2017-12-22 13:48:36 +00:00
|
|
|
#
|
2017-12-22 15:51:31 +00:00
|
|
|
# this is an example apache 2.4 config for zammad with free letsencrypt.org ssl certificates
|
2017-12-22 13:48:36 +00:00
|
|
|
# replace all occurrences of example.com with your domain
|
2017-12-22 15:51:31 +00:00
|
|
|
# create letsencrypt certificate by: certbot certonly --webroot -w /var/www/html -d www.example.com
|
2017-12-22 13:48:36 +00:00
|
|
|
# create dhparam.pem by: openssl dhparam -out /etc/ssl/dhparam.pem 4096
|
|
|
|
# download x3 certificate by: wget -q https://letsencrypt.org/certs/lets-encrypt-x3-cross-signed.pem -P /etc/ssl
|
|
|
|
# you can test your ssl configuration @ https://www.ssllabs.com/ssltest/analyze.html
|
|
|
|
#
|
|
|
|
|
|
|
|
<VirtualHost *:80>
|
2017-12-22 15:51:31 +00:00
|
|
|
ServerName example.com
|
|
|
|
Redirect permanent / https://example.com
|
2017-12-22 13:48:36 +00:00
|
|
|
</VirtualHost>
|
|
|
|
|
|
|
|
<VirtualHost *:443>
|
|
|
|
SSLEngine on
|
|
|
|
SSLProtocol all -SSLv2 -SSLv3
|
|
|
|
SSLCipherSuite EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH
|
|
|
|
|
2017-12-22 15:51:31 +00:00
|
|
|
SSLCertificateFile /etc/letsencrypt/live/example.com-0000/fullchain.pem
|
|
|
|
SSLCertificateKeyFile /etc/letsencrypt/live/example.com-0000/privkey.pem
|
2017-12-22 13:48:36 +00:00
|
|
|
SSLCertificateChainFile /etc/ssl/lets-encrypt-x3-cross-signed.pem
|
2017-12-22 15:51:31 +00:00
|
|
|
SSLOpenSSLConfCmd DHParameters /etc/ssl/dhparam.pem
|
2017-12-22 13:48:36 +00:00
|
|
|
|
|
|
|
# replace 'localhost' with your fqdn if you want to use zammad from remote
|
|
|
|
ServerName localhost
|
|
|
|
|
|
|
|
## don't loose time with IP address lookups
|
|
|
|
HostnameLookups Off
|
|
|
|
|
|
|
|
## needed for named virtual hosts
|
|
|
|
UseCanonicalName Off
|
|
|
|
|
|
|
|
## configures the footer on server-generated documents
|
|
|
|
ServerSignature Off
|
|
|
|
|
|
|
|
ProxyRequests Off
|
|
|
|
ProxyPreserveHost On
|
|
|
|
|
|
|
|
<Proxy localhost:3000>
|
|
|
|
Require local
|
|
|
|
</Proxy>
|
|
|
|
|
|
|
|
ProxyPass /assets !
|
|
|
|
ProxyPass /favicon.ico !
|
|
|
|
ProxyPass /robots.txt !
|
|
|
|
ProxyPass /ws ws://localhost:6042/
|
|
|
|
ProxyPass / http://localhost:3000/
|
2018-04-12 10:20:32 +00:00
|
|
|
|
|
|
|
# Use settings below if proxying does not work and you receive HTTP-Errror 404
|
|
|
|
# if you use the settings below, make sure to comment out the above two options
|
|
|
|
# This may not apply to all systems, applies to openSuse
|
|
|
|
#ProxyPass /ws ws://localhost:6042/ "retry=1 acque=3000 timeout=600 keepalive=On"
|
|
|
|
#ProxyPass / http://localhost:3000/ "retry=1 acque=3000 timeout=600 keepalive=On"
|
2017-12-22 13:48:36 +00:00
|
|
|
|
|
|
|
DocumentRoot "/opt/zammad/public"
|
|
|
|
|
|
|
|
<Directory />
|
|
|
|
Options FollowSymLinks
|
|
|
|
AllowOverride None
|
|
|
|
</Directory>
|
|
|
|
|
|
|
|
<Directory "/opt/zammad/public">
|
|
|
|
Options FollowSymLinks
|
|
|
|
Require all granted
|
|
|
|
</Directory>
|
|
|
|
</VirtualHost>
|