From d188aff633b985f782dd9791f3850150493354ff Mon Sep 17 00:00:00 2001 From: Felix Bartels <1257835+fbartels@users.noreply.github.com> Date: Thu, 16 Apr 2020 13:00:46 +0200 Subject: [PATCH] add apache example (#381) fixes https://github.com/zokradonh/kopano-docker/issues/372 Signed-off-by: Felix Bartels --- examples/apache-proxy.md | 61 ++++++++++++++++++++++++++++++++++++++++ 1 file changed, 61 insertions(+) create mode 100644 examples/apache-proxy.md diff --git a/examples/apache-proxy.md b/examples/apache-proxy.md new file mode 100644 index 0000000..c10e9f5 --- /dev/null +++ b/examples/apache-proxy.md @@ -0,0 +1,61 @@ +# Using Apache as the front facing reverse proxy + +Example provided by [ronnybremer](https://github.com/ronnybremer) in [Add reverse proxy example for Apache](https://github.com/zokradonh/kopano-docker/issues/372). + +To be able to use a different proxy, than the bundled kweb the env variable `FQDNCLEANED` needs to be set to an invalid value (to not route traffic through it, but the external proxy). Additionally `EMAIL` needs to be set to `off`. + +```bash + +ServerName public.domain.com:443 +ServerAdmin your_friendly_admin@domain.com +UseCanonicalName On + +ErrorLog logs/meet_ssl_error_log +CustomLog logs/meet_ssl_access_log combined +LogLevel warn + +SSLEngine on +SSLCompression off +SSLProxyEngine off + +SSLProtocol All -SSLv2 -SSLv3 -TLSv1 -TLSv1.1 +SSLCipherSuite HIGH:3DES:!aNULL:!MD5:!SEED:!IDEA +# for higher security +# SSLCipherSuite EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH +SSLHonorCipherOrder on +SSLCertificateFile /etc/pki/tls/certs/localhost.crt +SSLCertificateKeyFile /etc/pki/tls/private/localhost.key +SSLCertificateChainFile /etc/pki/tls/certs/server-chain.crt + +Header unset X-Frame-Options +Header unset Content-Security-Policy + +RewriteEngine On +# Meet and PWAs only work on https +RewriteCond %{HTTPS} off +RewriteCond %{REQUEST_URI} ^/meet$ [OR] +RewriteCond %{REQUEST_URI} ^/meet/ +RewriteRule ^(.*)$ https://public.domain.com/meet/ [R,L] +# We need to access Meet through the proper domain +RewriteCond %{REQUEST_URI} ^/meet$ [OR] +RewriteCond %{REQUEST_URI} ^/meet/ +RewriteCond %{HTTP_HOST} !^public.domain.com$ [NC] +RewriteRule ^(.*)$ https://public.domain.com/meet/ [R,L] +# Upgrade Websocket connections +RewriteCond %{HTTP:Connection} Upgrade [NC] +RewriteCond %{HTTP:Upgrade} websocket [NC] +RewriteRule /api/kwm/v2/(.*) ws://internal.domain.com:2015/api/kwm/v2/$1 [P,L] + + + Order deny,allow + Deny from all + + + + ProxyPass http://internal.domain.com:2015/ + ProxyPassReverse http://internal.domain.com:2015/ + ProxyPreserveHost On + + + +```