Skip to content

Commit

Permalink
Merge pull request #412 from DIVD-NL/fix_vhosting_prod_2
Browse files Browse the repository at this point in the history
FIx vhosting for prod
  • Loading branch information
MagicLegend authored Jul 23, 2024
2 parents a27d563 + 2bf36d1 commit ce22b11
Show file tree
Hide file tree
Showing 2 changed files with 48 additions and 11 deletions.
21 changes: 18 additions & 3 deletions .github/workflows/build_pages_native.yml
Original file line number Diff line number Diff line change
Expand Up @@ -43,7 +43,22 @@ jobs:
# with:
# name: html5validator_log
# path: log.log
- name: rsync deploy
- name: Modify .htacess for staging
if: ${{ github.ref == 'refs/heads/staging' }}
run: |
sed -i 's#www\.divd#staging.divd#' public/.htaccess
sed -i 's#\-2024#-staging#g' public/.htaccess
- name: rsync deploy staging
uses: burnett01/[email protected]
if: ${{ github.ref == 'refs/heads/staging' }} # && ( success() || failure() ) # Remove the && clause when a HTML check is flawless
with:
switches: -avzr --delete
path: public/
remote_path: htdocs/divd-nl-staging
remote_host: ${{ secrets.DEPLOY_HOST }}
remote_user: ${{ secrets.DEPLOY_USER }}
remote_key: ${{ secrets.DEPLOY_KEY }}
- name: rsync deploy production
uses: burnett01/[email protected]
if: ${{ github.ref == 'refs/heads/main' }} # && ( success() || failure() ) # Remove the && clause when a HTML check is flawless
with:
Expand All @@ -55,6 +70,6 @@ jobs:
remote_key: ${{ secrets.DEPLOY_KEY }}
- name: Deploy GitHub pages
uses: JamesIves/github-pages-deploy-action@v4
if: ${{ github.ref == 'refs/heads/main' }} # && ( success() || failure() ) # Remove the && clause when a HTML check is flawless
if: ( ${{ github.ref == 'refs/heads/main' }} || ${{ github.ref == 'refs/heads/staging' }} ) # && ( success() || failure() ) # Remove the && clause when a HTML check is flawless
with:
folder: admin # The folder the action should deploy.
folder: admin # The folder the action should deploy.
38 changes: 30 additions & 8 deletions static/.htaccess
Original file line number Diff line number Diff line change
@@ -1,23 +1,45 @@
# We wnat to rewrite
RewriteEngine On

# Detect HTTPS

SetEnvIfNoCase X-HTTPS-Session Yes is_ssl=yes
SetEnvIfNoCase X-HTTPS-Session Yes is_https=yes
SetEnvIfNoCase X-HTTPS-Session Yes HTTPS=on

# Security headers
Header always set Strict-Transport-Security "max-age=63072000; includeSubdomains;"
Header always append X-Frame-Options DENY
Header set X-Content-Type-Options nosniff
Header set X-XSS-Protection "1; mode=block"
Header set Content-Security-Policy "default-src 'none'; frame-src https://form.jotform.com https://eu-submit.jotform.com; font-src 'self'; img-src 'self' data: https://cdn.theorg.com https://divd.goatcounter.com/count; script-src 'self' https://form.jotform.com https://unpkg.com/ https://gc.zgo.at; style-src 'self'; connect-src 'self' https://divd.goatcounter.com/count; base-uri 'self'; frame-ancestors 'self'; form-action 'self';"


Header always set Referrer-Policy "same-origin"

# Error document
ErrorDocument 404 /404.html

# Rewrite rules
RewriteEngine On
# Redirect http -> https
RewriteCond %{HTTP:X-HTTPS-SESSION} !^yes$
RewriteRule ^ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301,QSA]

# Block requests not for www.divd.nl
RewriteCond %{HTTP_HOST} !^www.divd.nl
RewriteRule (.*) - [r=404]

# Handle requests to directories without trailing slash
RewriteCond %{REQUEST_FILENAME} -d
RewriteRule (.*[^\/])$ https://www.divd.nl/$1/ [L,r=301,QSA]

# Redirect requests directly to https://www.divd.nl/divd-nl-2024/...
RewriteCond %{THE_REQUEST} ^\w+\s+/?divd-nl-2024
RewriteRule (.*) https://www.divd.nl/$1 [L,r=301,QSA]

# Other well known urls
# Vanity / well-known urls
RewriteCond %{REQUEST_URI} ^/divd-nl-2024/donate [NC]
RewriteRule .* /contribute/#donate [NE,L,r=301]
RewriteRule .* /contribute/#donate [NE,L,r=301,QSA]

RewriteCond %{REQUEST_URI} ^/divd-nl-2024/code [NC]
RewriteRule .* /what-we-do/code-of-conduct/ [L,r=301]
RewriteRule .* /what-we-do/code-of-conduct/ [L,r=301,QSA]

RewriteCond %{REQUEST_URI} ^/divd-nl-2024/join [NC]
RewriteRule .* /contribute/volunteers/ [L,r=301]
RewriteRule .* /contribute/volunteers/ [L,r=301,QSA]

0 comments on commit ce22b11

Please sign in to comment.