59 lines
1.7 KiB
Plaintext
59 lines
1.7 KiB
Plaintext
# Configuration pour reverse proxy Traefik
|
|
# Récupération de l'IP réelle du client via X-Forwarded-For
|
|
ServerName cloud.agence66.fr
|
|
|
|
# Autoriser les caractères spéciaux encodés dans les noms de fichiers
|
|
AllowEncodedSlashes NoDecode
|
|
|
|
RemoteIPHeader X-Forwarded-For
|
|
RemoteIPTrustedProxy 172.16.0.0/12
|
|
RemoteIPTrustedProxy 10.0.0.0/8
|
|
RemoteIPTrustedProxy 192.168.0.0/16
|
|
|
|
# Activer la confiance des en-têtes X-Forwarded-Proto
|
|
SetEnvIf X-Forwarded-Proto "https" HTTPS=on
|
|
|
|
# Timeouts pour gros fichiers (>40MB)
|
|
Timeout 3600
|
|
KeepAlive On
|
|
KeepAliveTimeout 300
|
|
MaxKeepAliveRequests 200
|
|
|
|
# Configuration MPM Prefork - Augmentation des workers
|
|
<IfModule mpm_prefork_module>
|
|
ServerLimit 400
|
|
StartServers 10
|
|
MinSpareServers 10
|
|
MaxSpareServers 20
|
|
MaxRequestWorkers 400
|
|
MaxConnectionsPerChild 1000
|
|
</IfModule>
|
|
|
|
<Directory /var/www/html/>
|
|
Options FollowSymLinks MultiViews
|
|
AllowOverride All
|
|
Require all granted
|
|
|
|
<IfModule mod_dav.c>
|
|
Dav off
|
|
</IfModule>
|
|
</Directory>
|
|
|
|
# Headers de sécurité (si non gérés par Traefik)
|
|
<IfModule mod_headers.c>
|
|
# HSTS sera géré par Traefik
|
|
# Header always set Strict-Transport-Security "max-age=15552000; includeSubDomains"
|
|
|
|
# Autres headers de sécurité
|
|
Header always set Referrer-Policy "no-referrer-when-downgrade"
|
|
Header always set X-Content-Type-Options "nosniff"
|
|
Header always set X-Frame-Options "SAMEORIGIN"
|
|
Header always set X-XSS-Protection "1; mode=block"
|
|
Header always set X-Robots-Tag "noindex, nofollow"
|
|
</IfModule>
|
|
|
|
# Logs avec IP réelle (pas l'IP de Traefik)
|
|
<IfModule mod_remoteip.c>
|
|
LogFormat "%a %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" combined
|
|
</IfModule>
|