This boilerplate includes an app/.htaccess
file that does three things:
- Redirect all traffic to HTTPS because ServiceWorker only works for encrypted traffic.
- Rewrite all pages (e.g.
yourdomain.com/subpage
) toyourdomain.com/index.html
to letreact-router
take care of presenting the correct page. - Ensure that sw.js is not cached. This is required for updates to be downloaded in offline-first mode.
Note: For performance reasons you should probably adapt this to run as a static
.conf
file (typically under/etc/apache2/sites-enabled
or similar) so that your server doesn't have to apply these rules dynamically per request)
.htaccess
can only provide security by redirecting HTTP to HTTPS
Note: For a detailed security configuration in apache httpd, a
.conf
file is necessary. You can use Mozilla's TLS Configurator to get some examples.
An app/.nginx.conf
file is included that does the same on an Nginx server.
Additionally, the .nginx.conf
provides TLS security configuration settings based on Mozilla's TLS Guidelines, including:
- HSTS Header
- TLS 1.2 only
- Prefer server-side ciphersuites
- Strong ciphersuites
- Own DH Key (optional)
- OCSP & SSL Stapling (optional)