# --- # Titre : Template virtualhost apache2 # Auteur : Louis MEDO # Date de modification : 26/03/2026 # ---- ServerName .bts-sio.eu # Redirection permanente de tout le trafic HTTP vers HTTPS RewriteEngine On RewriteCond %{HTTPS} off RewriteRule ^(.*)$ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301] # Logs ErrorLog ${APACHE_LOG_DIR}/-error.log CustomLog ${APACHE_LOG_DIR}/-access.log combined ServerName .bts-sio.eu DocumentRoot /var/www/portfolio/portfolio- # --- Activation du SSL et certificats --- SSLEngine on SSLCertificateFile /etc/letsencrypt/live/bts-sio.eu/fullchain.pem SSLCertificateKeyFile /etc/letsencrypt/live/bts-sio.eu/privkey.pem Protocols h2 http/1.1 # Optimisation H2 H2Direct on H2Push on H2SerializeHeaders on # Désactivation des vieux protocoles SSLProtocol all -SSLv3 -TLSv1 -TLSv1.1 # Obligation d'utiliser des algorithmes forts SSLCipherSuite TLSv1.3:TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256:TLS_AES_128_GCM_SHA256 SSLCipherSuite TLSv1.2:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305 SSLHonorCipherOrder off # --- En-têtes de sécurité --- # HSTS : Force le navigateur à utiliser HTTPS Header always set Strict-Transport-Security "max-age=31536000; includeSubDomains; preload" # Protection contre le clic-jacking Header always set X-Frame-Options "SAMEORIGIN" # Protection XSS Header always set X-Content-Type-Options "nosniff" # --- Configuration du répertoire et PHP --- > Options -Indexes +FollowSymLinks # Interdit l'utilisation du .htaccess AllowOverride None Require all granted # Priorité aux fichiers PHP DirectoryIndex index.php index.html # --- Gestion explicite des fichiers PHP (Si .htaccess est désactivé) --- SetHandler "proxy:unix:/run/php/php8.4-fpm-portfolio-.sock|fcgi://localhost" # --- Logs --- ErrorLog ${APACHE_LOG_DIR}/-error.log CustomLog ${APACHE_LOG_DIR}/-access.log combined