Home Explore Help
Sign In
SMusatov
/
zammad
mirror of https://github.com/zammad/zammad.git
1
0
Fork 0
Files
Tree: 82f28ed426
Branches Tags
zammad
/
contrib
/
apache2
/
zammad_ssl.conf

zammad_ssl.conf 2.4 KB
History Raw

12345678910111213141516171819202122232425262728293031323334353637383940414243444546474849505152535455565758596061626364656667686970717273747576777879 
  1. #
    2. 

  2. # this is an example Apache 2.4 config for Zammad
    3. 

  3. # Please visit https://docs.zammad.org for further input on how to configure
    4. 

  4. # your Apache to work with Zammad
    5. 

  5. #
    6. 

  6. 

  7. # security - prevent information disclosure about server version
    8. 

  8. ServerTokens Prod
    9. 

  9. 

  10. <VirtualHost *:80>
    11. 

  11.   ServerName example.com
    12. 

  12.   Redirect permanent / https://example.com/
    13. 

  13. </VirtualHost>
    14. 

  14. 

  15. <VirtualHost *:443>
    16. 

  16.   # enable HTTP/2, if available
    17. 

  17.   Protocols h2 http/1.1
    18. 

  18. 

  19.   SSLEngine on
    20. 

  20.   SSLProtocol             all -SSLv3 -TLSv1 -TLSv1.1
    21. 

  21.   SSLCipherSuite          ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-CHACHA20-POLY1305
    22. 

  22.   SSLHonorCipherOrder     off
    23. 

  23.   SSLSessionTickets       off
    24. 

  24. 

  25.   SSLCertificateFile /etc/ssl/certs/example.com.pem
    26. 

  26.   SSLCertificateKeyFile /etc/ssl/private/example.com.key
    27. 

  27.   SSLCertificateChainFile /etc/ssl/certs/root-ca-plus-intermediates.pem
    28. 

  28.   SSLOpenSSLConfCmd DHParameters /etc/ssl/dhparam.pem
    29. 

  29. 

  30.   # replace 'localhost' with your fqdn if you want to use zammad from remote
    31. 

  31.   ServerName localhost
    32. 

  32. 

  33.   HostnameLookups Off
    34. 

  34.   UseCanonicalName Off
    35. 

  35.   ServerSignature Off
    36. 

  36. 

  37.   Header always set Strict-Transport-Security "max-age=63072000"
    38. 

  38. 

  39.   ProxyRequests Off
    40. 

  40.   ProxyPreserveHost On
    41. 

  41. 

  42.   <Proxy 127.0.0.1:3000>
    43. 

  43.     Require local
    44. 

  44.   </Proxy>
    45. 

  45. 

  46.   ProxyPass /assets !
    47. 

  47.   ProxyPass /favicon.ico !
    48. 

  48.   ProxyPass /apple-touch-icon.png !
    49. 

  49.   ProxyPass /robots.txt !
    50. 

  50. 

  51.   # legacy web socket server
    52. 

  52.   ProxyPass /ws ws://127.0.0.1:6042/
    53. 

  53. 

  54.   # action cable
    55. 

  55.   ProxyPass /cable ws://127.0.0.1:3000/cable
    56. 

  56.   ProxyPass / http://127.0.0.1:3000/
    57. 

  57. 

  58.   # change this line in an SSO setup
    59. 

  59.   RequestHeader unset X-Forwarded-User
    60. 

  60. 

  61.   # Use settings below if proxying does not work and you receive HTTP-Errror 404
    62. 

  62.   # if you use the settings below, make sure to comment out the above two options
    63. 

  63.   # This may not apply to all systems, applies to openSuse
    64. 

  64.   #ProxyPass /ws ws://127.0.0.1:6042/ "retry=1 acque=3000 timeout=600 keepalive=On"
    65. 

  65.   #ProxyPass /cable ws://127.0.0.1:3000/cable "retry=1 acque=3000 timeout=600 keepalive=On"
    66. 

  66.   #ProxyPass / http://127.0.0.1:3000/ "retry=1 acque=3000 timeout=600 keepalive=On"
    67. 

  67. 

  68.   DocumentRoot "/opt/zammad/public"
    69. 

  69. 

  70.   <Directory />
    71. 

  71.     Options FollowSymLinks
    72. 

  72.     AllowOverride None
    73. 

  73.   </Directory>
    74. 

  74. 

  75.   <Directory "/opt/zammad/public">
    76. 

  76.     Options FollowSymLinks
    77. 

  77.     Require all granted
    78. 

  78.   </Directory>
    79. 

  79. </VirtualHost>
    80.