# Конфигурация Apache 2.4.57 для Django приложения
# Разместить в /etc/apache2/sites-available/project.conf
ServerName your-domain.com
ServerAlias www.your-domain.com
# Редирект на HTTPS
RewriteEngine On
RewriteCond %{HTTPS} off
RewriteRule ^(.*)$ https://%{HTTP_HOST}%{REQUEST_URI} [R=301,L]
ServerName your-domain.com
ServerAlias www.your-domain.com
# SSL конфигурация
SSLEngine on
SSLCertificateFile /etc/ssl/certs/your-cert.pem
SSLCertificateKeyFile /etc/ssl/private/your-key.pem
SSLCertificateChainFile /etc/ssl/certs/your-chain.pem
# SSL настройки безопасности
SSLProtocol all -SSLv3 -TLSv1 -TLSv1.1
SSLCipherSuite ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256
SSLHonorCipherOrder off
SSLSessionTickets off
# Основные настройки
DocumentRoot /var/www/project
# WSGI конфигурация
WSGIDaemonProcess project python-path=/var/www/project/src python-home=/var/www/project/venv
WSGIProcessGroup project
WSGIScriptAlias / /var/www/project/src/config/wsgi.py
WSGIApplicationGroup %{GLOBAL}
# Права доступа к WSGI файлу
Require all granted
# Статические файлы
Alias /static/ /var/www/project/staticfiles/
Require all granted
ExpiresActive On
ExpiresDefault "access plus 1 year"
Header append Cache-Control "public"
# Медиа файлы
Alias /media/ /var/www/project/media/
Require all granted
ExpiresActive On
ExpiresDefault "access plus 1 year"
Header append Cache-Control "public"
# Логи
ErrorLog ${APACHE_LOG_DIR}/project_error.log
CustomLog ${APACHE_LOG_DIR}/project_access.log combined
# Заголовки безопасности
Header always set X-Frame-Options "SAMEORIGIN"
Header always set X-Content-Type-Options "nosniff"
Header always set X-XSS-Protection "1; mode=block"
Header always set Referrer-Policy "no-referrer-when-downgrade"
# Ограничение размера загрузки
LimitRequestBody 104857600
# Health check endpoint
SetHandler none
Require all granted