GreenComet - Notes from a web programmer

The .htaccess file performs many different functions. This is an apache configuration file. Consider how to set a password for access to the site using .htaccess . This may be needed at design time or as an additional security tool. Video instruction To store the password (or passwords) from the directory, you need to create another file. Usually it is called .htpasswd , but you can call it differently. Put this file must be in the root of the site or above Sample entry in .htaccess AuthName "Authentication required" AuthType Basic AuthUserFile /home/yourdir/.htpasswd Require user yourlogin Set the password for yourlogin user in the .htpasswd file yourlogin:Mk5aMaDxjJch2 The link to generate passwords https://stringutils.online/htpasswd

A redirect is to redirect site visitors from one URL to another. 301 status indicates that the redirect is permanent. Removing www from the site address is necessary primarily for SEO . Since sites with www and without for search engines are different sites with the same content. For Apache server, you need to make an entry in the .htaccess file RewriteCond %{HTTP_HOST} ^www.example.com RewriteRule ^(.*)$ http://example.com/$1 [R=301,L] For NGINX , write in the site configuration file if ($host ~* www\.(.*)) { set $host_without_www $1; rewrite ^(.*)$ http://$host_without_www$1 permanent; } $host_without_www - write like that, this is a server variable

HTTPS is an advanced data transfer protocol that supports encryption. Install free ssl certificate from Lets Encrypt . Ubuntu server operating system Get a certificate sudo letsencrypt certonly -a webroot --webroot-path=/var/www/site.com/public_html -d site.com -d www.site.com Prolong sudo letsencrypt renew nginx config server { listen 80 ; server_name site.com.ru www.site.com; return 301 https://$server_name$request_uri; } server { # SSL configuration listen 443 ssl http2; listen [::]:443 ssl http2; server_name site.com www.site.com; ssl_certificate /etc/letsencrypt/live/site.com/fullchain.pem; ssl_certificate_key /etc/letsencrypt/live/site.com/privkey.pem; ssl_trusted_certificate /etc/letsencrypt/live/site.com/chain.pem; add_header Content-Security-Policy "img-src https: data:; upgrade-insecure-requests"; # We keep access log: access_log /var/log/nginx/site.com_access.log; # We share static and dynamic, static ...