alfredlinux.com/.htaccess

RewriteEngine On

# Custom 404 error page
ErrorDocument 404 /404.html

# ── Security Headers ──────────────────────────────────────────
<IfModule mod_headers.c>
  Header always set X-Content-Type-Options "nosniff"
  Header always set X-Frame-Options "SAMEORIGIN"
  Header always set Referrer-Policy "strict-origin-when-cross-origin"
  Header always set Permissions-Policy "camera=(), microphone=(), geolocation=()"
  Header always set Strict-Transport-Security "max-age=31536000; includeSubDomains" env=HTTPS
</IfModule>

# CORS for .torrent files only — ISO served via P2P, not HTTP
<IfModule mod_headers.c>
  <FilesMatch "\.torrent$">
    Header set Access-Control-Allow-Origin "*"
    Header set Access-Control-Allow-Methods "GET, HEAD, OPTIONS"
  </FilesMatch>
</IfModule>

# Clean URL: /docs → docs.php
RewriteRule ^docs/?$ /docs.php [L]

# Clean URL: /developers → developers.php
RewriteRule ^developers/?$ /developers.php [L]

# Clean URL: /download → download.php
RewriteRule ^download/?$ /download.php [L]

# Clean URL: /releases → releases.php
RewriteRule ^releases/?$ /releases.php [L]

# Clean URL: /security → security.php
RewriteRule ^security/?$ /security.php [L]

# Clean URL: /apps → apps.php
RewriteRule ^apps/?$ /apps.php [L]

# Clean URL: /compare → compare.php
RewriteRule ^compare/?$ /compare.php [L]

# Clean URL: /about → about.php
RewriteRule ^about/?$ /about.php [L]

# Torrent API proxy (unified seeder on port 3202)
RewriteCond %{REQUEST_URI} ^/torrent-api/
RewriteRule ^torrent-api/(.*)$ http://127.0.0.1:3202/$1 [P,L]

# GoForge — self-hosted Git platform (Gitea on port 3300)
RewriteCond %{REQUEST_URI} ^/forge(/|$)
RewriteRule ^forge(/.*)?$ http://127.0.0.1:3300$1 [P,L]

# WebSocket tracker proxy (tracker on port 3201)
# Browsers connect to wss://alfredlinux.com/announce
RewriteCond %{HTTP:Upgrade} websocket [NC]
RewriteCond %{REQUEST_URI} ^/announce
RewriteRule ^announce(.*)$ ws://127.0.0.1:3201/$1 [P,L]

# HTTP tracker announce (for non-WebSocket clients)
RewriteCond %{REQUEST_URI} ^/announce
RewriteRule ^announce(.*)$ http://127.0.0.1:3201/announce$1 [P,L]