Hi there, I installed Flarum via ./flarum-management and all's good, with one exception: my .htaccess is not doing the http -> https redirect.
The Flarum link is: https://forum.teleskop.ro
Here's my .htaccess file:
Allow access if Flarum is installed in a subdirectory,
# but another .htaccess in a higher directory denies access.
RewriteEngine On
RewriteCond %{HTTPS} !=on
RewriteRule ^ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]
<IfModule mod_authz_core.c>
Require all granted
</IfModule>
<IfModule !mod_authz_core.c>
Order Allow,Deny
Allow from all
</IfModule>
# Fix for https://httpoxy.org vulnerability
Header unset Proxy
<IfModule mod_rewrite.c>
RewriteEngine on
RewriteRule .* - [E=HTTP_AUTHORIZATION:%{HTTP:Authorization}]
RewriteRule ^vendor/(.*)?$ / [F,L]
RewriteRule ^storage/(.*)?$ / [F,L]
RewriteRule ^config.php$ / [F,L]
RewriteRule ^api(.*)$ api.php [QSA,L]
RewriteRule ^admin(.*)$ admin.php [QSA,L]
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule !^assets index.php [QSA,L]
# MultiViews can mess up our rewriting scheme
Options -MultiViews
# Autoindex will list all assets files which is not so good
Options -Indexes
</IfModule>
<IfModule mod_deflate.c>
# Compress all output labeled with one of the following MIME-types
<IfModule mod_filter.c>
AddOutputFilterByType DEFLATE application/atom+xml \
application/javascript \
application/json \
application/vnd.ms-fontobject \
application/x-font-ttf \
application/x-web-app-manifest+json \
application/xhtml+xml \
application/xml \
font/opentype \
image/svg+xml \
image/x-icon \
text/css \
text/html \
text/plain \
text/xml
</IfModule>
</IfModule>
# Configure cache expiry for different file types
<IfModule mod_expires.c>
ExpiresActive on
ExpiresDefault "access plus 1 second"
ExpiresByType text/css "access plus 1 year"
ExpiresByType application/json "access plus 0 seconds"
ExpiresByType application/xml "access plus 0 seconds"
ExpiresByType text/xml "access plus 0 seconds"
ExpiresByType image/x-icon "access plus 1 week"
ExpiresByType text/html "access plus 0 seconds"
ExpiresByType application/javascript "access plus 1 year"
ExpiresByType application/x-web-app-manifest+json "access plus 0 seconds"
ExpiresByType text/cache-manifest "access plus 0 seconds"
ExpiresByType image/gif "access plus 1 month"
ExpiresByType image/jpeg "access plus 1 month"
ExpiresByType image/png "access plus 1 month"
ExpiresByType application/atom+xml "access plus 1 hour"
ExpiresByType application/rss+xml "access plus 1 hour"
ExpiresByType application/font-woff2 "access plus 1 month"
ExpiresByType application/font-woff "access plus 1 month"
ExpiresByType application/vnd.ms-fontobject "access plus 1 month"
ExpiresByType application/x-font-ttf "access plus 1 month"
ExpiresByType font/opentype "access plus 1 month"
ExpiresByType image/svg+xml "access plus 1 month"
</IfModule>
# Allow access from all domains for webfonts.
# Alternatively you could only whitelist your
# subdomains like "subdomain.example.com".
<IfModule mod_headers.c>
<FilesMatch "\.(ttf|ttc|otf|eot|woff|font.css|css)$">
Header set Access-Control-Allow-Origin "*"
</FilesMatch>
</IfModule>
And this is my config.php:
<?php return array (
'debug' => false,
'database' =>
array (
'driver' => 'mysql',
'host' => 'localhost',
'database' => 'not',
'username' => 'this',
'password' => 'time',
'charset' => 'utf8mb4',
'collation' => 'utf8mb4_unicode_ci',
'prefix' => 'hackerman',
'port' => '3306',
'strict' => false,
),
'url' => 'https://forum.teleskop.ro',
'paths' =>
array (
'api' => 'api',
'admin' => 'admin',
),
);
