Line 21: |
Line 21: |
| </syntaxhighlight> | | </syntaxhighlight> |
| | | |
− | TODO : httpd templates
| + | needed httpd templates<syntaxhighlight lang="bash"> |
| + | mkdir -p /etc/e-smith/templates-custom/etc/httpd/conf/httpd.conf/ |
| | | |
− | TODO: iptables templates
| + | </syntaxhighlight><syntaxhighlight lang="perl"> |
| + | # /etc/e-smith/templates-custom/etc/httpd/conf/httpd.conf/80VirtualH-dehydrated |
| + | #Alias /.well-known/acme-challenge /var/www/html/.well-known/acme-challenge |
| + | Alias /.well-known/acme-challenge/ /home/e-smith/files/ibays/Primary/html/.well-known/acme-challenge/ |
| + | |
| + | <Directory "/home/e-smith/files/ibays/Primary/html/.well-known/acme-challenge/"> |
| + | order allow,deny |
| + | allow from all |
| + | deny from none |
| + | AddDefaultCharset off |
| + | </Directory> |
| + | |
| + | </syntaxhighlight>change DOMAIN.COM with you own domain (or docker.DOMAIN.COM and onlyoffice.DOMAIN.COM)<syntaxhighlight lang="perl"> |
| + | #/etc/e-smith/templates-custom/etc/httpd/conf/httpd.conf/98onlyoffice |
| + | <VirtualHost *:443> |
| + | ServerName onlyoffice.DOMAIN.COM |
| + | ServerAlias onlyoffice.DOMAIN.COM |
| + | |
| + | SSLEngine On |
| + | SSLCertificateFile /etc/dehydrated/certs/docker.DOMAIN.COM/cert.pem |
| + | SSLCertificateKeyFile /etc/dehydrated/certs/docker.DOMAIN.COM/privkey.pem |
| + | SSLCertificateChainFile /etc/dehydrated/certs/docker.DOMAIN.COM/chain.pem |
| + | |
| + | SSLCipherSuite EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:ECDHE-RSA-AES128-SHA:DHE-RSA-AES128-GCM-SHA256:AES256+EDH:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES256-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES128-SHA256:DHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES256-GCM-SHA384:AES128-GCM-SHA256:AES256-SHA256:AES128-SHA256:AES256-SHA:AES128-SHA:DES-CBC3-SHA:HIGH:!aNULL:!eNULL:!EXPORT:!DES:!MD5:!PSK:!RC4 |
| + | SSLProtocol All -SSLv2 -SSLv3 |
| + | SSLCompression off |
| + | SSLHonorCipherOrder on |
| + | |
| + | SetEnvIf Host "^(.*)$" THE_HOST=$1 |
| + | #needs apache 2.4.7 |
| + | #RequestHeader setifempty X-Forwarded-Proto https |
| + | #RequestHeader setifempty X-Forwarded-Host %\{THE_HOST\}e |
| + | #valid alternative : |
| + | RequestHeader set X-Forwarded-Proto https |
| + | RequestHeader set X-Forwarded-Host %\{THE_HOST\}e |
| + | ProxyAddHeaders Off |
| + | |
| + | ProxyPass /.well-known/acme-challenge ! |
| + | ProxyPassMatch (.*)(\/websocket)$ "ws://localhost:8080/$1$2" |
| + | ProxyPass / "http://localhost:8080/" |
| + | ProxyPassReverse / "http://localhost:8080/" |
| + | |
| + | </VirtualHost> |
| + | |
| + | # PORT FORWARD FROM 80 TO: 443 |
| + | <virtualhost *:80> |
| + | ServerName onlyoffice.DOMAIN.COM |
| + | ServerAlias onlyoffice.DOMAIN.COM |
| + | SSLProxyEngine On |
| + | RewriteEngine on |
| + | RewriteCond %\{REQUEST_URI\} !^/.well-known/acme-challenge [NC] |
| + | RewriteCond %\{HTTPS\} off |
| + | RewriteRule ^/(.*) https://%\{HTTP_HOST\}/$1 [NC,R,L] |
| + | </virtualhost> |
| + | |
| + | </syntaxhighlight> |
| + | |
| + | to allow access to your dns server add the docker network to your local networks (considering the docker network is the following): <syntaxhighlight lang="bash"> |
| + | db networks set 172.17.0.0 network Mask 255.255.0.0 Router 172.17.0.1 Removable no |
| + | signal-event network-create 172.17.0.0 |
| + | </syntaxhighlight> |
| | | |
| == update == | | == update == |