This architecture includes an
app/.htaccess file that does many things for you:
- Redirect all traffic to HTTPS because ServiceWorker only works for encrypted traffic.
- Rewrite all pages (e.g.
react-routertake care of presenting the correct page.
- Ensure that sw.js is not cached. This is required for updates to be downloaded in offline-first mode.
- Ensure all the other files has an expiration cache.
- Ensure all the compressed content are handling correctly
Note: For performance reasons you should probably adapt this to run as a static
.conffile (typically under
/etc/apache2/sites-enabledor similar) so that your server doesn't have to apply these rules dynamically per request)
You can add any other part of configuration you want, if are confident with web server.
.htaccess can only provide security by redirecting HTTP to HTTPS
Note: For a detailed security configuration in apache httpd, a
.conffile is necessary. You can use Mozilla's TLS Configurator to get some examples.