# REDCap Apache虚拟主机配置
# 版本：v1.0
# 日期：2026-01-01
# 适用：开发/测试/生产环境

<VirtualHost *:80>
    ServerName localhost
    ServerAdmin admin@localhost
    DocumentRoot /var/www/html/redcap
    
    # ========== 目录配置 ==========
    <Directory /var/www/html/redcap>
        # 禁止目录浏览（安全）
        Options -Indexes +FollowSymLinks
        
        # 允许.htaccess覆盖
        AllowOverride All
        
        # 访问权限
        Require all granted
        
        # 默认首页
        DirectoryIndex index.php index.html
    </Directory>
    
    # ========== 限制特定目录访问（安全） ==========
    # 禁止直接访问temp目录
    <Directory /var/www/html/redcap/temp>
        Require all denied
    </Directory>
    
    # 禁止直接访问modules源码（仅允许通过REDCap访问）
    <DirectoryMatch "^/var/www/html/redcap/modules/.*/.*\.php$">
        Require all denied
    </DirectoryMatch>
    
    # ========== 日志配置 ==========
    ErrorLog ${APACHE_LOG_DIR}/redcap-error.log
    CustomLog ${APACHE_LOG_DIR}/redcap-access.log combined
    
    # 日志级别（开发环境：info，生产环境：warn）
    LogLevel warn
    
    # ========== 安全头（推荐） ==========
    # 防止点击劫持
    Header always set X-Frame-Options "SAMEORIGIN"
    
    # 防止MIME类型嗅探
    Header always set X-Content-Type-Options "nosniff"
    
    # XSS保护
    Header always set X-XSS-Protection "1; mode=block"
    
    # Referrer策略
    Header always set Referrer-Policy "strict-origin-when-cross-origin"
    
    # ========== PHP配置覆盖 ==========
    # 文件上传限制
    php_value upload_max_filesize 32M
    php_value post_max_size 32M
    
    # 执行时间限制（数据导出需要）
    php_value max_execution_time 300
    php_value max_input_time 300
    
    # 内存限制
    php_value memory_limit 256M
    
    # ========== 性能优化 ==========
    # 启用gzip压缩（暂时禁用，解决浏览器解码问题）
    # <IfModule mod_deflate.c>
    #     AddOutputFilterByType DEFLATE text/html text/plain text/xml text/css text/javascript application/javascript application/json
    # </IfModule>
    
    # 浏览器缓存（静态资源）
    <IfModule mod_expires.c>
        ExpiresActive On
        ExpiresByType image/jpg "access plus 1 month"
        ExpiresByType image/jpeg "access plus 1 month"
        ExpiresByType image/png "access plus 1 month"
        ExpiresByType image/gif "access plus 1 month"
        ExpiresByType text/css "access plus 1 week"
        ExpiresByType application/javascript "access plus 1 week"
    </IfModule>
</VirtualHost>

# ========== HTTPS配置（生产环境） ==========
# 生产环境应启用HTTPS，取消下方注释并配置SSL证书：

# <VirtualHost *:443>
#     ServerName redcap.yourdomain.com
#     ServerAdmin admin@yourdomain.com
#     DocumentRoot /var/www/html/redcap
#     
#     # SSL证书配置
#     SSLEngine on
#     SSLCertificateFile /etc/ssl/certs/redcap.crt
#     SSLCertificateKeyFile /etc/ssl/private/redcap.key
#     # 如有中间证书：
#     # SSLCertificateChainFile /etc/ssl/certs/intermediate.crt
#     
#     # SSL安全配置
#     SSLProtocol all -SSLv2 -SSLv3 -TLSv1 -TLSv1.1
#     SSLCipherSuite HIGH:!aNULL:!MD5:!3DES
#     SSLHonorCipherOrder on
#     
#     # HSTS（强制HTTPS）
#     Header always set Strict-Transport-Security "max-age=31536000; includeSubDomains"
#     
#     # 其他配置同上（Directory、Log等）
#     <Directory /var/www/html/redcap>
#         Options -Indexes +FollowSymLinks
#         AllowOverride All
#         Require all granted
#     </Directory>
#     
#     ErrorLog ${APACHE_LOG_DIR}/redcap-ssl-error.log
#     CustomLog ${APACHE_LOG_DIR}/redcap-ssl-access.log combined
# </VirtualHost>

# ========== HTTP强制跳转HTTPS（生产环境启用） ==========
# <VirtualHost *:80>
#     ServerName redcap.yourdomain.com
#     Redirect permanent / https://redcap.yourdomain.com/
# </VirtualHost>