hostname must appear in the request's Host: header to # match this virtual host. For the default virtual host (this file) this # value is not decisive as it is used as a last resort host regardless. # However, you must set it for any further virtual host explicitly. #ServerName www.example.com #ServerName sync-odoo.dev-techloyce.com #Redirect / https://d1ipaoax6ywz6z.cloudfront.net #Redirect / https://y1fdj0jtml.execute-api.us-east-1.amazonaws.com/prod/ #Redirect / https://y1fdj0jtml.execute-api.us-east-1.amazonaws.com/prod/monday-callback #Redirect / https://y1fdj0jtml.execute-api.us-east-1.amazonaws.com/prod/api/login #Redirect / https://y1fdj0jtml.execute-api.us-east-1.amazonaws.com/prod/api/export-users #Redirect / https://d1ipaoax6ywz6z.cloudfront.net/ #ServerAlias sync-odoo.dev-techloyce.com #ServerAdmin webmaster@localhost #DocumentRoot /var/www/html/sync-odoo #ProxyPreserveHost On #ServerName sync-odoo.dev-techloyce.com #ServerAlias sync-odoo.dev-techloyce.com #ProxyPass / https://y1fdj0jtml.execute-api.us-east-1.amazonaws.com/prod/ #ProxyPassReverse / https://y1fdj0jtml.execute-api.us-east-1.amazonaws.com/prod/ ProxyPassReverseCookiePath /foo "/; SameSite=None; HTTPOnly; Secure" ServerName sync-odoo.dev-techloyce.com ServerAdmin webmaster@localhost DocumentRoot /var/www/html/sync-odoo ErrorLog ${APACHE_LOG_DIR}/error.log CustomLog ${APACHE_LOG_DIR}/access.log combined ProxyRequests Off SSLProxyEngine On SSLProxyVerify none SSLProxyCheckPeerCN off SSLProxyCheckPeerName off SSLProxyCheckPeerExpire off Alias / https://y1fdj0jtml.execute-api.us-east-1.amazonaws.com/prod/ <Location /> ProxyPass https://y1fdj0jtml.execute-api.us-east-1.amazonaws.com/prod/ ProxyPassReverse https://y1fdj0jtml.execute-api.us-east-1.amazonaws.com/prod/ </Location> #Redirect / https://d1ipaoax6ywz6z.cloudfront.net #Redirect permanent https://d1ipaoax6ywz6z.cloudfront.net # Available loglevels: trace8, ..., trace1, debug, info, notice, warn, # error, crit, alert, emerg. # It is also possible to configure the loglevel for particular # modules, e.g. #LogLevel info ssl:warn #Header always set Strict-Transport-Security "max-age=31536000; includeSubDomains" # Whitelist <IfModule mod_rewrite.c> RewriteEngine On RewriteCond %{HTTP_HOST} !^(www\.)?(sync-odoo.dev-techloyce\.com|y1fdj0jtml.execute-api.us-east-1.amazonaws\.com)$ [NC] RewriteRule ^ - [F] </IfModule> Header always set Content-Security-Policy "default-src 'self';" #Header always set Content-Security-Policy "default-src 'self' 'object-src' 'none' sync-odoo.dev-techloyce.com;" #Header always set Content-Security-Policy "default-src 'self'; object-src 'none';" #Header always set Content-Security-Policy "default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' sync-odoo.dev-techloyce.com;" # Header always set Content-Security-Policy "default-src 'self';" Header always set X-Frame-Options "SAMEORIGIN" Header always set X-Content-Type-Options "nosniff" Header always set Referrer-Policy "same-origin" Header always set Permissions-Policy "geolocation=(self 'https://sync-odoo.dev-techloyce.com')" Header always edit Set-Cookie ^(.*)$ $1;Secure Header always edit Set-Cookie ^(.*)$ $1;HttpOnly # New Headers Header always set X-XSS-Protection "1; mode=block" Header always edit Set-Cookie "(?i)^((?:(?!;\s?HttpOnly).)+)$" "$1; HttpOnly" Header always edit Set-Cookie "(?i)^((?:(?!;\s?secure).)+)$" "$1; secure" #Header set Strict-Transport-Security "max-age=31536000; includeSubDomains; preload" #Header always set X-XSS-Protection "1; mode=block" #Header always set Content-Security-Policy "default-src 'self'; font-src *;img-src * data:; script-src *; style-src *;" #ErrorLog ${APACHE_LOG_DIR}/error.log #CustomLog ${APACHE_LOG_DIR}/access.log combined #Header always set Strict-Transport-Security "max-age=31536000; includeSubDomains" # SSL Configuration # include a line for only one particular virtual host. For example the # following line enables the CGI configuration for this host only # after it has been globally disabled with "a2disconf". #Include conf-available/serve-cgi-bin.con <FilesMatch \.php$> # Apache 2.4.10+ can proxy to unix socket SetHandler "proxy:unix:/var/run/php/php7.4-fpm.sock|fcgi://localhost/" </FilesMatch> <IfModule mod_headers.c> <Location "/auths"> Header always set Set-Cookie "auths-cookie=1; Path=/; Secure" </Location> </IfModule> <IfModule mod_headers.c> Header always set Strict-Transport-Security "max-age=31536000; includeSubDomains" </IfModule> #RewriteEngine on #RewriteCond %{SERVER_NAME} =sugar9.dev-techloyce.com ##RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [END,NE,R=permanent] #RewriteEngine on #RewriteCond %{SERVER_NAME} =sugar9.dev-techloyce.com #RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [END,NE,R=permanent] #RewriteEngine on #RewriteCond %{SERVER_NAME} =d1ipaoax6ywz6z.cloudfront.net #RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [END,NE,R=permanent] #RewriteEngine On #RewriteCond %{HTTP_HOST} ^d1ipaoax6ywz6z\.cloudfront\.net$ [NC] #RewriteRule ^(.*)$ https://sync-odoo.dev-techloyce.com/$1 [L,R=301] # Alias to Lambda URL #RewriteEngine On # Add Secure flag to cookies for specific endpoints RewriteRule ^/api/export-users - [CO=securecookie:1:%{HTTP_HOST}:443:/;Secure] RewriteRule ^/api/login - [CO=securecookie:1:%{HTTP_HOST}:443:/;Secure] RewriteRule ^/api/search-projects - [CO=securecookie:1:%{HTTP_HOST}:443:/;Secure] RewriteRule ^/auths - [CO=securecookie:1:%{HTTP_HOST}:443:/;Secure] RewriteRule ^/monday-callback - [CO=securecookie:1:%{HTTP_HOST}:443:/;Secure] RewriteRule ^/api/export-board - [CO=securecookie:1:%{HTTP_HOST}:443:/;Secure] RewriteRule ^/api/search-projects - [CO=securecookie:1:%{HTTP_HOST}:443:/;Secure] RewriteRule ^/api/search-contacts - [CO=securecookie:1:%{HTTP_HOST}:443:/;Secure] RewriteRule ^/api/login - [CO=securecookie:1:%{HTTP_HOST}:443:/;Secure] RewriteRule ^/monday-callback - [CO=securecookie:1:%{HTTP_HOST}:443:/;Secure] #RewriteCond %{HTTPS} on #RewriteCond %{HTTP_COOKIE} !\bSecure\b #RewriteRule ^/api/export-users - [CO=securecookie:1:%{HTTP_HOST}:443:/;Secure] #RewriteRule ^/api/login - [CO=securecookie:1:%{HTTP_HOST}:443:/;Secure] #RewriteRule ^/api/search-projects - [CO=securecookie:1:%{HTTP_HOST}:443:/;Secure] #RewriteRule ^/auths - [CO=securecookie:1:%{HTTP_HOST}:443:/;Secure] #RewriteRule ^/monday-callback - [CO=securecookie:1:%{HTTP_HOST}:443:/;Secure] RewriteEngine On SSLCertificateFile /etc/letsencrypt/live/sync-odoo.dev-techloyce.com/fullchain.pem SSLCertificateKeyFile /etc/letsencrypt/live/sync-odoo.dev-techloyce.com/privkey.pem Include /etc/letsencrypt/options-ssl-apache.conf </VirtualHost> </IfModule>