# Apache httpd v2.4 minimal configuration
ServerRoot "/usr/local/apache2"
# Server-wide configuration
ServerAdmin admin@localhost
ServerName localhost
# Listen on port 80
Listen 80
# Load necessary modules
LoadModule mpm_event_module modules/mod_mpm_event.so
LoadModule authn_core_module modules/mod_authn_core.so
LoadModule authz_core_module modules/mod_authz_core.so
LoadModule authz_host_module modules/mod_authz_host.so
LoadModule mime_module modules/mod_mime.so
LoadModule log_config_module modules/mod_log_config.so
LoadModule env_module modules/mod_env.so
LoadModule headers_module modules/mod_headers.so
LoadModule setenvif_module modules/mod_setenvif.so
LoadModule version_module modules/mod_version.so
LoadModule unixd_module modules/mod_unixd.so
LoadModule status_module modules/mod_status.so
LoadModule autoindex_module modules/mod_autoindex.so
LoadModule dir_module modules/mod_dir.so
LoadModule alias_module modules/mod_alias.so
LoadModule rewrite_module modules/mod_rewrite.so
LoadModule deflate_module modules/mod_deflate.so
LoadModule filter_module modules/mod_filter.so
# User and group
User daemon
Group daemon
# Document root
DocumentRoot "/usr/local/apache2/htdocs"
Options Indexes FollowSymLinks
AllowOverride All
Require all granted
# Enable URL rewriting for React Router
RewriteEngine On
RewriteBase /
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteCond %{REQUEST_FILENAME} !-l
RewriteRule . /index.html [L]
# Directory indexes
DirectoryIndex index.html index.htm
# Prevent .htaccess and .htpasswd files from being viewed
Require all denied
# Error log
ErrorLog /proc/self/fd/2
LogLevel warn
# Access log
LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" combined
LogFormat "%h %l %u %t \"%r\" %>s %b" common
CustomLog /proc/self/fd/1 common
# MIME types
TypesConfig conf/mime.types
AddType application/javascript .js .mjs
AddType application/json .json
AddType text/css .css
AddType text/html .html .htm
AddType image/svg+xml .svg
AddType image/x-icon .ico
AddType font/woff .woff
AddType font/woff2 .woff2
AddType font/ttf .ttf
AddType font/otf .otf
AddEncoding gzip svgz
# Enable compression for text-based files
AddOutputFilterByType DEFLATE text/html text/plain text/xml text/css
AddOutputFilterByType DEFLATE application/javascript application/json
AddOutputFilterByType DEFLATE application/xml application/xhtml+xml
AddOutputFilterByType DEFLATE application/rss+xml
AddOutputFilterByType DEFLATE image/svg+xml
AddOutputFilterByType DEFLATE font/ttf font/otf font/woff font/woff2
# Don't compress already compressed formats
SetEnvIfNoCase Request_URI \.(?:gif|jpe?g|png|zip|gz|tgz|bz2|rar|7z)$ no-gzip dont-vary
# Make sure proxies don't deliver the wrong content
Header append Vary Accept-Encoding env=!dont-vary
# Security headers
# Prevent clickjacking
Header always set X-Frame-Options "SAMEORIGIN"
# Prevent XSS attacks
Header always set X-XSS-Protection "1; mode=block"
# Prevent MIME sniffing
Header always set X-Content-Type-Options "nosniff"
# Referrer policy
Header always set Referrer-Policy "no-referrer-when-downgrade"
# Content Security Policy
Header always set Content-Security-Policy "default-src 'self' http: https: data: blob: 'unsafe-inline'"
# Remove server signature
Header always unset Server
Header always unset X-Powered-By
# Cache control for static assets
Header set Cache-Control "max-age=31536000, public, immutable"
# Disable server signature
ServerTokens Prod
ServerSignature Off
# Health check endpoint
SetHandler server-status
Require all granted
# Include additional configuration files
# Removed IncludeOptional to prevent recursive inclusion
# IncludeOptional conf/*.conf