trabajo-afectivo/contrib/apache2/zammad_ssl.conf

#
# this is an example nginx config for zammad with free letsencrypt.org ssl certificates
# replace all occurrences of example.com with your domain
# when creating letsencrypt certificates the first time comment out the https parts in the config or nginx will not start
# create letsencrypt certificate by: /usr/bin/letsencrypt certonly --rsa-key-size 4096 --duplicate --text --webroot-path /var/www/html/ --webroot -d example.com -d www.example.com
# create dhparam.pem by: openssl dhparam -out /etc/ssl/dhparam.pem 4096
# download x3 certificate by: wget -q https://letsencrypt.org/certs/lets-encrypt-x3-cross-signed.pem -P /etc/ssl
# you can test your ssl configuration @ https://www.ssllabs.com/ssltest/analyze.html
#

#
# this is the apache config for zammad
#

<VirtualHost *:80>
    # replace 'localhost' with your fqdn if you want to use zammad from remote
    ServerName your.domain.name
    Redirect permanent / https://your.domain.name
</VirtualHost>

<VirtualHost *:443>
    SSLEngine on
    SSLProtocol all -SSLv2 -SSLv3
    SSLCipherSuite EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH
    SSLCertificateFile /etc/letsencrypt/live/your.domain.name/cert.pem
    SSLCertificateKeyFile /etc/letsencrypt/live/your.domain.name/privkey.pem
    SSLCertificateChainFile /etc/letsencrypt/live/your.domain.name/chain.pem

    SSLOpenSSLConfCmd DHParameters /etc/ssl/dhparam.pem
    SSLCertificateChainFile /etc/ssl/lets-encrypt-x3-cross-signed.pem

    # replace 'localhost' with your fqdn if you want to use zammad from remote
    ServerName localhost

    ## don't loose time with IP address lookups
    HostnameLookups Off

    ## needed for named virtual hosts
    UseCanonicalName Off

    ## configures the footer on server-generated documents
    ServerSignature Off

    ProxyRequests Off
    ProxyPreserveHost On

    <Proxy localhost:3000>
      Require local
    </Proxy>

    ProxyPass /assets !
    ProxyPass /favicon.ico !
    ProxyPass /robots.txt !
    ProxyPass /ws ws://localhost:6042/
    ProxyPass / http://localhost:3000/

    DocumentRoot "/opt/zammad/public"

    <Directory />
        Options FollowSymLinks
        AllowOverride None
    </Directory>

    <Directory "/opt/zammad/public">
        Options FollowSymLinks
	      Require all granted
    </Directory>

</VirtualHost>
added apache ssl config example 2017-12-22 13:48:36 +00:00			`#`
			`# this is an example nginx config for zammad with free letsencrypt.org ssl certificates`
			`# replace all occurrences of example.com with your domain`
			`# when creating letsencrypt certificates the first time comment out the https parts in the config or nginx will not start`
			`# create letsencrypt certificate by: /usr/bin/letsencrypt certonly --rsa-key-size 4096 --duplicate --text --webroot-path /var/www/html/ --webroot -d example.com -d www.example.com`
			`# create dhparam.pem by: openssl dhparam -out /etc/ssl/dhparam.pem 4096`
			`# download x3 certificate by: wget -q https://letsencrypt.org/certs/lets-encrypt-x3-cross-signed.pem -P /etc/ssl`
			`# you can test your ssl configuration @ https://www.ssllabs.com/ssltest/analyze.html`
			`#`

			`#`
			`# this is the apache config for zammad`
			`#`

			`<VirtualHost *:80>`
			`# replace 'localhost' with your fqdn if you want to use zammad from remote`
			`ServerName your.domain.name`
			`Redirect permanent / https://your.domain.name`
			`</VirtualHost>`

			`<VirtualHost *:443>`
			`SSLEngine on`
			`SSLProtocol all -SSLv2 -SSLv3`
			`SSLCipherSuite EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH`
			`SSLCertificateFile /etc/letsencrypt/live/your.domain.name/cert.pem`
			`SSLCertificateKeyFile /etc/letsencrypt/live/your.domain.name/privkey.pem`
			`SSLCertificateChainFile /etc/letsencrypt/live/your.domain.name/chain.pem`

			`SSLOpenSSLConfCmd DHParameters /etc/ssl/dhparam.pem`
			`SSLCertificateChainFile /etc/ssl/lets-encrypt-x3-cross-signed.pem`

			`# replace 'localhost' with your fqdn if you want to use zammad from remote`
			`ServerName localhost`

			`## don't loose time with IP address lookups`
			`HostnameLookups Off`

			`## needed for named virtual hosts`
			`UseCanonicalName Off`

			`## configures the footer on server-generated documents`
			`ServerSignature Off`

			`ProxyRequests Off`
			`ProxyPreserveHost On`

			`<Proxy localhost:3000>`
			`Require local`
			`</Proxy>`

			`ProxyPass /assets !`
			`ProxyPass /favicon.ico !`
			`ProxyPass /robots.txt !`
			`ProxyPass /ws ws://localhost:6042/`
			`ProxyPass / http://localhost:3000/`

			`DocumentRoot "/opt/zammad/public"`

			`<Directory />`
			`Options FollowSymLinks`
			`AllowOverride None`
			`</Directory>`

			`<Directory "/opt/zammad/public">`
			`Options FollowSymLinks`
			`Require all granted`
			`</Directory>`

			`</VirtualHost>`