# Apache Configuration for Next.js Website on cPanel

<IfModule mod_rewrite.c>
  RewriteEngine On
  RewriteBase /

  # Allow both HTTP and HTTPS
  # Proxy all requests to Node.js server (port 3000)
  RewriteCond %{REQUEST_FILENAME} !-f
  RewriteCond %{REQUEST_FILENAME} !-d
  RewriteRule ^(.*)$ http://127.0.0.1:3000/$1 [P,L]
</IfModule>

# Enable mod_proxy
<IfModule mod_proxy.c>
  ProxyRequests Off
  ProxyPreserveHost On
  ProxyPassReverse / http://127.0.0.1:3000/
</IfModule>

# Disable directory listing
<IfModule mod_autoindex.c>
  Options -Indexes
</IfModule>

# Set default character encoding
AddDefaultCharset UTF-8

# Gzip compression
<IfModule mod_deflate.c>
  AddEncoding gzip .gz
  <FilesMatch "\.(js|css|html|htm|xml|txt|svg|json)$">
    SetOutputFilter DEFLATE
  </FilesMatch>
</IfModule>

# Browser caching rules
<IfModule mod_expires.c>
  ExpiresActive On
  ExpiresDefault "access plus 1 month"
  ExpiresByType text/css "access plus 1 year"
  ExpiresByType application/javascript "access plus 1 year"
  ExpiresByType image/jpeg "access plus 1 year"
  ExpiresByType image/png "access plus 1 year"
  ExpiresByType text/html "access plus 2 weeks"
</IfModule>

# Cache-Control and Security headers
<IfModule mod_headers.c>
  <FilesMatch "\.(js|css|jpg|jpeg|png|gif|ico|svg|woff|woff2)$">
    Header set Cache-Control "max-age=31536000, public, immutable"
  </FilesMatch>
  <FilesMatch "\.(html|htm)$">
    Header set Cache-Control "max-age=1209600, public"
  </FilesMatch>
  Header always set X-Content-Type-Options "nosniff"
  Header always set X-Frame-Options "SAMEORIGIN"
  Header always set X-XSS-Protection "1; mode=block"
  Header always unset X-Powered-By
</IfModule>

# Protect sensitive files
<FilesMatch "^\.(?!well-known)">
  Order allow,deny
  Deny from all
</FilesMatch>
