# Redirige HTTP vers HTTPS (port 80) ServerName monrisquearteriel.com ServerAlias www.monrisquearteriel.com api.monrisquearteriel.com cro.monrisquearteriel.com RewriteEngine On RewriteRule ^(.*) https://%{HTTP_HOST}$1 [R=301,L] # Redirige le domaine.com vers www.domaine.com ServerName monrisquearteriel.com # Active SSL SSLEngine on SSLCertificateFile /etc/letsencrypt/live/monrisquearteriel.com/fullchain.pem SSLCertificateKeyFile /etc/letsencrypt/live/monrisquearteriel.com/privkey.pem Redirect permanent / https://www.monrisquearteriel.com/ # Site principal ServerAdmin webmaster@localhost ServerName www.monrisquearteriel.com # Active SSL SSLEngine on SSLCertificateFile /etc/letsencrypt/live/monrisquearteriel.com/fullchain.pem SSLCertificateKeyFile /etc/letsencrypt/live/monrisquearteriel.com/privkey.pem # Paramètres de sécurité supplémentaires SSLProtocol all -SSLv3 -TLSv1 -TLSv1.1 SSLCipherSuite HIGH:!aNULL:!MD5 SSLHonorCipherOrder on DocumentRoot /var/www/www SSLOptions +StdEnvVars SSLOptions +StdEnvVars Options Indexes FollowSymLinks AllowOverride All Require all granted # Headers sécurité Header always set Strict-Transport-Security "max-age=63072000; includeSubDomains; preload" Header always set X-Content-Type-Options "nosniff" Header always set X-Frame-Options "SAMEORIGIN" Header always set Referrer-Policy "strict-origin-when-cross-origin" Header always set Permissions-Policy "geolocation=(), microphone=(), camera=()" ErrorLog ${APACHE_LOG_DIR}/error.log CustomLog ${APACHE_LOG_DIR}/access.log combined # API avec CORS controle ServerAdmin webmaster@localhost ServerName api.monrisquearteriel.com # Active SSL SSLEngine on SSLCertificateFile /etc/letsencrypt/live/monrisquearteriel.com/fullchain.pem SSLCertificateKeyFile /etc/letsencrypt/live/monrisquearteriel.com/privkey.pem # Paramètres de sécurité supplémentaires SSLProtocol all -SSLv3 -TLSv1 -TLSv1.1 SSLCipherSuite HIGH:!aNULL:!MD5 SSLHonorCipherOrder on DocumentRoot /var/www/api SSLOptions +StdEnvVars SSLOptions +StdEnvVars Options Indexes FollowSymLinks AllowOverride All SSLOptions +StdEnvVars Require all granted Header set Access-Control-Allow-Origin "*" # Sécurité Header always set Strict-Transport-Security "max-age=63072000; includeSubDomains; preload" Header always set X-Content-Type-Options "nosniff" # CORS autorisé uniquement pour www #Header set Access-Control-Allow-Origin "https://www.monrisquearteriel.com" #Header set Access-Control-Allow-Methods "GET, POST, PUT, DELETE, OPTIONS" #Header set Access-Control-Allow-Headers "Content-Type, Authorization" #Header set Access-Control-Allow-Credentials "true" #RewriteEngine On #RewriteCond %{REQUEST_METHOD} OPTIONS #RewriteRule ^(.*)$ $1 [R=200,L] ErrorLog ${APACHE_LOG_DIR}/error.log CustomLog ${APACHE_LOG_DIR}/access.log combined # Site cro ServerAdmin webmaster@localhost ServerName cro.monrisquearteriel.com # Active SSL SSLEngine on SSLCertificateFile /etc/letsencrypt/live/monrisquearteriel.com/fullchain.pem SSLCertificateKeyFile /etc/letsencrypt/live/monrisquearteriel.com/privkey.pem # Paramètres de sécurité supplémentaires SSLProtocol all -SSLv3 -TLSv1 -TLSv1.1 SSLCipherSuite HIGH:!aNULL:!MD5 SSLHonorCipherOrder on DocumentRoot /var/www/cro SSLOptions +StdEnvVars SSLOptions +StdEnvVars Options Indexes FollowSymLinks AllowOverride All SSLOptions +StdEnvVars Require all granted Header always set Strict-Transport-Security "max-age=63072000; includeSubDomains; preload" Header always set X-Content-Type-Options "nosniff" ErrorLog ${APACHE_LOG_DIR}/error.log CustomLog ${APACHE_LOG_DIR}/access.log combined