zammad_ssl.conf 2.3 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475
  1. #
  2. # this is an example apache 2.4 config for zammad
  3. # Please visit https://docs.zammad.org for further input on how to configure
  4. # your apache to work with Zammad
  5. #
  6. # security - prevent information disclosure about server version
  7. ServerTokens Prod
  8. <VirtualHost *:80>
  9. ServerName example.com
  10. Redirect permanent / https://example.com/
  11. </VirtualHost>
  12. <VirtualHost *:443>
  13. SSLEngine on
  14. SSLProtocol all -SSLv2 -SSLv3
  15. SSLCipherSuite EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH
  16. SSLCertificateFile /etc/letsencrypt/live/example.com-0000/fullchain.pem
  17. SSLCertificateKeyFile /etc/letsencrypt/live/example.com-0000/privkey.pem
  18. SSLCertificateChainFile /etc/ssl/lets-encrypt-x3-cross-signed.pem
  19. SSLOpenSSLConfCmd DHParameters /etc/ssl/dhparam.pem
  20. # replace 'localhost' with your fqdn if you want to use zammad from remote
  21. ServerName localhost
  22. ## don't loose time with IP address lookups
  23. HostnameLookups Off
  24. ## needed for named virtual hosts
  25. UseCanonicalName Off
  26. ## configures the footer on server-generated documents
  27. ServerSignature Off
  28. ProxyRequests Off
  29. ProxyPreserveHost On
  30. <Proxy 127.0.0.1:3000>
  31. Require local
  32. </Proxy>
  33. ProxyPass /assets !
  34. ProxyPass /favicon.ico !
  35. ProxyPass /apple-touch-icon.png !
  36. ProxyPass /robots.txt !
  37. # legacy web socket server
  38. ProxyPass /ws ws://127.0.0.1:6042/
  39. # action cable
  40. ProxyPass /cable ws://127.0.0.1:3000/cable
  41. ProxyPass / http://127.0.0.1:3000/
  42. # change this line in an SSO setup
  43. RequestHeader unset X-Forwarded-User
  44. # Use settings below if proxying does not work and you receive HTTP-Errror 404
  45. # if you use the settings below, make sure to comment out the above two options
  46. # This may not apply to all systems, applies to openSuse
  47. #ProxyPass /ws ws://127.0.0.1:6042/ "retry=1 acque=3000 timeout=600 keepalive=On"
  48. #ProxyPass /cable ws://127.0.0.1:3000/cable "retry=1 acque=3000 timeout=600 keepalive=On"
  49. #ProxyPass / http://127.0.0.1:3000/ "retry=1 acque=3000 timeout=600 keepalive=On"
  50. DocumentRoot "/opt/zammad/public"
  51. <Directory />
  52. Options FollowSymLinks
  53. AllowOverride None
  54. </Directory>
  55. <Directory "/opt/zammad/public">
  56. Options FollowSymLinks
  57. Require all granted
  58. </Directory>
  59. </VirtualHost>