From ef77da97f47231d69c911b88f1437fabe5a06cda Mon Sep 17 00:00:00 2001
From: mwpn <mwpn@example.com>
Date: Wed, 17 Dec 2025 11:00:21 +0700
Subject: [PATCH] docs: Add nginx configuration dan fix 404 routing issue

---
 .htaccess          | 41 ++++++++++++++++++++++++++++++
 DEPLOYMENT.md      | 18 ++++++++++---
 nginx.conf.example | 63 ++++++++++++++++++++++++++++++++++++++++++++++
 3 files changed, 118 insertions(+), 4 deletions(-)
 create mode 100644 .htaccess
 create mode 100644 nginx.conf.example

diff --git a/.htaccess b/.htaccess
new file mode 100644
index 0000000..148dd4d
--- /dev/null
+++ b/.htaccess
@@ -0,0 +1,41 @@
+# Apache .htaccess untuk Slim Framework 4
+# Jika menggunakan Apache (bukan nginx)
+
+<IfModule mod_rewrite.c>
+    RewriteEngine On
+    
+    # Redirect to HTTPS (optional)
+    # RewriteCond %{HTTPS} off
+    # RewriteRule ^(.*)$ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]
+    
+    # Handle Authorization Header
+    RewriteCond %{HTTP:Authorization} .
+    RewriteRule .* - [E=HTTP_AUTHORIZATION:%{HTTP:Authorization}]
+    
+    # Redirect Trailing Slashes
+    RewriteCond %{REQUEST_FILENAME} !-d
+    RewriteCond %{REQUEST_URI} (.+)/$
+    RewriteRule ^ %1 [L,R=301]
+    
+    # Send Requests To Front Controller
+    RewriteCond %{REQUEST_FILENAME} !-d
+    RewriteCond %{REQUEST_FILENAME} !-f
+    RewriteRule ^ index.php [L]
+</IfModule>
+
+# Security
+<IfModule mod_headers.c>
+    Header set X-Frame-Options "SAMEORIGIN"
+    Header set X-Content-Type-Options "nosniff"
+    Header set X-XSS-Protection "1; mode=block"
+</IfModule>
+
+# Disable directory browsing
+Options -Indexes
+
+# Protect .env file
+<FilesMatch "^\.env">
+    Order allow,deny
+    Deny from all
+</FilesMatch>
+
diff --git a/DEPLOYMENT.md b/DEPLOYMENT.md
index 1669f0a..e809222 100644
--- a/DEPLOYMENT.md
+++ b/DEPLOYMENT.md
@@ -5,6 +5,7 @@
 **Vendor folder TIDAK di-commit ke git repository!**
 
 Setiap kali deploy atau pull code baru, **WAJIB** jalankan:
+
 ```bash
 composer install --no-dev --optimize-autoloader
 ```
@@ -64,11 +65,13 @@ composer dump-autoload --optimize
 ### 3. Setup aaPanel
 
 1. **Create Website**:
+
    - Domain: `api.btekno.cloud`
    - DocumentRoot: `/www/wwwroot/api.btekno.cloud/api/public`
    - PHP Version: 8.2 atau 8.3
 
 2. **PHP Settings**:
+
    - Enable `extension=pdo_mysql`
    - Enable `extension=mbstring`
    - Memory limit: 256M (minimum)
@@ -101,6 +104,7 @@ RETRIBUSI_API_KEY=generate-secure-api-key-here
 ```
 
 **Generate secure keys:**
+
 ```bash
 # JWT Secret (min 32 characters)
 openssl rand -base64 32
@@ -138,26 +142,33 @@ curl https://api.btekno.cloud/health
 ## 🐛 Common Issues
 
 ### Error: vendor/autoload.php not found
+
 **Cause**: Vendor folder belum di-install  
-**Solution**: 
+**Solution**:
+
 ```bash
 cd /www/wwwroot/api.btekno.cloud/api
 composer install --no-dev --optimize-autoloader
 ```
 
 ### Error: Database connection failed
+
 **Cause**: Database config salah di `.env`  
-**Solution**: 
+**Solution**:
+
 - Cek `DB_HOST`, `DB_NAME`, `DB_USER`, `DB_PASS` di `.env`
 - Test koneksi: `mysql -u sql_retribusi -p sql_retribusi`
 
 ### Error: JWT secret not set
+
 **Cause**: `JWT_SECRET` kosong di `.env`  
 **Solution**: Generate dan set JWT_SECRET di `.env`
 
 ### Error: Permission denied
+
 **Cause**: File permission salah  
-**Solution**: 
+**Solution**:
+
 ```bash
 chown -R www:www /www/wwwroot/api.btekno.cloud/api
 chmod -R 755 /www/wwwroot/api.btekno.cloud/api
@@ -186,4 +197,3 @@ composer install --no-dev --optimize-autoloader
 # 3. Test endpoint
 curl https://api.btekno.cloud/health
 ```
-
diff --git a/nginx.conf.example b/nginx.conf.example
new file mode 100644
index 0000000..a6c8168
--- /dev/null
+++ b/nginx.conf.example
@@ -0,0 +1,63 @@
+# Nginx Configuration untuk Slim Framework 4
+# Copy ke: /www/server/panel/vhost/nginx/api.btekno.cloud.conf
+# Atau setup via aaPanel: Website -> api.btekno.cloud -> Settings -> Configuration
+
+server {
+    listen 80;
+    listen 443 ssl http2;
+    server_name api.btekno.cloud;
+    
+    # SSL Configuration (setup via aaPanel)
+    # ssl_certificate /path/to/cert;
+    # ssl_certificate_key /path/to/key;
+    
+    # Document Root - PENTING: harus ke folder public/
+    root /www/wwwroot/api.btekno.cloud/api/public;
+    index index.php index.html;
+    
+    # Logs
+    access_log /www/wwwlogs/api.btekno.cloud.log;
+    error_log /www/wwwlogs/api.btekno.cloud.error.log;
+    
+    # Disable access to hidden files
+    location ~ /\. {
+        deny all;
+        access_log off;
+        log_not_found off;
+    }
+    
+    # Main location block
+    location / {
+        try_files $uri $uri/ /index.php?$query_string;
+    }
+    
+    # PHP-FPM configuration
+    location ~ \.php$ {
+        try_files $uri =404;
+        fastcgi_split_path_info ^(.+\.php)(/.+)$;
+        fastcgi_pass unix:/tmp/php-cgi-83.sock;  # Sesuaikan dengan PHP version
+        fastcgi_index index.php;
+        fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
+        include fastcgi_params;
+        
+        # Disable buffering for SSE
+        fastcgi_buffering off;
+    }
+    
+    # Disable PHP execution in uploads
+    location ~* /uploads/.*\.php$ {
+        deny all;
+    }
+    
+    # Security headers
+    add_header X-Frame-Options "SAMEORIGIN" always;
+    add_header X-Content-Type-Options "nosniff" always;
+    add_header X-XSS-Protection "1; mode=block" always;
+    
+    # Gzip compression
+    gzip on;
+    gzip_vary on;
+    gzip_min_length 1024;
+    gzip_types text/plain text/css text/xml text/javascript application/json application/javascript application/xml+rss;
+}
+