# HTTP — redirect ke HTTPS <VirtualHost *:80> ServerName pesentiket.com ServerAlias www.pesentiket.com RewriteEngine On RewriteCond %{SERVER_NAME} =pesentiket.com [OR] RewriteCond %{SERVER_NAME} =www.pesentiket.com RewriteRule ^ https://pesentiket.com%{REQUEST_URI} [END,NE,R=permanent] </VirtualHost> # HTTPS — reverse proxy ke Next.js :3000 <VirtualHost *:443> ServerName pesentiket.com ServerAlias www.pesentiket.com <LocationMatch "^/_next/static/"> Header set Cache-Control "public, max-age=31536000, immutable" </LocationMatch> # SSL — diisi otomatis oleh Certbot # SSLEngine on # SSLCertificateFile /etc/letsencrypt/live/pesentiket.com/fullchain.pem # SSLCertificateKeyFile /etc/letsencrypt/live/pesentiket.com/privkey.pem ProxyPreserveHost On ProxyPass / http://127.0.0.1:3000/ ProxyPassReverse / http://127.0.0.1:3000/ # WebSocket — untuk notifikasi real-time Next.js RewriteEngine On RewriteCond %{HTTP:Upgrade} websocket [NC] RewriteCond %{HTTP:Connection} upgrade [NC] RewriteRule ^/?(.*) ws://127.0.0.1:3000/$1 [P,L] # www → non-www redirect RewriteCond %{HTTP_HOST} ^www\.pesentiket\.com [NC] RewriteRule ^(.*)$ https://pesentiket.com$1 [R=301,L] # Security Headers Header always set X-Content-Type-Options "nosniff" Header always set X-Frame-Options "SAMEORIGIN" Header always set Referrer-Policy "strict-origin-when-cross-origin" Header always set Permissions-Policy "camera=(self), microphone=(), geolocation=(self)" ErrorLog /var/log/apache2/pesentiket.com-error.log CustomLog /var/log/apache2/pesentiket.com-access.log combined </VirtualHost>