Elgato_dark/zammad
1
0
Fork 0
mirror of https://github.com/zammad/zammad synced 2026-05-24 09:48:36 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions
zammad/contrib/apache2/zammad_ssl.conf
Marcel Herrguth c099dbae4c Raise SSL apache2 and nginx to intermediate
2024-09-17 12:38:21 +02:00

79 lines
2.4 KiB
Text
Raw Permalink Blame History

#
# this is an example Apache 2.4 config for Zammad
# Please visit https://docs.zammad.org for further input on how to configure
# your Apache to work with Zammad
#
# security - prevent information disclosure about server version
ServerTokens Prod
<VirtualHost *:80>
ServerName example.com
Redirect permanent / https://example.com/
</VirtualHost>
<VirtualHost *:443>
# enable HTTP/2, if available
Protocols h2 http/1.1
SSLEngine on
SSLProtocol all -SSLv3 -TLSv1 -TLSv1.1
SSLCipherSuite ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-CHACHA20-POLY1305
SSLHonorCipherOrder off
SSLSessionTickets off
SSLCertificateFile /etc/ssl/certs/example.com.pem
SSLCertificateKeyFile /etc/ssl/private/example.com.key
SSLCertificateChainFile /etc/ssl/certs/root-ca-plus-intermediates.pem
SSLOpenSSLConfCmd DHParameters /etc/ssl/dhparam.pem
# replace 'localhost' with your fqdn if you want to use zammad from remote
ServerName localhost
HostnameLookups Off
UseCanonicalName Off
ServerSignature Off
Header always set Strict-Transport-Security "max-age=63072000"
ProxyRequests Off
ProxyPreserveHost On
<Proxy 127.0.0.1:3000>
Require local
</Proxy>
ProxyPass /assets !
ProxyPass /favicon.ico !
ProxyPass /apple-touch-icon.png !
ProxyPass /robots.txt !
# legacy web socket server
ProxyPass /ws ws://127.0.0.1:6042/
# action cable
ProxyPass /cable ws://127.0.0.1:3000/cable
ProxyPass / http://127.0.0.1:3000/
# change this line in an SSO setup
RequestHeader unset X-Forwarded-User
# Use settings below if proxying does not work and you receive HTTP-Errror 404
# if you use the settings below, make sure to comment out the above two options
# This may not apply to all systems, applies to openSuse
#ProxyPass /ws ws://127.0.0.1:6042/ "retry=1 acque=3000 timeout=600 keepalive=On"
#ProxyPass /cable ws://127.0.0.1:3000/cable "retry=1 acque=3000 timeout=600 keepalive=On"
#ProxyPass / http://127.0.0.1:3000/ "retry=1 acque=3000 timeout=600 keepalive=On"
DocumentRoot "/opt/zammad/public"
<Directory />
Options FollowSymLinks
AllowOverride None
</Directory>
<Directory "/opt/zammad/public">
Options FollowSymLinks
Require all granted
</Directory>
</VirtualHost>
Reference in a new issue View git blame Copy permalink