OTRS 5 VirtualHost et SSL via Let’s Encrypt
Je partage mon fichier pour mettre en place un hôte virtuel avec OTRS 5. J’ai mis un peu de temps à voir une configuration fonctionnelle, donc si ça peut aider. Vous trouverez uniquement le fichier pour mettre en place l’hôte virtuel. L’installation d’OTRS est relativement simple en suivant la documentation (installation via les sources dans mon cas). Pour le certificat SSL j’utilise acme.sh, mais certbot peut aussi être utilisé…
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 138 139 140 141 142 143 144 145 146 147 148 149 150 151 152 153 154 155 156 157 158 | <VirtualHost *:80> DocumentRoot /opt/otrs/ ServerName mon_domaine.fr Alias /.well-known/acme-challenge /var/www/html/.well-known/acme-challenge <Directory /var/www/html/.well-known/acme-challenge> Options None AllowOverride None Order allow,deny Allow from all </Directory> RewriteEngine On RewriteCond %{HTTPS} off RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI} </VirtualHost> <VirtualHost *:443> DocumentRoot /opt/otrs/ ServerName mon_domaine.fr Alias /.well-known/acme-challenge /var/www/html/.well-known/acme-challenge <Directory "/var/www/html/.well-known/acme-challenge/"> Options None AllowOverride None ForceType text/plain RedirectMatch 404 "^(?!/\.well-known/acme-challenge/[\w-]{43}$)" </Directory> Alias /otrs-web/ "/opt/otrs/var/httpd/htdocs/" ScriptAlias / "/opt/otrs/bin/cgi-bin/" SSLEngine on SSLProtocol All -SSLv2 -SSLv3 -TLSv1 SSLCipherSuite ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA SSLCertificateFile /etc/ssl/private/mon_domaine.fr-cert.pem SSLCertificateKeyFile /etc/ssl/private/mon_domaine.fr-key.pem SSLCertificateChainFile /etc/ssl/private/mon_domaine.fr-fullchain.pem <IfModule mod_perl.c> # Setup environment and preload modules Perlrequire /opt/otrs/scripts/apache2-perl-startup.pl # Reload Perl modules when changed on disk PerlModule Apache2::Reload PerlInitHandler Apache2::Reload # mod_perl2 options for GenericInterface <Location /otrs/nph-genericinterface.pl> PerlOptions -ParseHeaders </Location> </IfModule> <Directory "/opt/otrs/bin/cgi-bin/"> AllowOverride None Options +ExecCGI -Includes # ErrorDocument 403 /otrs/customer.pl ErrorDocument 403 /index.pl AddHandler perl-script .pl .cgi PerlResponseHandler ModPerl::Registry PerlOptions +ParseHeaders PerlOptions +SetupEnv DirectoryIndex index.pl <IfModule mod_version.c> <IfVersion < 2.4> Order allow,deny Allow from all </IfVersion> <IfVersion >= 2.4> Require all granted </IfVersion> </IfModule> <IfModule !mod_version.c> Order allow,deny Allow from all </IfModule> <IfModule mod_filter.c> <IfModule mod_deflate.c> AddOutputFilterByType DEFLATE text/html text/javascript application/javascript text/css text/xml application/json text/json </IfModule> </IfModule> </Directory> <Directory "/opt/otrs/var/httpd/htdocs/"> AllowOverride None <IfModule mod_version.c> <IfVersion < 2.4> Order allow,deny Allow from all </IfVersion> <IfVersion >= 2.4> Require all granted </IfVersion> </IfModule> <IfModule !mod_version.c> Order allow,deny Allow from all </IfModule> <IfModule mod_filter.c> <IfModule mod_deflate.c> AddOutputFilterByType DEFLATE text/html text/javascript application/javascript text/css text/xml application/json text/json </IfModule> </IfModule> # Make sure CSS and JS files are read as UTF8 by the browsers. AddCharset UTF-8 .css AddCharset UTF-8 .js # Set explicit mime type for woff fonts since it is relatively new and apache may not know about it. AddType application/font-woff .woff </Directory> <IfModule mod_headers.c> # Cache css-cache for 30 days <Directory "/opt/otrs/var/httpd/htdocs/skins/*/*/css-cache"> <FilesMatch "\.(css|CSS)$"> Header set Cache-Control "max-age=2592000 must-revalidate" </FilesMatch> </Directory> # Cache css thirdparty for 4 hours, including icon fonts <Directory "/opt/otrs/var/httpd/htdocs/skins/*/*/css/thirdparty"> <FilesMatch "\.(css|CSS|woff|svg)$"> Header set Cache-Control "max-age=14400 must-revalidate" </FilesMatch> </Directory> # Cache js-cache for 30 days <Directory "/opt/otrs/var/httpd/htdocs/js/js-cache"> <FilesMatch "\.(js|JS)$"> Header set Cache-Control "max-age=2592000 must-revalidate" </FilesMatch> </Directory> # Cache js thirdparty for 4 hours <Directory "/opt/otrs/var/httpd/htdocs/js/thirdparty/"> <FilesMatch "\.(js|JS)$"> Header set Cache-Control "max-age=14400 must-revalidate" </FilesMatch> </Directory> </IfModule> </VirtualHost> # Limit the number of requests per child to avoid excessive memory usage MaxRequestsPerChild 4000 |
Configuration dans OTRS
Vous pouvez passer par l’interface WEB ou éditer le fichier
1 | /opt/otrs/Kernel/Config.pm |
et ajouter :
1 2 | $Self->{ScriptAlias} = ''; $Self->{HttpType} = 'https'; |
Relancer Apache et le tour est joué 😉
