inventory/docker/apache.conf

<VirtualHost *:80>
    ServerName localhost
    DocumentRoot /var/www/html/frontend/dist

    # Serve Vue.js frontend (SPA)
    <Directory /var/www/html/frontend/dist>
        AllowOverride All
        Require all granted
        
        # Handle Vue.js routing - redirect all non-file requests to index.html
        RewriteEngine On
        RewriteCond %{REQUEST_FILENAME} !-f
        RewriteCond %{REQUEST_FILENAME} !-d
        RewriteRule . /index.html [L]
    </Directory>

    # Handle PHP API endpoints
    <Directory "/var/www/html/api">
        AllowOverride All
        Require all granted
        Options -Indexes
    </Directory>

    # Enable CORS for API endpoints
    <Directory "/var/www/html/api">
        # Set CORS headers based on origin
        SetEnvIfNoCase Origin "^https://inventory\.valavuo\.net$" CORS_ALLOW_ORIGIN
        SetEnvIfNoCase Origin "^http://localhost(:[0-9]+)?$" CORS_ALLOW_ORIGIN
        SetEnvIfNoCase Origin "^http://127\.0\.0\.1(:[0-9]+)?$" CORS_ALLOW_ORIGIN
        
        Header set Access-Control-Allow-Origin "%{CORS_ALLOW_ORIGIN}e" env=CORS_ALLOW_ORIGIN
        Header set Access-Control-Allow-Methods "GET, POST, PUT, DELETE, OPTIONS"
        Header set Access-Control-Allow-Headers "Content-Type, Authorization, X-Requested-With"
        Header set Access-Control-Allow-Credentials "true"
        
        # Fallback for development
        Header set Access-Control-Allow-Origin "*" env=!CORS_ALLOW_ORIGIN
    </Directory>

    # Handle OPTIONS requests for CORS
    <FilesMatch "\.php$">
        SetEnvIf Request_Method "OPTIONS" CORs
    </FilesMatch>

    <IfModule mod_headers.c>
        # Dynamic CORS based on origin
        SetEnvIfNoCase Origin "^https://inventory\.valavuo\.net$" CORS_ALLOW_ORIGIN
        SetEnvIfNoCase Origin "^http://localhost(:[0-9]+)?$" CORS_ALLOW_ORIGIN
        SetEnvIfNoCase Origin "^http://127\.0\.0\.1(:[0-9]+)?$" CORS_ALLOW_ORIGIN
        
        Header always set Access-Control-Allow-Origin "%{CORS_ALLOW_ORIGIN}e" env=CORS_ALLOW_ORIGIN
        Header always set Access-Control-Allow-Methods "GET, POST, PUT, DELETE, OPTIONS" env=CORs
        Header always set Access-Control-Allow-Headers "Content-Type, Authorization, X-Requested-With" env=CORs
        Header always set Access-Control-Allow-Credentials "true" env=CORs
        
        # Fallback for development
        Header always set Access-Control-Allow-Origin "*" env=!CORS_ALLOW_ORIGIN
    </IfModule>

    # API endpoint routing
    Alias /api /var/www/html/api
    
    # Handle uploads directory
    Alias /uploads /var/www/html/uploads
    <Directory "/var/www/html/uploads">
        AllowOverride All
        Require all granted
        Options -Indexes
        
        # Set CORS headers based on origin
        SetEnvIfNoCase Origin "^https://inventory\.valavuo\.net$" CORS_ALLOW_ORIGIN
        SetEnvIfNoCase Origin "^http://localhost(:[0-9]+)?$" CORS_ALLOW_ORIGIN
        SetEnvIfNoCase Origin "^http://127\.0\.0\.1(:[0-9]+)?$" CORS_ALLOW_ORIGIN
        
        Header set Access-Control-Allow-Origin "%{CORS_ALLOW_ORIGIN}e" env=CORS_ALLOW_ORIGIN
        Header set Access-Control-Allow-Methods "GET, HEAD, OPTIONS"
        Header set Access-Control-Allow-Headers "Content-Type, Authorization, X-Requested-With"
        Header set Access-Control-Allow-Credentials "true"
        
        # Fallback for development
        Header set Access-Control-Allow-Origin "*" env=!CORS_ALLOW_ORIGIN
    </Directory>

    ErrorLog ${APACHE_LOG_DIR}/error.log
    CustomLog ${APACHE_LOG_DIR}/access.log combined
</VirtualHost>