OTRS 5 VirtualHost et SSL via Let’s Encrypt

Je partage mon fichier pour mettre en place un hôte virtuel avec OTRS 5. J’ai mis un peu de temps à voir une configuration fonctionnelle, donc si ça peut aider. Vous trouverez uniquement le fichier pour mettre en place l’hôte virtuel. L’installation d’OTRS est relativement simple en suivant la documentation (installation via les sources dans mon cas). Pour le certificat SSL j’utilise acme.sh, mais certbot peut aussi être utilisé…

<VirtualHost *:80>
        DocumentRoot /opt/otrs/
        ServerName mon_domaine.fr

Alias /.well-known/acme-challenge /var/www/html/.well-known/acme-challenge
 
<Directory /var/www/html/.well-known/acme-challenge>
        Options None
        AllowOverride None
        Order allow,deny
        Allow from all
</Directory>

RewriteEngine On
RewriteCond %{HTTPS} off 
RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI}
</VirtualHost>


<VirtualHost *:443>
	DocumentRoot /opt/otrs/
	ServerName mon_domaine.fr

Alias /.well-known/acme-challenge /var/www/html/.well-known/acme-challenge

<Directory "/var/www/html/.well-known/acme-challenge/">
    Options None
    AllowOverride None
    ForceType text/plain
    RedirectMatch 404 "^(?!/\\.well-known/acme-challenge/[\\w-]{43}$)"
</Directory>

Alias /otrs-web/ "/opt/otrs/var/httpd/htdocs/"
ScriptAlias / "/opt/otrs/bin/cgi-bin/"

SSLEngine on
	SSLProtocol All -SSLv2 -SSLv3 -TLSv1
	SSLCipherSuite  ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA

	SSLCertificateFile    /etc/ssl/private/mon_domaine.fr-cert.pem
	SSLCertificateKeyFile /etc/ssl/private/mon_domaine.fr-key.pem
	SSLCertificateChainFile /etc/ssl/private/mon_domaine.fr-fullchain.pem


<IfModule mod_perl.c>

    # Setup environment and preload modules
    Perlrequire /opt/otrs/scripts/apache2-perl-startup.pl

    # Reload Perl modules when changed on disk
    PerlModule Apache2::Reload
    PerlInitHandler Apache2::Reload

    # mod_perl2 options for GenericInterface
    <Location /otrs/nph-genericinterface.pl>
        PerlOptions -ParseHeaders
    </Location>

</IfModule>

<Directory "/opt/otrs/bin/cgi-bin/">
    AllowOverride None
    Options +ExecCGI -Includes

#   ErrorDocument 403 /otrs/customer.pl
    ErrorDocument 403 /index.pl
    AddHandler  perl-script .pl .cgi
    PerlResponseHandler ModPerl::Registry
    PerlOptions +ParseHeaders
    PerlOptions +SetupEnv
    DirectoryIndex index.pl

    <IfModule mod_version.c>
        <IfVersion < 2.4>
            Order allow,deny
            Allow from all
        </IfVersion>
        <IfVersion >= 2.4>
            Require all granted
        </IfVersion>
    </IfModule>
    <IfModule !mod_version.c>
        Order allow,deny
        Allow from all
    </IfModule>

    <IfModule mod_filter.c>
        <IfModule mod_deflate.c>
            AddOutputFilterByType DEFLATE text/html text/javascript application/javascript text/css text/xml application/json text/json
         </IfModule>
    </IfModule>

</Directory>

<Directory "/opt/otrs/var/httpd/htdocs/">
    AllowOverride None

    <IfModule mod_version.c>
        <IfVersion < 2.4>
            Order allow,deny
            Allow from all
        </IfVersion>
        <IfVersion >= 2.4>
            Require all granted
        </IfVersion>
    </IfModule>
    <IfModule !mod_version.c>
        Order allow,deny
        Allow from all
    </IfModule>

    <IfModule mod_filter.c>
        <IfModule mod_deflate.c>
            AddOutputFilterByType DEFLATE text/html text/javascript application/javascript text/css text/xml application/json text/json
         </IfModule>
    </IfModule>

    # Make sure CSS and JS files are read as UTF8 by the browsers.
    AddCharset UTF-8 .css
    AddCharset UTF-8 .js

    # Set explicit mime type for woff fonts since it is relatively new and apache may not know about it.
    AddType application/font-woff .woff

</Directory>

<IfModule mod_headers.c>
    # Cache css-cache for 30 days
    <Directory "/opt/otrs/var/httpd/htdocs/skins/*/*/css-cache">
        <FilesMatch "\\.(css|CSS)$">
            Header set Cache-Control "max-age=2592000 must-revalidate"
        </FilesMatch>
    </Directory>

    # Cache css thirdparty for 4 hours, including icon fonts
    <Directory "/opt/otrs/var/httpd/htdocs/skins/*/*/css/thirdparty">
        <FilesMatch "\\.(css|CSS|woff|svg)$">
            Header set Cache-Control "max-age=14400 must-revalidate"
        </FilesMatch>
    </Directory>

    # Cache js-cache for 30 days
    <Directory "/opt/otrs/var/httpd/htdocs/js/js-cache">
        <FilesMatch "\\.(js|JS)$">
            Header set Cache-Control "max-age=2592000 must-revalidate"
        </FilesMatch>
    </Directory>

    # Cache js thirdparty for 4 hours
    <Directory "/opt/otrs/var/httpd/htdocs/js/thirdparty/">
        <FilesMatch "\\.(js|JS)$">
            Header set Cache-Control "max-age=14400 must-revalidate"
        </FilesMatch>
    </Directory>
</IfModule>
</VirtualHost>
# Limit the number of requests per child to avoid excessive memory usage
MaxRequestsPerChild 4000

Configuration dans OTRS

Vous pouvez passer par l’interface WEB ou éditer le fichier

/opt/otrs/Kernel/Config.pm

et ajouter :

    $Self->{ScriptAlias} = '';
    $Self->{HttpType} = 'https';

Relancer Apache et le tour est joué 😉

tags : encrypt gnu/linux otrs pense-bête serveur ssl
0 vote
28/03/2017 22:15
Ecrit par TheLinuxFr - Afficher l'article originel
Vus : 751
Publié par TheLinuxFr : 61