added apache ssl config example
This commit is contained in:
André Bauer
parent
6a288edc3f
commit
4a0a3abd0a
1 changed files with 69 additions and 0 deletions
69
contrib/apache2/zammad_ssl.conf
Normal file
69
contrib/apache2/zammad_ssl.conf
Normal file
|
|
@ -0,0 +1,69 @@
|
|||
#
|
||||
# this is an example nginx config for zammad with free letsencrypt.org ssl certificates
|
||||
# replace all occurrences of example.com with your domain
|
||||
# when creating letsencrypt certificates the first time comment out the https parts in the config or nginx will not start
|
||||
# create letsencrypt certificate by: /usr/bin/letsencrypt certonly --rsa-key-size 4096 --duplicate --text --webroot-path /var/www/html/ --webroot -d example.com -d www.example.com
|
||||
# create dhparam.pem by: openssl dhparam -out /etc/ssl/dhparam.pem 4096
|
||||
# download x3 certificate by: wget -q https://letsencrypt.org/certs/lets-encrypt-x3-cross-signed.pem -P /etc/ssl
|
||||
# you can test your ssl configuration @ https://www.ssllabs.com/ssltest/analyze.html
|
||||
#
|
||||
|
||||
#
|
||||
# this is the apache config for zammad
|
||||
#
|
||||
|
||||
<VirtualHost *:80>
|
||||
# replace 'localhost' with your fqdn if you want to use zammad from remote
|
||||
ServerName your.domain.name
|
||||
Redirect permanent / https://your.domain.name
|
||||
</VirtualHost>
|
||||
|
||||
<VirtualHost *:443>
|
||||
SSLEngine on
|
||||
SSLProtocol all -SSLv2 -SSLv3
|
||||
SSLCipherSuite EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH
|
||||
SSLCertificateFile /etc/letsencrypt/live/your.domain.name/cert.pem
|
||||
SSLCertificateKeyFile /etc/letsencrypt/live/your.domain.name/privkey.pem
|
||||
SSLCertificateChainFile /etc/letsencrypt/live/your.domain.name/chain.pem
|
||||
|
||||
SSLOpenSSLConfCmd DHParameters /etc/ssl/dhparam.pem
|
||||
SSLCertificateChainFile /etc/ssl/lets-encrypt-x3-cross-signed.pem
|
||||
|
||||
# replace 'localhost' with your fqdn if you want to use zammad from remote
|
||||
ServerName localhost
|
||||
|
||||
## don't loose time with IP address lookups
|
||||
HostnameLookups Off
|
||||
|
||||
## needed for named virtual hosts
|
||||
UseCanonicalName Off
|
||||
|
||||
## configures the footer on server-generated documents
|
||||
ServerSignature Off
|
||||
|
||||
ProxyRequests Off
|
||||
ProxyPreserveHost On
|
||||
|
||||
<Proxy localhost:3000>
|
||||
Require local
|
||||
</Proxy>
|
||||
|
||||
ProxyPass /assets !
|
||||
ProxyPass /favicon.ico !
|
||||
ProxyPass /robots.txt !
|
||||
ProxyPass /ws ws://localhost:6042/
|
||||
ProxyPass / http://localhost:3000/
|
||||
|
||||
DocumentRoot "/opt/zammad/public"
|
||||
|
||||
<Directory />
|
||||
Options FollowSymLinks
|
||||
AllowOverride None
|
||||
</Directory>
|
||||
|
||||
<Directory "/opt/zammad/public">
|
||||
Options FollowSymLinks
|
||||
Require all granted
|
||||
</Directory>
|
||||
|
||||
</VirtualHost>
|
||||
Loading…
Reference in a new issue