We Keep Coding

How to optimize Apache for Drupal 8?

I have an LAMP server for my Drupal 8 site.
I do not know what I can optimize to improve the performance of my site.
This is a dynamic site.
Should I use the htaccess files or disable them and put everything in vhost ?
Is the file below correct ?
What can I add ?
.htaccess :
#
# Apache/PHP/Drupal settings:
#
# Protect files and directories from prying eyes.
<FilesMatch "\.(engine|inc|install|make|module|profile|po|sh|.*sql|theme|twig|tpl(\.php)?|xtmpl|yml)(~|\.sw[op]|\.bak|\.orig|\.save)?$|^(\.(?!well-known).*|Entries.*|Repository|Root|Tag|Template|composer\.(json|lock))$|^#.*#$|\.php(~|\.sw[op]|\.bak|\.orig|\.save)$">
<IfModule mod_authz_core.c>
Require all denied
</IfModule>
<IfModule !mod_authz_core.c>
Order allow,deny
</IfModule>
</FilesMatch>
# Don't show directory listings for URLs which map to a directory.
Options -Indexes
# Set the default handler.
DirectoryIndex index.php index.html index.htm
# Add correct encoding for SVGZ.
AddType image/svg+xml svg svgz
AddEncoding gzip svgz
# Most of the following PHP settings cannot be changed at runtime. See
# sites/default/default.settings.php and
# Drupal\Core\DrupalKernel::bootEnvironment() for settings that can be
# changed at runtime.
# PHP 5, Apache 1 and 2.
<IfModule mod_php5.c>
php_value assert.active 0
php_flag session.auto_start off
php_value mbstring.http_input pass
php_value mbstring.http_output pass
php_flag mbstring.encoding_translation off
# PHP 5.6 has deprecated $HTTP_RAW_POST_DATA and produces warnings if this is
# not set.
php_value always_populate_raw_post_data -1
</IfModule>
# Requires mod_expires to be enabled.
<IfModule mod_expires.c>
# Enable expirations.
ExpiresActive on
ExpiresDefault "access plus 30 seconds"
ExpiresByType text/html "access plus 15 days"
ExpiresByType image/gif "access plus 1 months"
ExpiresByType image/jpg "access plus 1 months"
ExpiresByType image/jpeg "access plus 1 months"
ExpiresByType image/png "access plus 1 months"
ExpiresByType text/js "access plus 1 months"
ExpiresByType text/javascript "access plus 1 months"
<FilesMatch \.php$>
# Do not allow PHP scripts to be cached unless they explicitly send cache
# headers themselves. Otherwise all scripts would have to overwrite the
# headers set by mod_expires if they want another caching behavior. This may
# fail if an error occurs early in the bootstrap process, and it may cause
# problems if a non-Drupal PHP file is installed in a subdirectory.
ExpiresActive Off
</FilesMatch>
</IfModule>
# Set a fallback resource if mod_rewrite is not enabled. This allows Drupal to
# work without clean URLs. This requires Apache version >= 2.2.16. If Drupal is
# not accessed by the top level URL (i.e.: http://example.com/drupal/ instead of
# http://example.com/), the path to index.php will need to be adjusted.
<IfModule !mod_rewrite.c>
FallbackResource /index.php
</IfModule>
# Various rewrite rules.
<IfModule mod_rewrite.c>
RewriteEngine on
# Set "protossl" to "s" if we were accessed via https://. This is used later
# if you enable "www." stripping or enforcement, in order to ensure that
# you don't bounce between http and https.
RewriteRule ^ - [E=protossl]
RewriteCond %{HTTPS} on
RewriteRule ^ - [E=protossl:s]
# Make sure Authorization HTTP header is available to PHP
# even when running as CGI or FastCGI.
RewriteRule ^ - [E=HTTP_AUTHORIZATION:%{HTTP:Authorization}]
# Block access to "hidden" directories whose names begin with a period. This
# includes directories used by version control systems such as Subversion or
# Git to store control files. Files whose names begin with a period, as well
# as the control files used by CVS, are protected by the FilesMatch directive
# above.
#
# NOTE: This only works when mod_rewrite is loaded. Without mod_rewrite, it is
# not possible to block access to entire directories from .htaccess because
# <DirectoryMatch> is not allowed here.
#
# If you do not have mod_rewrite installed, you should remove these
# directories from your webroot or otherwise protect them from being
# downloaded.
RewriteRule "/\.|^\.(?!well-known/)" - [F]
# If your site can be accessed both with and without the 'www.' prefix, you
# can use one of the following settings to redirect users to your preferred
# URL, either WITH or WITHOUT the 'www.' prefix. Choose ONLY one option:
#
# To redirect all users to access the site WITH the 'www.' prefix,
# (http://example.com/foo will be redirected to http://www.example.com/foo)
# uncomment the following:
RewriteCond %{HTTP_HOST} .
RewriteCond %{HTTP_HOST} !^www\. [NC]
RewriteRule ^ http%{ENV:protossl}://www.%{HTTP_HOST}%{REQUEST_URI} [L,R=301]
# To redirect all users to access the site WITHOUT the 'www.' prefix,
# (http://www.example.com/foo will be redirected to http://example.com/foo)
# uncomment the following:
# RewriteCond %{HTTP_HOST} ^www\.(.+)$ [NC]
# RewriteRule ^ http%{ENV:protossl}://%1%{REQUEST_URI} [L,R=301]
# Modify the RewriteBase if you are using Drupal in a subdirectory or in a
# VirtualDocumentRoot and the rewrite rules are not working properly.
# For example if your site is at http://example.com/drupal uncomment and
# modify the following line:
# RewriteBase /drupal
#
# If your site is running in a VirtualDocumentRoot at http://example.com/,
# uncomment the following line:
# RewriteBase /
# Redirect common PHP files to their new locations.
RewriteCond %{REQUEST_URI} ^(.*)?/(install.php) [OR]
RewriteCond %{REQUEST_URI} ^(.*)?/(rebuild.php)
RewriteCond %{REQUEST_URI} !core
RewriteRule ^ %1/core/%2 [L,QSA,R=301]
# Rewrite install.php during installation to see if mod_rewrite is working
RewriteRule ^core/install.php core/install.php?rewrite=ok [QSA,L]
# Pass all requests not referring directly to files in the filesystem to
# index.php.
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteCond %{REQUEST_URI} !=/favicon.ico
RewriteRule ^ index.php [L]
# For security reasons, deny access to other PHP files on public sites.
# Note: The following URI conditions are not anchored at the start (^),
# because Drupal may be located in a subdirectory. To further improve
# security, you can replace '!/' with '!^/'.
# Allow access to PHP files in /core (like authorize.php or install.php):
RewriteCond %{REQUEST_URI} !/core/[^/]*\.php$
# Allow access shariff-backend-php.
RewriteCond %{REQUEST_URI} !/shariff-backend-php/
# Allow access to test-specific PHP files:
RewriteCond %{REQUEST_URI} !/core/modules/system/tests/https?.php
# Allow access to Statistics module's custom front controller.
# Copy and adapt this rule to directly execute PHP files in contributed or
# custom modules or to run another PHP application in the same directory.
RewriteCond %{REQUEST_URI} !/core/modules/statistics/statistics.php$
# Deny access to any other PHP files that do not match the rules above.
# Specifically, disallow autoload.php from being served directly.
RewriteRule "^(.+/.*|autoload)\.php($|/)" - [F]
# Rules to correctly serve gzip compressed CSS and JS files.
# Requires both mod_rewrite and mod_headers to be enabled.
<IfModule mod_headers.c>
# Serve gzip compressed CSS files if they exist and the client accepts gzip.
RewriteCond %{HTTP:Accept-encoding} gzip
RewriteCond %{REQUEST_FILENAME}\.gz -s
RewriteRule ^(.*)\.css $1\.css\.gz [QSA]
# Serve gzip compressed JS files if they exist and the client accepts gzip.
RewriteCond %{HTTP:Accept-encoding} gzip
RewriteCond %{REQUEST_FILENAME}\.gz -s
RewriteRule ^(.*)\.js $1\.js\.gz [QSA]
# Serve correct content types, and prevent mod_deflate double gzip.
RewriteRule \.css\.gz$ - [T=text/css,E=no-gzip:1]
RewriteRule \.js\.gz$ - [T=text/javascript,E=no-gzip:1]
<FilesMatch "(\.js\.gz|\.css\.gz)$">
# Serve correct encoding type.
Header set Content-Encoding gzip
# Force proxies to cache gzipped & non-gzipped css/js files separately.
Header append Vary Accept-Encoding
</FilesMatch>
</IfModule>
</IfModule>
# Various header fixes.
<IfModule mod_headers.c>
# Disable content sniffing, since it's an attack vector.
Header always set X-Content-Type-Options nosniff
# Disable Proxy header, since it's an attack vector.
RequestHeader unset Proxy
</IfModule>
<IfModule mod_gzip.c>
mod_gzip_on Yes
mod_gzip_dechunk Yes
mod_gzip_item_include file .(html?|txt|css|js|php|pl)$
mod_gzip_item_include handler ^cgi-script$
mod_gzip_item_include mime ^text/.*
mod_gzip_item_include mime ^application/x-javascript.*
mod_gzip_item_exclude mime ^image/.*
mod_gzip_item_exclude rspheader ^Content-Encoding:.*gzip.*
</IfModule>
<IfModule mod_deflate.c>
AddOutputFilterByType DEFLATE application/javascript
AddOutputFilterByType DEFLATE application/rss+xml
AddOutputFilterByType DEFLATE application/vnd.ms-fontobject
AddOutputFilterByType DEFLATE application/x-font
AddOutputFilterByType DEFLATE application/x-font-opentype
AddOutputFilterByType DEFLATE application/x-font-otf
AddOutputFilterByType DEFLATE application/x-font-truetype
AddOutputFilterByType DEFLATE application/x-font-ttf
AddOutputFilterByType DEFLATE application/x-javascript
AddOutputFilterByType DEFLATE application/xhtml+xml
AddOutputFilterByType DEFLATE application/xml
AddOutputFilterByType DEFLATE font/opentype
AddOutputFilterByType DEFLATE font/otf
AddOutputFilterByType DEFLATE font/ttf
AddOutputFilterByType DEFLATE image/svg+xml
AddOutputFilterByType DEFLATE image/x-icon
AddOutputFilterByType DEFLATE text/css
AddOutputFilterByType DEFLATE text/html
AddOutputFilterByType DEFLATE text/javascript
AddOutputFilterByType DEFLATE text/plain
AddOutputFilterByType DEFLATE text/xml
</IfModule>
/etc/apache2/sites-available/www-domaine-com-le-ssl.conf :
<IfModule mod_ssl.c>
<VirtualHost *:443>
ServerAdmin contact#domaine.com
ServerName domaine.com
ServerAlias www.domaine.com
Protocols h2 http/1.1
DocumentRoot /var/www/www-domaine-com/web/
<Directory /var/www/www-domaine-com/web>
Options FollowSymLinks MultiViews
AllowOverride All
Require all granted
</Directory>
<FilesMatch \.php$>
SetHandler "proxy:unix:/var/run/php/php7.2-fpm.sock|fcgi://localhost/"
</FilesMatch>
<Proxy "fcgi://localhost/" enablereuse=on flushpackets=on max=10>
</Proxy>
ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined
Include /etc/letsencrypt/options-ssl-apache.conf
SSLCertificateFile /etc/letsencrypt/live/domaine.com/fullchain.pem
SSLCertificateKeyFile /etc/letsencrypt/live/domaine.com/privkey.pem
Header always set Strict-Transport-Security "max-age=15768000; includeSubDomains; preload"
Header always set X-Content-Type-Options "nosniff"
Header always set X-XSS-Protection "1; mode=block"
Header always set X-Frame-Options "SAMEORIGIN"
Header always set X-Download-Options "noopen"
Header always set X-Permitted-Cross-Domain-Policies "none"
Header always set Content-Security-Policy "default-src https: data: wss: 'unsafe-inline' 'unsafe-eval'; base-uri 'self';"
Header edit Set-Cookie ^(.*)$ $1;HttpOnly;Secure
</VirtualHost>
</IfModule>

Using dynamic configuration files (".htaccess") will definitely slow down your server. That is documented and actually easy to understand:
The static configuration is read exactly once at startup time. When dynamic configuration files are enabled, then the server has to check each physical folder from the root up to the requested object (if mapped to the file system) whether there are such configuration files (which can occur on every level of the file system). And if some are found then each has to be read and interpreted for every single request. All that is additional load.
These files are only supported for two typical situations:
when you have no access to the actual host configuration of the server (read: really cheap hosting providers)
for applications that insist on writing their own rewriting rules (which is an obvious security nightmare once you start thinking about it)
If none of the two situations apply to you, then the clear recommendation is to not use dynamic configuration files but use the static configuration instead. And possibly even to disable those files completely.
Take care however for the details. You cannot simply move the directives in all cases, sometimes you need to adapt them:
there are directives you cannot use in all locations (consult the http server documentation for details on that, it is of excellent quality and comes with great examples and details)
you may have to adjust a few details, for examples the matching pattern in RewriteRules which is applied to absolute paths in the static configuration but to relative paths in dynamic configuration files. Again this is clearly documented.

apache2 redirect not adding trailing /

Okay so I am having a little difficulty with my site, I created a sub-domain and it points to the correct folder /var/www/html/pathfinder/ but it does not create the trailing slash www.example.com
that causes an issue because then it attempts to load css files at www.example.comcss/file.css
I am using SSL and can't figure out what I have done wrong.
<IfModule mod_ssl.c>
<VirtualHost *:443>
DocumentRoot /var/www/html/pathfinder
ServerName www.subdomain.example.com
ServerAlias subdomain.example.com
<Directory /var/www/html/pathfinder/>
Options Indexes FollowSymLinks
AllowOverride All
</Directory>
ErrorLog ${APACHE_LOG_DIR}/error_1.log
CustomLog ${APACHE_LOG_DIR}/access_1.log combined
SSLCertificateFile /etc/letsencrypt/live/www.subdomain.example.com/fullchain.pem
SSLCertificateKeyFile /etc/letsencrypt/live/www.subdomain.example.com/privkey.pem
Include /etc/letsencrypt/options-ssl-apache.conf
</VirtualHost>
# vim: syntax=apache ts=4 sw=4 sts=4 sr noet
</IfModule>
# HTTPS over SSL version
# Information: https://github.com/exodus4d/pathfinder/wiki/Apache
# Enable rewrite engine and route requests to framework ===========================================
RewriteEngine On
# HTTP to HTTPS ===================================================================================
RewriteCond %{HTTPS} off
RewriteCond %{HTTP_HOST} !^[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}$
RewriteCond %{HTTP_HOST} !=localhost
# First rewrite to HTTPS:
# Don't put www. here. If it is already there it will be included, if not
# the subsequent rule will catch it.
RewriteRule .* https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]
# Rewrite NONE www. to force www. =================================================================
RewriteCond %{HTTP_HOST} !^www\.
# skip "localhost" (dev environment)...
RewriteCond %{HTTP_HOST} !=localhost
# skip IP calls (dev environment)
RewriteCond %{HTTP_HOST} !^[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}$
# rewrite everything else to "https://" and "www."
RewriteRule .* https://www.%{HTTP_HOST}%{REQUEST_URI} [L,R=301]
# Some servers require you to specify the `RewriteBase` directive
# In such cases, it should be the path (relative to the document root)
# containing this .htaccess file:
# RewriteBase /app/
# Protect system files ============================================================================
RewriteCond %{ENV:REDIRECT_STATUS} ^$
RewriteRule ^(lib|tmp)\/|\.(ini|php)$ - [R=404]
# Rewrite "everything" to index.php (dispatcher) ==================================================
RewriteCond %{REQUEST_FILENAME} !-l
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule .* index.php [L,QSA]
RewriteRule .* - [E=HTTP_AUTHORIZATION:%{HTTP:Authorization},L]
# PHP global Vars (can be set in php.ini as well,...) =============================================
php_value max_input_vars 5000
php_value suhosin.get.max_vars 5000
php_value suhosin.post.max_vars 5000
php_value suhosin.request.max_vars 5000
# Activate PHP error log ==========================================================================
php_flag log_errors on
# php_value error_log "/www/htdocs/www.pathfinder-w.space/logs/php_errors.log"
# Cache Header ====================================================================================
# You should not change anything in here!
# New versioned files come with a unique path (e.g. ../js/v1.0.0/..) to force client cache busting.
<ifmodule mod_expires.c>
# fonts
<Filesmatch "\.(eot|woff2|woff|ttf|ttf|svg)$">
ExpiresActive on
ExpiresDefault "access plus 1 month"
Header append Cache-Control "public"
</Filesmatch>
# images/vector graphics
<Filesmatch "\.(jpg|jpeg|png|gif|swf|ico|svg)$">
ExpiresActive on
ExpiresDefault "access plus 1 year"
Header append Cache-Control "public"
FileETag None
Header unset ETag
</Filesmatch>
# css
<Filesmatch "\.(css)$">
ExpiresActive on
ExpiresDefault "access plus 1 month"
</Filesmatch>
## js/source maps
<Filesmatch "\.(js|map)$">
ExpiresActive on
ExpiresDefault "access plus 1 year"
Header append Cache-Control "public"
FileETag None
Header unset ETag
</Filesmatch>
# html templates
<Filesmatch "\.(htm|html)$">
ExpiresActive on
ExpiresDefault "access plus 1 week"
</Filesmatch>
</ifmodule>

Bitrix CMS, Apach 2.4 (VertrigoServ) htaccess issue

I've been struggling whole day with that issue, but still have no clue, why it does not work. I deployed a website from hosting to local server to test/update purposes. Admin park works fine, main page works fine and directories and components work fine. But every component which relies on url -rewrite engine fails to work. It sends me to 404. For example I can look through /catalog/ directory but if I request /commodity/good/ I am sent to 404, so happens with news component etc. I've tried many variations of server config but result either the same either server error.
I reset my experiments to default config, it seems it has to work
<Directory />
Options FollowSymLinks
AllowOverride None
Require all denied
</Directory>
<Directory "C:\VertrigoServ\www">
Options Indexes FollowSymLinks Includes
AllowOverride All
Require all granted
</Directory>
And it seems it works, but in a strange manner. If I add Redirect instruction to .htaccess it performs that redirect. But Bitrix does not work properly anyway.
Here is what I left in main .htaccess file
Options -Indexes
ErrorDocument 404 /404.php
<IfModule mod_php5.c>
php_flag allow_call_time_pass_reference 1
php_flag session.use_trans_sid off
#php_value display_errors 1
#php_value mbstring.internal_encoding UTF-8
</IfModule>
<IfModule mod_rewrite.c>
Options +FollowSymLinks
RewriteEngine On
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-l
RewriteCond %{REQUEST_FILENAME} !-d
RewriteCond %{REQUEST_FILENAME} !/bitrix/urlrewrite.php$
RewriteRule ^(.*)$ /bitrix/urlrewrite.php [L]
RewriteRule .* - [E=REMOTE_USER:%{HTTP:Authorization}]
</IfModule>
<IfModule mod_dir.c>
DirectoryIndex index.php index.html
</IfModule>
<IfModule mod_expires.c>
ExpiresActive on
ExpiresByType image/jpeg "access plus 3 day"
ExpiresByType image/gif "access plus 3 day"
</IfModule>
If you faced similar issue please help me to find solution...

url to new format

Given below is my .htaccess file. It is not working on localhost apache (www is root directory on C:/apache/www) "url" is directory and I want output like this
http://localhost/url/index.php?username=shah
to
http://localhost/url/shah
I change windows host file 127.0.0.1 localhost
& also enable mod_rewrite in httpd.conf file & AllowOverride none to AllowOverride All
& root Directory to C:/apache/www
//==============================HTaccess==================================//
Options:
# -MultiViews: Turns off multiviews so it doesn't interfer with our rewrite rules
# -Indexes: Stop directory listings
# +FollowSymlinks: Let out rewrite rules work
Options -MultiViews -Indexes +FollowSymlinks
<IfModule mod_security.c>
# Turn off mod_security filtering.
# SecFilterEngine Off
# The below probably isn't needed, but better safe than sorry.
SecFilterScanPOST Off
</IfModule>
ErrorDocument 404 /url/404.php
<IfModule mod_php5.c>
php_value register_globals 0
php_value magic_quotes_gpc 0
php_value session.auto_start 0
php_value safe_mode 0
</IfModule>
<IfModule sapi_apache2.c>
php_value register_globals 0
php_value magic_quotes_gpc 0
php_value session.auto_start 0
php_value safe_mode 0
</IfModule>
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteBase /url/
RewriteRule ^([a-zA-Z0-9_-]+)$ index.php?username=$1
RewriteRule ^([a-zA-Z0-9_-]+)/$ index.php?username=$1
#RewriteRule ^view-content/([^/]*)/([^/]*)\.html$ content.php?pageid=$1&title=$2 [L]
</IfModule>
<IfModule mod_deflate.c>
AddOutputFilterByType DEFLATE application/x-javascript text/css text/html text/xml
</IfModule>
//==============================HTaccess==================================//
Please tell me what to do?

Try this:
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteBase /url/
RewriteCond %{QUERY_STRING} username\=(.*)
RewriteRule index\.php$ /url/%1
Hope this helps you... :)

If you really want to redirect a request of /url/index.php?username=shah externally to /url/shah, try this rule:
RewriteCond %{QUERY_STRING} ^(([^&]*&)*?)username=([^&]+)&*(.*)
RewriteRule ^index\.php$ /url/%3?%1%4 [L,R=301]
Otherwise, for the reverse direction:
RewriteCond $0 !=index.php
RewriteRule ^[^/]+$ index.php?username=$0 [L,QSA]

Apache: Deliver some urls from the file system, all others from Rails app

I want to host two different services on a Apache web server, reachable via the same domain: Some special URLs should go into the filesystem, all others should be handle by a Rails application.
Example:
http://mydomain.com/foo/123.txt
=> should deliver /var/www/special/foo/123.txt
http://mydomain.com/users
=> should go to Rails/Passenger
Here is my virtual host setup for the Rails app:
<VirtualHost *:80>
ServerName mydomain.com
ServerAlias *.mydomain.com
DocumentRoot /var/www/mydomain/current/public
<Directory /var/www/mydomain/current/public>
Options FollowSymLinks
AllowOverride None
Order allow,deny
Allow from all
ExpiresActive on
ExpiresDefault "access plus 1 year"
FileETag MTime Size
</Directory>
RewriteEngine On
# Check for maintenance file and redirect all requests
ErrorDocument 503 /system/maintenance.html
RewriteCond %{REQUEST_URI} !\.(css|gif|jpg|png)$
RewriteCond %{DOCUMENT_ROOT}/system/maintenance.html -f
RewriteCond %{SCRIPT_FILENAME} !maintenance.html
RewriteRule ^.*$ - [redirect=503,last]
# Rewrite index to check for static
RewriteRule ^/$ /index.html [QSA]
# Rewrite to check for Rails cached page
RewriteRule ^([^.]+)$ $1.html [QSA]
# Deflate
AddOutputFilterByType DEFLATE text/html text/plain text/css text/xml application/xml application/xhtml+xml text/javascript application/x-javascript
BrowserMatch ^Mozilla/4 gzip-only-text/html
BrowserMatch ^Mozilla/4.0[678] no-gzip
BrowserMatch \bMSIE !no-gzip !gzip-only-text/html
ErrorLog /var/log/apache2/mydomain.com-error_log
CustomLog /var/log/apache2/mydomain.com-access_log combined
</VirtualHost>
Somewhere in the middle a RewriteCond/RewiteRule should be added, so accessing http://mydomain.com/foo/123.txt does not go to the Rails app, but the filesystem instead.
For this I need help. It would by great if someone can can give me a hint.

Found the solution by myself:
RewriteCond %{REQUEST_URI} ^/foo/.*$
RewriteRule ^.*$ /var/www/special/foo%{REQUEST_URI}