diff --git a/Dockerfile b/Dockerfile
index 35553f4..1e90806 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -10,10 +10,11 @@ EXPOSE 8080
RUN microdnf install -y --nodocs httpd && microdnf clean all
RUN sed -i 's/Listen 80/Listen 8080/' /etc/httpd/conf/httpd.conf \
+ && sed -i 's/AllowOverride None/AllowOverride All/' /etc/httpd/conf/httpd.conf \
&& chgrp -R 0 /var/log/httpd /var/run/httpd \
&& chmod -R g=u /var/log/httpd /var/run/httpd
-ADD ./spaship.conf /etc/httpd/conf.d/
+ADD ./conf.d/ /etc/httpd/conf.d/
ADD ./index.html /usr/share/httpd/noindex/
USER 1001
diff --git a/conf.d/cache_expiration.conf b/conf.d/cache_expiration.conf
new file mode 100644
index 0000000..8a059b8
--- /dev/null
+++ b/conf.d/cache_expiration.conf
@@ -0,0 +1,120 @@
+# ----------------------------------------------------------------------
+# | Cache expiration |
+# ----------------------------------------------------------------------
+
+# Serve resources with far-future expiration date.
+#
+# (!) If you don't control versioning with filename-based
+# cache busting, you should consider lowering the cache times
+# to something like one week.
+#
+# https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Cache-Control
+# https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Expires
+# https://httpd.apache.org/docs/current/mod/mod_expires.html
+
+
+
+ ExpiresActive on
+ ExpiresDefault "access plus 1 month"
+
+ # CSS
+
+ ExpiresByType text/css "access plus 1 year"
+
+
+ # Data interchange
+
+ ExpiresByType application/atom+xml "access plus 1 hour"
+ ExpiresByType application/rdf+xml "access plus 1 hour"
+ ExpiresByType application/rss+xml "access plus 1 hour"
+
+ ExpiresByType application/json "access plus 0 seconds"
+ ExpiresByType application/ld+json "access plus 0 seconds"
+ ExpiresByType application/schema+json "access plus 0 seconds"
+ ExpiresByType application/geo+json "access plus 0 seconds"
+ ExpiresByType application/xml "access plus 0 seconds"
+ ExpiresByType text/calendar "access plus 0 seconds"
+ ExpiresByType text/xml "access plus 0 seconds"
+
+
+ # Favicon (cannot be renamed!) and cursor images
+
+ ExpiresByType image/vnd.microsoft.icon "access plus 1 week"
+ ExpiresByType image/x-icon "access plus 1 week"
+
+ # HTML
+
+ ExpiresByType text/html "access plus 0 seconds"
+
+
+ # JavaScript
+
+ ExpiresByType application/javascript "access plus 1 year"
+ ExpiresByType application/x-javascript "access plus 1 year"
+ ExpiresByType text/javascript "access plus 1 year"
+
+
+ # Manifest files
+
+ ExpiresByType application/manifest+json "access plus 1 week"
+ ExpiresByType application/x-web-app-manifest+json "access plus 0 seconds"
+ ExpiresByType text/cache-manifest "access plus 0 seconds"
+
+
+ # Markdown
+
+ ExpiresByType text/markdown "access plus 0 seconds"
+
+
+ # Media files
+
+ ExpiresByType audio/ogg "access plus 1 month"
+ ExpiresByType image/apng "access plus 1 month"
+ ExpiresByType image/bmp "access plus 1 month"
+ ExpiresByType image/gif "access plus 1 month"
+ ExpiresByType image/jpeg "access plus 1 month"
+ ExpiresByType image/png "access plus 1 month"
+ ExpiresByType image/svg+xml "access plus 1 month"
+ ExpiresByType image/webp "access plus 1 month"
+ ExpiresByType video/mp4 "access plus 1 month"
+ ExpiresByType video/ogg "access plus 1 month"
+ ExpiresByType video/webm "access plus 1 month"
+
+
+ # WebAssembly
+
+ ExpiresByType application/wasm "access plus 1 year"
+
+
+ # Web fonts
+
+ # Collection
+ ExpiresByType font/collection "access plus 1 month"
+
+ # Embedded OpenType (EOT)
+ ExpiresByType application/vnd.ms-fontobject "access plus 1 month"
+ ExpiresByType font/eot "access plus 1 month"
+
+ # OpenType
+ ExpiresByType font/opentype "access plus 1 month"
+ ExpiresByType font/otf "access plus 1 month"
+
+ # TrueType
+ ExpiresByType application/x-font-ttf "access plus 1 month"
+ ExpiresByType font/ttf "access plus 1 month"
+
+ # Web Open Font Format (WOFF) 1.0
+ ExpiresByType application/font-woff "access plus 1 month"
+ ExpiresByType application/x-font-woff "access plus 1 month"
+ ExpiresByType font/woff "access plus 1 month"
+
+ # Web Open Font Format (WOFF) 2.0
+ ExpiresByType application/font-woff2 "access plus 1 month"
+ ExpiresByType font/woff2 "access plus 1 month"
+
+
+ # Other
+
+ ExpiresByType text/x-cross-domain-policy "access plus 1 week"
+
+
diff --git a/conf.d/compression.conf b/conf.d/compression.conf
new file mode 100644
index 0000000..91a9b68
--- /dev/null
+++ b/conf.d/compression.conf
@@ -0,0 +1,85 @@
+# ----------------------------------------------------------------------
+# | Compression |
+# ----------------------------------------------------------------------
+
+
+
+ # Force compression for mangled `Accept-Encoding` request headers
+ #
+ # https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Accept-Encoding
+ # https://calendar.perfplanet.com/2010/pushing-beyond-gzipping/
+
+
+
+ SetEnvIfNoCase ^(Accept-EncodXng|X-cept-Encoding|X{15}|~{15}|-{15})$ ^((gzip|deflate)\s*,?\s*)+|[X~-]{4,13}$ HAVE_Accept-Encoding
+ RequestHeader append Accept-Encoding "gzip,deflate" env=HAVE_Accept-Encoding
+
+
+
+ # - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
+
+ # Compress all output labeled with one of the following media types.
+ #
+ # https://httpd.apache.org/docs/current/mod/mod_filter.html#addoutputfilterbytype
+
+
+ AddOutputFilterByType DEFLATE "application/atom+xml" \
+ "application/javascript" \
+ "application/json" \
+ "application/ld+json" \
+ "application/manifest+json" \
+ "application/rdf+xml" \
+ "application/rss+xml" \
+ "application/schema+json" \
+ "application/geo+json" \
+ "application/vnd.ms-fontobject" \
+ "application/wasm" \
+ "application/x-font-ttf" \
+ "application/x-javascript" \
+ "application/x-web-app-manifest+json" \
+ "application/xhtml+xml" \
+ "application/xml" \
+ "font/eot" \
+ "font/opentype" \
+ "font/otf" \
+ "font/ttf" \
+ "image/bmp" \
+ "image/svg+xml" \
+ "image/vnd.microsoft.icon" \
+ "text/cache-manifest" \
+ "text/calendar" \
+ "text/css" \
+ "text/html" \
+ "text/javascript" \
+ "text/plain" \
+ "text/markdown" \
+ "text/vcard" \
+ "text/vnd.rim.location.xloc" \
+ "text/vtt" \
+ "text/x-component" \
+ "text/x-cross-domain-policy" \
+ "text/xml"
+
+
+
+ # - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
+
+ # Map the following filename extensions to the specified
+ # encoding type in order to make Apache serve the file types
+ # with the appropriate `Content-Encoding` response header
+ # (do note that this will NOT make Apache compress them!).
+ #
+ # If these files types would be served without an appropriate
+ # `Content-Enable` response header, client applications (e.g.:
+ # browsers) wouldn't know that they first need to uncompress
+ # the response, and thus, wouldn't be able to understand the
+ # content.
+ #
+ # https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Encoding
+ # https://httpd.apache.org/docs/current/mod/mod_mime.html#addencoding
+
+
+ AddEncoding gzip svgz
+
+
+
diff --git a/conf.d/etag.conf b/conf.d/etag.conf
new file mode 100644
index 0000000..4bd1683
--- /dev/null
+++ b/conf.d/etag.conf
@@ -0,0 +1,16 @@
+# ----------------------------------------------------------------------
+# | ETags |
+# ----------------------------------------------------------------------
+
+# Remove `ETags` as resources are sent with far-future expires headers.
+#
+# https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/ETag
+# https://developer.yahoo.com/performance/rules.html#etags
+# https://tools.ietf.org/html/rfc7232#section-2.3
+
+# `FileETag None` doesn't work in all cases.
+
+ Header unset ETag
+
+
+FileETag None
diff --git a/conf.d/file_access.conf b/conf.d/file_access.conf
new file mode 100644
index 0000000..b260f43
--- /dev/null
+++ b/conf.d/file_access.conf
@@ -0,0 +1,60 @@
+# ----------------------------------------------------------------------
+# | File access |
+# ----------------------------------------------------------------------
+
+# Block access to directories without a default document.
+#
+# You should leave the following uncommented, as you shouldn't allow
+# anyone to surf through every directory on your server (which may
+# includes rather private places such as the CMS's directories).
+
+
+ Options -Indexes
+
+
+# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
+
+# Block access to all hidden files and directories with the exception of
+# the visible content from within the `/.well-known/` hidden directory.
+#
+# These types of files usually contain user preferences or the preserved
+# state of an utility, and can include rather private places like, for
+# example, the `.git` or `.svn` directories.
+#
+# The `/.well-known/` directory represents the standard (RFC 5785) path
+# prefix for "well-known locations" (e.g.: `/.well-known/manifest.json`,
+# `/.well-known/keybase.txt`), and therefore, access to its visible
+# content should not be blocked.
+#
+# https://www.mnot.net/blog/2010/04/07/well-known
+# https://tools.ietf.org/html/rfc5785
+
+
+ RewriteEngine On
+ RewriteCond %{REQUEST_URI} "!(^|/)\.well-known/([^./]+./?)+$" [NC]
+ RewriteCond %{SCRIPT_FILENAME} -d [OR]
+ RewriteCond %{SCRIPT_FILENAME} -f
+ RewriteRule "(^|/)\." - [F]
+
+
+# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
+
+# Block access to files that can expose sensitive information.
+#
+# By default, block access to backup and source files that may be
+# left by some text editors and can pose a security risk when anyone
+# has access to them.
+#
+# https://feross.org/cmsploit/
+#
+# (!) Update the `` regular expression from below to
+# include any files that might end up on your production server and
+# can expose sensitive information about your website. These files may
+# include: configuration files, files that contain metadata about the
+# project (e.g.: project dependencies), build scripts, etc..
+
+
+
+ Require all denied
+
+
diff --git a/spaship.conf b/conf.d/include.conf
similarity index 60%
rename from spaship.conf
rename to conf.d/include.conf
index 68b7a6a..764186a 100644
--- a/spaship.conf
+++ b/conf.d/include.conf
@@ -1,4 +1,4 @@
-
+
AddOutputFilter INCLUDES .html
Options +Includes
-
\ No newline at end of file
+
diff --git a/conf.d/x-ua-compatible.conf b/conf.d/x-ua-compatible.conf
new file mode 100644
index 0000000..ed894f5
--- /dev/null
+++ b/conf.d/x-ua-compatible.conf
@@ -0,0 +1,21 @@
+# ----------------------------------------------------------------------
+# | Document modes |
+# ----------------------------------------------------------------------
+
+# Force Internet Explorer 8/9/10 to render pages in the highest mode
+# available in the various cases when it may not.
+#
+# https://hsivonen.fi/doctype/#ie8
+#
+# (!) Starting with Internet Explorer 11, document modes are deprecated.
+# If your business still relies on older web apps and services that were
+# designed for older versions of Internet Explorer, you might want to
+# consider enabling `Enterprise Mode` throughout your company.
+#
+# https://msdn.microsoft.com/en-us/library/ie/bg182625.aspx#docmode
+# https://blogs.msdn.microsoft.com/ie/2014/04/02/stay-up-to-date-with-enterprise-mode-for-internet-explorer-11/
+# https://msdn.microsoft.com/en-us/library/ff955275.aspx
+
+
+ Header set X-UA-Compatible "IE=edge" "expr=%{CONTENT_TYPE} =~ m#text/html#i"
+