ServerName {{ hostname }}.{{ localdomain }} DocumentRoot {{ document_root }} Require all granted RewriteEngine On RewriteCond %{REQUEST_URI} !.well-known/acme-challenge RewriteRule ^(.*)$ https://%{SERVER_NAME}$1 [R=301,L] ErrorLog ${APACHE_LOG_DIR}/error.log CustomLog ${APACHE_LOG_DIR}/access.log combined ServerName {{ hostname }}.{{ localdomain }} DocumentRoot {{ document_root }} Protocols h2 h2c http/1.1 #SSLEngine on #SSLCertificateFile #SSLCertificateKeyFile #SSLCACertificateFile #SSLProtocol -all +TLSv1.2 +TLSv1.3 #SSLHonorCipherOrder on Header always set Strict-Transport-Security "max-age=15552001; includeSubDomains; preload" MaxKeepAliveRequests 0 SetHandler proxy:fcgi://127.0.0.1:9000 Require ip {{ allowed_ip }} Options Indexes FollowSymLinks AllowOverride None Options -MultiViews -Indexes RewriteEngine On # Handle Authorization Header RewriteCond %{HTTP:Authorization} . RewriteRule .* - [E=HTTP_AUTHORIZATION:%{HTTP:Authorization}] # Redirect Trailing Slashes If Not A Folder... RewriteCond %{REQUEST_FILENAME} !-d RewriteCond %{REQUEST_URI} (.+)/$ RewriteRule ^ %1 [L,R=301] # Handle Front Controller... RewriteCond %{REQUEST_FILENAME} !-d RewriteCond %{REQUEST_FILENAME} !-f RewriteRule ^ index.php [L] ErrorLog ${APACHE_LOG_DIR}/error.log CustomLog ${APACHE_LOG_DIR}/access.log combined # vim: syntax=apache ts=4 sw=4 sts=4 sr noet