From 4a0a3abd0a78d5a5aa08c85f4141a1dd186996eb Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Andr=C3=A9=20Bauer?= Date: Fri, 22 Dec 2017 14:48:36 +0100 Subject: [PATCH] added apache ssl config example --- contrib/apache2/zammad_ssl.conf | 69 +++++++++++++++++++++++++++++++++ 1 file changed, 69 insertions(+) create mode 100644 contrib/apache2/zammad_ssl.conf diff --git a/contrib/apache2/zammad_ssl.conf b/contrib/apache2/zammad_ssl.conf new file mode 100644 index 000000000..1e11a9d05 --- /dev/null +++ b/contrib/apache2/zammad_ssl.conf @@ -0,0 +1,69 @@ +# +# this is an example nginx config for zammad with free letsencrypt.org ssl certificates +# replace all occurrences of example.com with your domain +# when creating letsencrypt certificates the first time comment out the https parts in the config or nginx will not start +# create letsencrypt certificate by: /usr/bin/letsencrypt certonly --rsa-key-size 4096 --duplicate --text --webroot-path /var/www/html/ --webroot -d example.com -d www.example.com +# create dhparam.pem by: openssl dhparam -out /etc/ssl/dhparam.pem 4096 +# download x3 certificate by: wget -q https://letsencrypt.org/certs/lets-encrypt-x3-cross-signed.pem -P /etc/ssl +# you can test your ssl configuration @ https://www.ssllabs.com/ssltest/analyze.html +# + +# +# this is the apache config for zammad +# + + + # replace 'localhost' with your fqdn if you want to use zammad from remote + ServerName your.domain.name + Redirect permanent / https://your.domain.name + + + + SSLEngine on + SSLProtocol all -SSLv2 -SSLv3 + SSLCipherSuite EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH + SSLCertificateFile /etc/letsencrypt/live/your.domain.name/cert.pem + SSLCertificateKeyFile /etc/letsencrypt/live/your.domain.name/privkey.pem + SSLCertificateChainFile /etc/letsencrypt/live/your.domain.name/chain.pem + + SSLOpenSSLConfCmd DHParameters /etc/ssl/dhparam.pem + SSLCertificateChainFile /etc/ssl/lets-encrypt-x3-cross-signed.pem + + # replace 'localhost' with your fqdn if you want to use zammad from remote + ServerName localhost + + ## don't loose time with IP address lookups + HostnameLookups Off + + ## needed for named virtual hosts + UseCanonicalName Off + + ## configures the footer on server-generated documents + ServerSignature Off + + ProxyRequests Off + ProxyPreserveHost On + + + Require local + + + ProxyPass /assets ! + ProxyPass /favicon.ico ! + ProxyPass /robots.txt ! + ProxyPass /ws ws://localhost:6042/ + ProxyPass / http://localhost:3000/ + + DocumentRoot "/opt/zammad/public" + + + Options FollowSymLinks + AllowOverride None + + + + Options FollowSymLinks + Require all granted + + +