# httpd.conf file for ZendTo container # Doesn't need to worry about https at all, the container environment will provide all of that. # This suppresses the warnings from apachectl about not being able to find hostname ServerName localhost DocumentRoot "/opt/zendto/www" #Just stdout for Docker: CustomLog ${APACHE_LOG_DIR}/access.log combined CustomLog /dev/stdout combined # Basic Apache security ServerTokens Prod ServerSignature Off Require all denied Header set X-Content-Type-Options: "nosniff" # Disable all index... files except index.php DirectoryIndex disabled DirectoryIndex index.php # Add the "SameSite" restriction to all cookies. # Warning: This will break if you embed ZendTo in an iframe or similar! Header edit Set-Cookie ^(.*)\$ \$1;SameSite=Lax # Rewrite anything not ending in .php so it does end in .php. # This allows us to totally hide the fact that ZendTo is a PHP app # Use this in conjunction with 'hidePHP' => TRUE in preferences.php. RewriteEngine on RewriteCond %{REQUEST_FILENAME} !-d RewriteCond %{REQUEST_FILENAME}\.php -f RewriteRule ^(.*)\$ \$1.php # Need this else mod_rewrite rule above won't work due to # mod_negotiation. AddType application/x-httpd-php .php Options FollowSymLinks MultiViews # This controls what directives may be placed in .htaccess files AllowOverride All # Controls who can get stuff from this server file # For Apache 2.2: Order allow,deny Allow from all # For Apache 2.4: Require all granted # Uncomment this to start getting the WebDAV support working. # You also need to run these: # a2enmod dav_fs # a2enmod dav #Alias /library /var/zendto/shared/library # # DAV on # AuthUserFile /var/zendto/shared/library.passwd # AuthName "ZendTo Library" # AuthType Basic # Require valid-user #