# disable directory index
Options All -Indexes

# HSTS header
Header always set Strict-Transport-Security "max-age=31536000; includeSubDomains; preload" env=HTTPS

RewriteEngine on

# HTTP -> HTTPS
RewriteCond %{HTTPS} off [NC]
RewriteRule ^.*$ https://%{HTTP_HOST}%{REQUEST_URI}

# WWW -> non-WWW
RewriteCond %{HTTP_HOST} ^www\.(.*)$ [NC]
RewriteRule ^.*$ https://%1%{REQUEST_URI} [L,R=308]

# deny access to dotfiles
<FilesMatch "^\.">
        Require all denied
</FilesMatch>