mirror of
https://github.com/standardebooks/web.git
synced 2025-07-15 10:56:46 -04:00
Clean up Apache config and remove unused content-types
This commit is contained in:
Alex Cabal
parent
19d627bfed
commit
e9b9f60186
2 changed files with 35 additions and 41 deletions
|
|
@ -10,20 +10,18 @@ AddDefaultCharset utf-8
|
|||
UseCanonicalName on
|
||||
LogLevel warn
|
||||
AddOutputFilterByType deflate image/svg+xml
|
||||
AddType application/font-woff2 .woff2
|
||||
AddType image/avif .avif
|
||||
TraceEnable off
|
||||
Protocols h2 h2c http/1.1
|
||||
|
||||
# Set up caching directives for infrequently changed files
|
||||
ExpiresActive On
|
||||
ExpiresByType application/font-woff "access plus 1 month"
|
||||
ExpiresByType application/font-woff2 "access plus 1 month"
|
||||
ExpiresActive on
|
||||
ExpiresByType application/javascript "access plus 1 month"
|
||||
ExpiresByType font/woff2 "access plus 1 month"
|
||||
ExpiresByType image/avif "access plus 1 month"
|
||||
ExpiresByType image/gif "access plus 1 month"
|
||||
ExpiresByType image/png "access plus 1 month"
|
||||
ExpiresByType image/jpeg "access plus 1 month"
|
||||
ExpiresByType image/png "access plus 1 month"
|
||||
ExpiresByType image/svg+xml "access plus 1 month"
|
||||
ExpiresByType image/vnd.microsoft.icon "access plus 1 month"
|
||||
ExpiresByType image/x-icon "access plus 1 month"
|
||||
|
|
@ -32,8 +30,8 @@ ExpiresByType text/css "access plus 1 month"
|
|||
# These lines are a workaround for an Apache bug that prevents mod_deflate, etags, and ExpiresByType working at the same time.
|
||||
# This is probably still broken in 18.04. See https://stackoverflow.com/questions/896974/apache-is-not-sending-304-response-if-mod-deflate-and-addoutputfilterbytype-is
|
||||
FileETag All
|
||||
RequestHeader edit "If-None-Match" "^\"(.*)-gzip\"$" "\"$1\""
|
||||
Header edit "ETag" "^\"(.*[^g][^z][^i][^p])\"$" "\"$1-gzip\""
|
||||
RequestHeader edit "If-None-Match" "^\"(.*)-gzip\"$" "\"$1\""
|
||||
Header edit "ETag" "^\"(.*[^g][^z][^i][^p])\"$" "\"$1-gzip\""
|
||||
|
||||
# SSL hardening; see https://mozilla.github.io/server-side-tls/ssl-config-generator/
|
||||
SSLProtocol all -SSLv3 -TLSv1 -TLSv1.1
|
||||
|
|
@ -71,11 +69,11 @@ Define domain standardebooks.org
|
|||
Header set Content-Security-Policy "default-src 'self';"
|
||||
|
||||
# Log downloads
|
||||
SetEnvIf Request_URI "\.epub$" logdownload
|
||||
SetEnvIf Request_URI "\.kepub.epub$" logdownload
|
||||
SetEnvIf Request_URI "\.azw3$" logdownload
|
||||
CustomLog /var/log/local/downloads.log "%h [%{%Y-%m-%d %H:%M:%S %Z}t] \"%r\" %>s %b" env=logdownload
|
||||
DirectorySlash Off
|
||||
SetEnvIf Request_URI "\.epub$" logdownload
|
||||
SetEnvIf Request_URI "\.kepub.epub$" logdownload
|
||||
SetEnvIf Request_URI "\.azw3$" logdownload
|
||||
CustomLog /var/log/local/downloads.log "%h [%{%Y-%m-%d %H:%M:%S %Z}t] \"%r\" %>s %b" env=logdownload
|
||||
DirectorySlash Off
|
||||
|
||||
<Directory /standardebooks.org/web/www/>
|
||||
# Disable .htaccess files
|
||||
|
|
@ -85,20 +83,19 @@ Define domain standardebooks.org
|
|||
Options none
|
||||
|
||||
# Allow access to www/
|
||||
Require all granted
|
||||
Require all granted
|
||||
|
||||
# Pass HTTP Authorization headers to PHP-FPM
|
||||
CGIPassAuth on
|
||||
CGIPassAuth on
|
||||
</Directory>
|
||||
|
||||
AddType application/epub+zip .epub
|
||||
AddType application/x-mobi8-ebook .azw3
|
||||
AddType application/x-mobi8-ebook .azw3
|
||||
|
||||
<Location ~ ^/ebooks/.+?/downloads/.+$>
|
||||
# Serve distributables using the "download" dialog instead of opening in-browser
|
||||
# Note: the trailing e in the Header directive is required
|
||||
SetEnvIf Request_URI ^/ebooks/.+?/downloads/(.+)$ FILENAME=$1
|
||||
Header set "Content-Disposition" "attachment; filename=%{FILENAME}e"
|
||||
SetEnvIf Request_URI ^/ebooks/.+?/downloads/(.+)$ FILENAME=$1
|
||||
Header set Content-Disposition "attachment; filename=%{FILENAME}e"
|
||||
</Location>
|
||||
|
||||
<Location ~ ^/opds.+?$>
|
||||
|
|
@ -108,7 +105,7 @@ Define domain standardebooks.org
|
|||
# We explicitly set the content-type for items in the /vocab/ directory, because Apache doesn't set it for us,
|
||||
# and we need a content-type header when using the "nosniff" header. See https://bugzilla.mozilla.org/show_bug.cgi?id=1547076
|
||||
<Location ~ ^/vocab/.+$>
|
||||
Header set Content-Type "text/plain"
|
||||
Header set Content-Type "text/plain"
|
||||
</location>
|
||||
|
||||
# Enable HTTP CORS so that browser-based readers like Readium can access opds and ebooks
|
||||
|
|
@ -138,7 +135,7 @@ Define domain standardebooks.org
|
|||
|
||||
# Set some proxy properties.
|
||||
<Proxy fcgi://${domain}>
|
||||
ProxySet connectiontimeout=5 timeout=240
|
||||
ProxySet connectiontimeout=5 timeout=240
|
||||
</Proxy>
|
||||
|
||||
# In RewriteCond, RewriteRule gets evaluated BEFORE RewriteCond, so $1 refers to the first
|
||||
|
|
@ -255,7 +252,7 @@ Define domain standardebooks.org
|
|||
ServerAlias www.standardebooks.com
|
||||
RedirectPermanent / https://${domain}/
|
||||
|
||||
SSLEngine on
|
||||
SSLEngine on
|
||||
SSLCertificateFile /etc/letsencrypt/live/standardebooks.com/fullchain.pem
|
||||
SSLCertificateKeyFile /etc/letsencrypt/live/standardebooks.com/privkey.pem
|
||||
Header always set Strict-Transport-Security "max-age=15768000"
|
||||
|
|
|
|||
|
|
@ -10,20 +10,18 @@ AddDefaultCharset utf-8
|
|||
UseCanonicalName on
|
||||
LogLevel warn
|
||||
AddOutputFilterByType deflate image/svg+xml
|
||||
AddType application/font-woff2 .woff2
|
||||
AddType image/avif .avif
|
||||
TraceEnable off
|
||||
Protocols h2 h2c http/1.1
|
||||
|
||||
# Set up caching directives for infrequently changed files
|
||||
ExpiresActive On
|
||||
ExpiresByType application/font-woff "access plus 1 month"
|
||||
ExpiresByType application/font-woff2 "access plus 1 month"
|
||||
ExpiresActive on
|
||||
ExpiresByType application/javascript "access plus 1 month"
|
||||
ExpiresByType font/woff2 "access plus 1 month"
|
||||
ExpiresByType image/avif "access plus 1 month"
|
||||
ExpiresByType image/gif "access plus 1 month"
|
||||
ExpiresByType image/png "access plus 1 month"
|
||||
ExpiresByType image/jpeg "access plus 1 month"
|
||||
ExpiresByType image/png "access plus 1 month"
|
||||
ExpiresByType image/svg+xml "access plus 1 month"
|
||||
ExpiresByType image/vnd.microsoft.icon "access plus 1 month"
|
||||
ExpiresByType image/x-icon "access plus 1 month"
|
||||
|
|
@ -32,8 +30,8 @@ ExpiresByType text/css "access plus 1 month"
|
|||
# These lines are a workaround for an Apache bug that prevents mod_deflate, etags, and ExpiresByType working at the same time.
|
||||
# This is probably still broken in 18.04. See https://stackoverflow.com/questions/896974/apache-is-not-sending-304-response-if-mod-deflate-and-addoutputfilterbytype-is
|
||||
FileETag All
|
||||
RequestHeader edit "If-None-Match" "^\"(.*)-gzip\"$" "\"$1\""
|
||||
Header edit "ETag" "^\"(.*[^g][^z][^i][^p])\"$" "\"$1-gzip\""
|
||||
RequestHeader edit "If-None-Match" "^\"(.*)-gzip\"$" "\"$1\""
|
||||
Header edit "ETag" "^\"(.*[^g][^z][^i][^p])\"$" "\"$1-gzip\""
|
||||
|
||||
# SSL hardening; see https://mozilla.github.io/server-side-tls/ssl-config-generator/
|
||||
SSLProtocol all -SSLv3 -TLSv1 -TLSv1.1
|
||||
|
|
@ -70,11 +68,11 @@ Define domain standardebooks.test
|
|||
Header set Content-Security-Policy "default-src 'self';"
|
||||
|
||||
# Log downloads
|
||||
SetEnvIf Request_URI "\.epub$" logdownload
|
||||
SetEnvIf Request_URI "\.kepub.epub$" logdownload
|
||||
SetEnvIf Request_URI "\.azw3$" logdownload
|
||||
CustomLog /var/log/local/downloads.log "%h [%{%Y-%m-%d %H:%M:%S %Z}t] \"%r\" %>s %b" env=logdownload
|
||||
DirectorySlash Off
|
||||
SetEnvIf Request_URI "\.epub$" logdownload
|
||||
SetEnvIf Request_URI "\.kepub.epub$" logdownload
|
||||
SetEnvIf Request_URI "\.azw3$" logdownload
|
||||
CustomLog /var/log/local/downloads.log "%h [%{%Y-%m-%d %H:%M:%S %Z}t] \"%r\" %>s %b" env=logdownload
|
||||
DirectorySlash Off
|
||||
|
||||
<Directory /standardebooks.org/web/www/>
|
||||
# Disable .htaccess files
|
||||
|
|
@ -84,20 +82,19 @@ Define domain standardebooks.test
|
|||
Options none
|
||||
|
||||
# Allow access to www/
|
||||
Require all granted
|
||||
Require all granted
|
||||
|
||||
# Pass HTTP Authorization headers to PHP-FPM
|
||||
CGIPassAuth on
|
||||
CGIPassAuth on
|
||||
</Directory>
|
||||
|
||||
AddType application/epub+zip .epub
|
||||
AddType application/x-mobi8-ebook .azw3
|
||||
AddType application/x-mobi8-ebook .azw3
|
||||
|
||||
<Location ~ ^/ebooks/.+?/downloads/.+$>
|
||||
# Serve distributables using the "download" dialog instead of opening in-browser
|
||||
# Note: the trailing e in the Header directive is required
|
||||
SetEnvIf Request_URI ^/ebooks/.+?/downloads/(.+)$ FILENAME=$1
|
||||
Header set "Content-Disposition" "attachment; filename=%{FILENAME}e"
|
||||
SetEnvIf Request_URI ^/ebooks/.+?/downloads/(.+)$ FILENAME=$1
|
||||
Header set Content-Disposition "attachment; filename=%{FILENAME}e"
|
||||
</Location>
|
||||
|
||||
<Location ~ ^/opds.+?$>
|
||||
|
|
@ -107,7 +104,7 @@ Define domain standardebooks.test
|
|||
# We explicitly set the content-type for items in the /vocab/ directory, because Apache doesn't set it for us,
|
||||
# and we need a content-type header when using the "nosniff" header. See https://bugzilla.mozilla.org/show_bug.cgi?id=1547076
|
||||
<Location ~ ^/vocab/.+$>
|
||||
Header set Content-Type "text/plain"
|
||||
Header set Content-Type "text/plain"
|
||||
</location>
|
||||
|
||||
# Enable HTTP CORS so that browser-based readers like Readium can access opds and ebooks
|
||||
|
|
@ -137,7 +134,7 @@ Define domain standardebooks.test
|
|||
|
||||
# Set some proxy properties.
|
||||
<Proxy fcgi://${domain}>
|
||||
ProxySet connectiontimeout=5 timeout=240
|
||||
ProxySet connectiontimeout=5 timeout=240
|
||||
</Proxy>
|
||||
|
||||
# In RewriteCond, RewriteRule gets evaluated BEFORE RewriteCond, so $1 refers to the first
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue