From 2bf36d13099fb837e7def8a85a59d9a0beb3bbfa Mon Sep 17 00:00:00 2001 From: Frank Breedijk Date: Mon, 22 Jul 2024 15:56:00 +0200 Subject: [PATCH] FIx vhosting for prod --- .github/workflows/build_pages_native.yml | 21 +++++++++++-- static/.htaccess | 38 +++++++++++++++++++----- 2 files changed, 48 insertions(+), 11 deletions(-) diff --git a/.github/workflows/build_pages_native.yml b/.github/workflows/build_pages_native.yml index 9401f01d..40046495 100644 --- a/.github/workflows/build_pages_native.yml +++ b/.github/workflows/build_pages_native.yml @@ -43,7 +43,22 @@ jobs: # with: # name: html5validator_log # path: log.log - - name: rsync deploy + - name: Modify .htacess for staging + if: ${{ github.ref == 'refs/heads/staging' }} + run: | + sed -i 's#www\.divd#staging.divd#' public/.htaccess + sed -i 's#\-2024#-staging#g' public/.htaccess + - name: rsync deploy staging + uses: burnett01/rsync-deployments@5.2.1 + if: ${{ github.ref == 'refs/heads/staging' }} # && ( success() || failure() ) # Remove the && clause when a HTML check is flawless + with: + switches: -avzr --delete + path: public/ + remote_path: htdocs/divd-nl-staging + remote_host: ${{ secrets.DEPLOY_HOST }} + remote_user: ${{ secrets.DEPLOY_USER }} + remote_key: ${{ secrets.DEPLOY_KEY }} + - name: rsync deploy production uses: burnett01/rsync-deployments@5.2.1 if: ${{ github.ref == 'refs/heads/main' }} # && ( success() || failure() ) # Remove the && clause when a HTML check is flawless with: @@ -55,6 +70,6 @@ jobs: remote_key: ${{ secrets.DEPLOY_KEY }} - name: Deploy GitHub pages uses: JamesIves/github-pages-deploy-action@v4 - if: ${{ github.ref == 'refs/heads/main' }} # && ( success() || failure() ) # Remove the && clause when a HTML check is flawless + if: ( ${{ github.ref == 'refs/heads/main' }} || ${{ github.ref == 'refs/heads/staging' }} ) # && ( success() || failure() ) # Remove the && clause when a HTML check is flawless with: - folder: admin # The folder the action should deploy. + folder: admin # The folder the action should deploy. \ No newline at end of file diff --git a/static/.htaccess b/static/.htaccess index dd81cc0a..4666f316 100644 --- a/static/.htaccess +++ b/static/.htaccess @@ -1,23 +1,45 @@ +# We wnat to rewrite +RewriteEngine On + +# Detect HTTPS + +SetEnvIfNoCase X-HTTPS-Session Yes is_ssl=yes +SetEnvIfNoCase X-HTTPS-Session Yes is_https=yes +SetEnvIfNoCase X-HTTPS-Session Yes HTTPS=on + +# Security headers Header always set Strict-Transport-Security "max-age=63072000; includeSubdomains;" Header always append X-Frame-Options DENY Header set X-Content-Type-Options nosniff Header set X-XSS-Protection "1; mode=block" Header set Content-Security-Policy "default-src 'none'; frame-src https://form.jotform.com https://eu-submit.jotform.com; font-src 'self'; img-src 'self' data: https://cdn.theorg.com https://divd.goatcounter.com/count; script-src 'self' https://form.jotform.com https://unpkg.com/ https://gc.zgo.at; style-src 'self'; connect-src 'self' https://divd.goatcounter.com/count; base-uri 'self'; frame-ancestors 'self'; form-action 'self';" - - Header always set Referrer-Policy "same-origin" +# Error document ErrorDocument 404 /404.html -# Rewrite rules -RewriteEngine On +# Redirect http -> https +RewriteCond %{HTTP:X-HTTPS-SESSION} !^yes$ +RewriteRule ^ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301,QSA] + +# Block requests not for www.divd.nl +RewriteCond %{HTTP_HOST} !^www.divd.nl +RewriteRule (.*) - [r=404] + +# Handle requests to directories without trailing slash +RewriteCond %{REQUEST_FILENAME} -d +RewriteRule (.*[^\/])$ https://www.divd.nl/$1/ [L,r=301,QSA] + +# Redirect requests directly to https://www.divd.nl/divd-nl-2024/... +RewriteCond %{THE_REQUEST} ^\w+\s+/?divd-nl-2024 +RewriteRule (.*) https://www.divd.nl/$1 [L,r=301,QSA] -# Other well known urls +# Vanity / well-known urls RewriteCond %{REQUEST_URI} ^/divd-nl-2024/donate [NC] -RewriteRule .* /contribute/#donate [NE,L,r=301] +RewriteRule .* /contribute/#donate [NE,L,r=301,QSA] RewriteCond %{REQUEST_URI} ^/divd-nl-2024/code [NC] -RewriteRule .* /what-we-do/code-of-conduct/ [L,r=301] +RewriteRule .* /what-we-do/code-of-conduct/ [L,r=301,QSA] RewriteCond %{REQUEST_URI} ^/divd-nl-2024/join [NC] -RewriteRule .* /contribute/volunteers/ [L,r=301] +RewriteRule .* /contribute/volunteers/ [L,r=301,QSA] \ No newline at end of file