Freifunk-Rhein-Sieg/zammad-docker-compose
3
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Use adapted default ssl configuration for zammad

Browse Source
This commit is contained in:
Tom Plüss 2019-02-20 20:53:26 +01:00
parent 3ae1fc042c
commit b002dcb53e
2 changed files with 74 additions and 19 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

89
data/nginx/app.conf
View File

@ -1,25 +1,78 @@
server { upstream zammad-railsserver {
listen 80; server 127.0.0.1:3000;
server_name ticket.simplificator.com; }
location / { upstream zammad-websocket {
return 301 https://$host$request_uri; server 127.0.0.1:6042;
}
location /.well-known/acme-challenge/ {
root /var/www/certbot;
}
} }
server { server {
listen 443 ssl; listen 80;
server_name ticket.simplificator.com;
ssl_certificate /etc/letsencrypt/live/ticket.simplificator.com/fullchain.pem; server_name ticket.simplificator.com;
ssl_certificate_key /etc/letsencrypt/live/ticket.simplificator.com/privkey.pem;
include /etc/letsencrypt/options-ssl-nginx.conf; access_log /var/log/nginx/zammad.access.log;
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; error_log /var/log/nginx/zammad.error.log;
location /.well-known/ {
root /var/www/html;
}
return 301 https://example.com$request_uri;
location / { }
proxy_pass http://ticket.simplificator.com;
}
server {
listen 443 ssl http2;
server_name ticket.simplificator.com;
ssl_certificate /etc/letsencrypt/live/ticket.simplificator.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/ticket.simplificator.com/privkey.pem;
include /etc/letsencrypt/options-ssl-nginx.conf;
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem;
add_header Strict-Transport-Security "max-age=31536000" always;
location = /robots.txt {
access_log off; log_not_found off;
}
location = /favicon.ico {
access_log off; log_not_found off;
}
root /opt/zammad/public;
access_log /var/log/nginx/zammad.access.log;
error_log /var/log/nginx/zammad.error.log;
client_max_body_size 50M;
location ~ ^/(assets/|robots.txt|humans.txt|favicon.ico) {
expires max;
}
location /ws {
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "Upgrade";
proxy_set_header CLIENT_IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_read_timeout 86400;
proxy_pass http://zammad-websocket;
}
location / {
proxy_set_header Host $http_host;
proxy_set_header CLIENT_IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_read_timeout 180;
proxy_pass http://zammad-railsserver;
gzip on;
gzip_types text/plain text/xml text/css image/svg+xml application/javascript application/x-javascript application/json application/xml;
gzip_proxied any;
}
} }

2
init-letsencrypt.sh
View File

@ -39,6 +39,8 @@ echo "### Starting $nginx_service_name ..."
docker-compose $compose_files up --force-recreate -d $nginx_service_name docker-compose $compose_files up --force-recreate -d $nginx_service_name
echo echo
read -p "Please wait for $nginx_service_name to be started and serving on ports 80 and 443. Then press any key to continue." unused_input
echo "### Deleting dummy certificate for $domains ..." echo "### Deleting dummy certificate for $domains ..."
docker-compose $compose_files run --rm --entrypoint "\ docker-compose $compose_files run --rm --entrypoint "\
rm -Rf /etc/letsencrypt/live/$domains && \ rm -Rf /etc/letsencrypt/live/$domains && \