-
Notifications
You must be signed in to change notification settings - Fork 5
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Merge pull request #412 from DIVD-NL/fix_vhosting_prod_2
FIx vhosting for prod
- Loading branch information
Showing
2 changed files
with
48 additions
and
11 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
|
@@ -43,7 +43,22 @@ jobs: | |
# with: | ||
# name: html5validator_log | ||
# path: log.log | ||
- name: rsync deploy | ||
- name: Modify .htacess for staging | ||
if: ${{ github.ref == 'refs/heads/staging' }} | ||
run: | | ||
sed -i 's#www\.divd#staging.divd#' public/.htaccess | ||
sed -i 's#\-2024#-staging#g' public/.htaccess | ||
- name: rsync deploy staging | ||
uses: burnett01/[email protected] | ||
if: ${{ github.ref == 'refs/heads/staging' }} # && ( success() || failure() ) # Remove the && clause when a HTML check is flawless | ||
with: | ||
switches: -avzr --delete | ||
path: public/ | ||
remote_path: htdocs/divd-nl-staging | ||
remote_host: ${{ secrets.DEPLOY_HOST }} | ||
remote_user: ${{ secrets.DEPLOY_USER }} | ||
remote_key: ${{ secrets.DEPLOY_KEY }} | ||
- name: rsync deploy production | ||
uses: burnett01/[email protected] | ||
if: ${{ github.ref == 'refs/heads/main' }} # && ( success() || failure() ) # Remove the && clause when a HTML check is flawless | ||
with: | ||
|
@@ -55,6 +70,6 @@ jobs: | |
remote_key: ${{ secrets.DEPLOY_KEY }} | ||
- name: Deploy GitHub pages | ||
uses: JamesIves/github-pages-deploy-action@v4 | ||
if: ${{ github.ref == 'refs/heads/main' }} # && ( success() || failure() ) # Remove the && clause when a HTML check is flawless | ||
if: ( ${{ github.ref == 'refs/heads/main' }} || ${{ github.ref == 'refs/heads/staging' }} ) # && ( success() || failure() ) # Remove the && clause when a HTML check is flawless | ||
with: | ||
folder: admin # The folder the action should deploy. | ||
folder: admin # The folder the action should deploy. |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -1,23 +1,45 @@ | ||
# We wnat to rewrite | ||
RewriteEngine On | ||
|
||
# Detect HTTPS | ||
|
||
SetEnvIfNoCase X-HTTPS-Session Yes is_ssl=yes | ||
SetEnvIfNoCase X-HTTPS-Session Yes is_https=yes | ||
SetEnvIfNoCase X-HTTPS-Session Yes HTTPS=on | ||
|
||
# Security headers | ||
Header always set Strict-Transport-Security "max-age=63072000; includeSubdomains;" | ||
Header always append X-Frame-Options DENY | ||
Header set X-Content-Type-Options nosniff | ||
Header set X-XSS-Protection "1; mode=block" | ||
Header set Content-Security-Policy "default-src 'none'; frame-src https://form.jotform.com https://eu-submit.jotform.com; font-src 'self'; img-src 'self' data: https://cdn.theorg.com https://divd.goatcounter.com/count; script-src 'self' https://form.jotform.com https://unpkg.com/ https://gc.zgo.at; style-src 'self'; connect-src 'self' https://divd.goatcounter.com/count; base-uri 'self'; frame-ancestors 'self'; form-action 'self';" | ||
|
||
|
||
Header always set Referrer-Policy "same-origin" | ||
|
||
# Error document | ||
ErrorDocument 404 /404.html | ||
|
||
# Rewrite rules | ||
RewriteEngine On | ||
# Redirect http -> https | ||
RewriteCond %{HTTP:X-HTTPS-SESSION} !^yes$ | ||
RewriteRule ^ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301,QSA] | ||
|
||
# Block requests not for www.divd.nl | ||
RewriteCond %{HTTP_HOST} !^www.divd.nl | ||
RewriteRule (.*) - [r=404] | ||
|
||
# Handle requests to directories without trailing slash | ||
RewriteCond %{REQUEST_FILENAME} -d | ||
RewriteRule (.*[^\/])$ https://www.divd.nl/$1/ [L,r=301,QSA] | ||
|
||
# Redirect requests directly to https://www.divd.nl/divd-nl-2024/... | ||
RewriteCond %{THE_REQUEST} ^\w+\s+/?divd-nl-2024 | ||
RewriteRule (.*) https://www.divd.nl/$1 [L,r=301,QSA] | ||
|
||
# Other well known urls | ||
# Vanity / well-known urls | ||
RewriteCond %{REQUEST_URI} ^/divd-nl-2024/donate [NC] | ||
RewriteRule .* /contribute/#donate [NE,L,r=301] | ||
RewriteRule .* /contribute/#donate [NE,L,r=301,QSA] | ||
|
||
RewriteCond %{REQUEST_URI} ^/divd-nl-2024/code [NC] | ||
RewriteRule .* /what-we-do/code-of-conduct/ [L,r=301] | ||
RewriteRule .* /what-we-do/code-of-conduct/ [L,r=301,QSA] | ||
|
||
RewriteCond %{REQUEST_URI} ^/divd-nl-2024/join [NC] | ||
RewriteRule .* /contribute/volunteers/ [L,r=301] | ||
RewriteRule .* /contribute/volunteers/ [L,r=301,QSA] |