alfredlinux.com/.htaccess

RewriteEngine On

# Custom 404 error page
ErrorDocument 404 /404.html

# ── Security Headers ──────────────────────────────────────────
<IfModule mod_headers.c>
  Header always set X-Content-Type-Options "nosniff"
  Header always set X-Frame-Options "SAMEORIGIN"
  Header always set Referrer-Policy "strict-origin-when-cross-origin"
  Header always set Permissions-Policy "camera=(), microphone=(), geolocation=()"
  Header always set Strict-Transport-Security "max-age=31536000; includeSubDomains" env=HTTPS
</IfModule>

# CORS for .torrent files only — ISO served via P2P, not HTTP
<IfModule mod_headers.c>
  <FilesMatch "\.torrent$">
    Header set Access-Control-Allow-Origin "*"
    Header set Access-Control-Allow-Methods "GET, HEAD, OPTIONS"
  </FilesMatch>
</IfModule>

# Clean URL: /docs → docs.php
RewriteRule ^docs/?$ /docs.php [L]

# Clean URL: /developers → developers.php
RewriteRule ^developers/?$ /developers.php [L]

# Clean URL: /download → download.php
RewriteRule ^download/?$ /download.php [L]

# Clean URL: /releases → releases.php
RewriteRule ^releases/?$ /releases.php [L]

# Clean URL: /security → security.php
RewriteRule ^security/?$ /security.php [L]

# Clean URL: /apps → apps.php
RewriteRule ^apps/?$ /apps.php [L]

# Clean URL: /compare → compare.php
RewriteRule ^compare/?$ /compare.php [L]

# Clean URL: /about → about.php
RewriteRule ^about/?$ /about.php [L]

# Torrent API proxy (unified seeder on port 3202)
RewriteCond %{REQUEST_URI} ^/torrent-api/
RewriteRule ^torrent-api/(.*)$ http://127.0.0.1:3202/$1 [P,L]

# GoForge — self-hosted Git platform (Gitea on port 3300)
RewriteCond %{REQUEST_URI} ^/forge(/|$)
RewriteRule ^forge(/.*)?$ http://127.0.0.1:3300$1 [P,L]

# WebSocket tracker proxy (tracker on port 3201)
# Browsers connect to wss://alfredlinux.com/announce
RewriteCond %{HTTP:Upgrade} websocket [NC]
RewriteCond %{REQUEST_URI} ^/announce
RewriteRule ^announce(.*)$ ws://127.0.0.1:3201/$1 [P,L]

# HTTP tracker announce (for non-WebSocket clients)
RewriteCond %{REQUEST_URI} ^/announce
RewriteRule ^announce(.*)$ http://127.0.0.1:3201/announce$1 [P,L]
feat: complete alfredlinux.com website — 9 pages + 404 + robots + sitemap - index.php: Landing page with feature showcase, editions, roadmap - download.php: WebTorrent P2P download (no torrent client needed) - apps.php: Ecosystem app downloads (Browser, IDE, Veil, Pulse) - releases.php: Full changelog RC1 through RC8 - docs.php: Technical documentation and build specs - security.php: Kernel hardening transparency report - developers.php: Developer foundation and contribution guide - compare.php: Head-to-head vs Ubuntu/Mint/Fedora/Arch - about.php: Company provenance, founder, verification commands - 404.html: Branded error page - JSON-LD structured data on 4 pages - Twitter Card + OpenGraph meta tags on all pages - Security headers (HSTS, X-Frame-Options, CSP) 2026-04-07 15:47:54 -04:00			`RewriteEngine On`

			`# Custom 404 error page`
			`ErrorDocument 404 /404.html`

			`# ── Security Headers ──────────────────────────────────────────`
			`<IfModule mod_headers.c>`
			`Header always set X-Content-Type-Options "nosniff"`
			`Header always set X-Frame-Options "SAMEORIGIN"`
			`Header always set Referrer-Policy "strict-origin-when-cross-origin"`
			`Header always set Permissions-Policy "camera=(), microphone=(), geolocation=()"`
			`Header always set Strict-Transport-Security "max-age=31536000; includeSubDomains" env=HTTPS`
			`</IfModule>`

			`# CORS for .torrent files only — ISO served via P2P, not HTTP`
			`<IfModule mod_headers.c>`
			`<FilesMatch "\.torrent$">`
			`Header set Access-Control-Allow-Origin "*"`
			`Header set Access-Control-Allow-Methods "GET, HEAD, OPTIONS"`
			`</FilesMatch>`
			`</IfModule>`

			`# Clean URL: /docs → docs.php`
			`RewriteRule ^docs/?$ /docs.php [L]`

			`# Clean URL: /developers → developers.php`
			`RewriteRule ^developers/?$ /developers.php [L]`

			`# Clean URL: /download → download.php`
			`RewriteRule ^download/?$ /download.php [L]`

			`# Clean URL: /releases → releases.php`
			`RewriteRule ^releases/?$ /releases.php [L]`

			`# Clean URL: /security → security.php`
			`RewriteRule ^security/?$ /security.php [L]`

			`# Clean URL: /apps → apps.php`
			`RewriteRule ^apps/?$ /apps.php [L]`

			`# Clean URL: /compare → compare.php`
			`RewriteRule ^compare/?$ /compare.php [L]`

			`# Clean URL: /about → about.php`
			`RewriteRule ^about/?$ /about.php [L]`

			`# Torrent API proxy (unified seeder on port 3202)`
			`RewriteCond %{REQUEST_URI} ^/torrent-api/`
			`RewriteRule ^torrent-api/(.*)$ http://127.0.0.1:3202/$1 [P,L]`

			`# GoForge — self-hosted Git platform (Gitea on port 3300)`
			`RewriteCond %{REQUEST_URI} ^/forge(/\|$)`
			`RewriteRule ^forge(/.*)?$ http://127.0.0.1:3300$1 [P,L]`

			`# WebSocket tracker proxy (tracker on port 3201)`
			`# Browsers connect to wss://alfredlinux.com/announce`
			`RewriteCond %{HTTP:Upgrade} websocket [NC]`
			`RewriteCond %{REQUEST_URI} ^/announce`
			`RewriteRule ^announce(.*)$ ws://127.0.0.1:3201/$1 [P,L]`

			`# HTTP tracker announce (for non-WebSocket clients)`
			`RewriteCond %{REQUEST_URI} ^/announce`
			`RewriteRule ^announce(.*)$ http://127.0.0.1:3201/announce$1 [P,L]`