#
# this is an example apache 2.4 config for zammad with free letsencrypt.org ssl certificates
# replace all occurrences of example.com with your domain
# create letsencrypt certificate by: certbot certonly --webroot -w /var/www/html -d www.example.com
# create dhparam.pem by: openssl dhparam -out /etc/ssl/dhparam.pem 4096
# download x3 certificate by: wget -q https://letsencrypt.org/certs/lets-encrypt-x3-cross-signed.pem -P /etc/ssl
# you can test your ssl configuration @ https://www.ssllabs.com/ssltest/analyze.html
#
ServerName example.com
# security - prevent information disclosure about server version
ServerTokens Prod
Redirect permanent / https://example.com
SSLEngine on
SSLProtocol all -SSLv2 -SSLv3
SSLCipherSuite EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH
SSLCertificateFile /etc/letsencrypt/live/example.com-0000/fullchain.pem
SSLCertificateKeyFile /etc/letsencrypt/live/example.com-0000/privkey.pem
SSLCertificateChainFile /etc/ssl/lets-encrypt-x3-cross-signed.pem
SSLOpenSSLConfCmd DHParameters /etc/ssl/dhparam.pem
# replace 'localhost' with your fqdn if you want to use zammad from remote
ServerName localhost
# security - prevent information disclosure about server version
ServerTokens Prod
## don't loose time with IP address lookups
HostnameLookups Off
## needed for named virtual hosts
UseCanonicalName Off
## configures the footer on server-generated documents
ServerSignature Off
ProxyRequests Off
ProxyPreserveHost On
Require local
ProxyPass /assets !
ProxyPass /favicon.ico !
ProxyPass /robots.txt !
ProxyPass /ws ws://127.0.0.1:6042/
ProxyPass / http://127.0.0.1:3000/
# Use settings below if proxying does not work and you receive HTTP-Errror 404
# if you use the settings below, make sure to comment out the above two options
# This may not apply to all systems, applies to openSuse
#ProxyPass /ws ws://127.0.0.1:6042/ "retry=1 acque=3000 timeout=600 keepalive=On"
#ProxyPass / http://127.0.0.1:3000/ "retry=1 acque=3000 timeout=600 keepalive=On"
DocumentRoot "/opt/zammad/public"
Options FollowSymLinks
AllowOverride None
Options FollowSymLinks
Require all granted