70 lines
2.3 KiB
Plaintext
70 lines
2.3 KiB
Plaintext
|
#
|
||
|
# this is an example nginx config for zammad with free letsencrypt.org ssl certificates
|
||
|
# replace all occurrences of example.com with your domain
|
||
|
# when creating letsencrypt certificates the first time comment out the https parts in the config or nginx will not start
|
||
|
# create letsencrypt certificate by: /usr/bin/letsencrypt certonly --rsa-key-size 4096 --duplicate --text --webroot-path /var/www/html/ --webroot -d example.com -d www.example.com
|
||
|
# create dhparam.pem by: openssl dhparam -out /etc/ssl/dhparam.pem 4096
|
||
|
# download x3 certificate by: wget -q https://letsencrypt.org/certs/lets-encrypt-x3-cross-signed.pem -P /etc/ssl
|
||
|
# you can test your ssl configuration @ https://www.ssllabs.com/ssltest/analyze.html
|
||
|
#
|
||
|
|
||
|
#
|
||
|
# this is the apache config for zammad
|
||
|
#
|
||
|
|
||
|
<VirtualHost *:80>
|
||
|
# replace 'localhost' with your fqdn if you want to use zammad from remote
|
||
|
ServerName your.domain.name
|
||
|
Redirect permanent / https://your.domain.name
|
||
|
</VirtualHost>
|
||
|
|
||
|
<VirtualHost *:443>
|
||
|
SSLEngine on
|
||
|
SSLProtocol all -SSLv2 -SSLv3
|
||
|
SSLCipherSuite EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH
|
||
|
SSLCertificateFile /etc/letsencrypt/live/your.domain.name/cert.pem
|
||
|
SSLCertificateKeyFile /etc/letsencrypt/live/your.domain.name/privkey.pem
|
||
|
SSLCertificateChainFile /etc/letsencrypt/live/your.domain.name/chain.pem
|
||
|
|
||
|
SSLOpenSSLConfCmd DHParameters /etc/ssl/dhparam.pem
|
||
|
SSLCertificateChainFile /etc/ssl/lets-encrypt-x3-cross-signed.pem
|
||
|
|
||
|
# replace 'localhost' with your fqdn if you want to use zammad from remote
|
||
|
ServerName localhost
|
||
|
|
||
|
## don't loose time with IP address lookups
|
||
|
HostnameLookups Off
|
||
|
|
||
|
## needed for named virtual hosts
|
||
|
UseCanonicalName Off
|
||
|
|
||
|
## configures the footer on server-generated documents
|
||
|
ServerSignature Off
|
||
|
|
||
|
ProxyRequests Off
|
||
|
ProxyPreserveHost On
|
||
|
|
||
|
<Proxy localhost:3000>
|
||
|
Require local
|
||
|
</Proxy>
|
||
|
|
||
|
ProxyPass /assets !
|
||
|
ProxyPass /favicon.ico !
|
||
|
ProxyPass /robots.txt !
|
||
|
ProxyPass /ws ws://localhost:6042/
|
||
|
ProxyPass / http://localhost:3000/
|
||
|
|
||
|
DocumentRoot "/opt/zammad/public"
|
||
|
|
||
|
<Directory />
|
||
|
Options FollowSymLinks
|
||
|
AllowOverride None
|
||
|
</Directory>
|
||
|
|
||
|
<Directory "/opt/zammad/public">
|
||
|
Options FollowSymLinks
|
||
|
Require all granted
|
||
|
</Directory>
|
||
|
|
||
|
</VirtualHost>
|