-
Notifications
You must be signed in to change notification settings - Fork 54
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
* Add apache SSL to SSL config
- Loading branch information
Showing
7 changed files
with
157 additions
and
6 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -1 +1,3 @@ | ||
tests/**/proxy-https-to-http/server.* | ||
*.crt | ||
*.key | ||
*.csr |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,51 @@ | ||
# Use this example for proxy HTTPS traffic to the document server running at 'backendserver-address'. | ||
# Replace /etc/ssl/certs/server.crt with the path to the ssl certificate file | ||
# Replace /etc/ssl/private/server.key with the path to the ssl private key file | ||
|
||
Listen 80 | ||
Listen 443 | ||
LoadModule authn_core_module modules/mod_authn_core.so | ||
LoadModule authz_core_module modules/mod_authz_core.so | ||
LoadModule unixd_module modules/mod_unixd.so | ||
LoadModule proxy_module modules/mod_proxy.so | ||
LoadModule proxy_http_module modules/mod_proxy_http.so | ||
LoadModule proxy_wstunnel_module modules/mod_proxy_wstunnel.so | ||
LoadModule headers_module modules/mod_headers.so | ||
LoadModule setenvif_module modules/mod_setenvif.so | ||
LoadModule ssl_module modules/mod_ssl.so | ||
|
||
<IfModule unixd_module> | ||
User daemon | ||
Group daemon | ||
</IfModule> | ||
|
||
SSLEngine on | ||
SSLCertificateFile "/etc/ssl/certs/server.crt" | ||
SSLCertificateKeyFile "/etc/ssl/private/server.key" | ||
|
||
## Strong SSL Security | ||
## https://raymii.org/s/tutorials/Strong_SSL_Security_On_Apache2.html | ||
|
||
SSLCipherSuite EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:ECDHE-RSA-AES128-SHA:DHE-RSA-AES128-GCM-SHA256:AES256+EDH:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES256-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES128-SHA256:DHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES256-GCM-SHA384:AES128-GCM-SHA256:AES256-SHA256:AES128-SHA256:AES256-SHA:AES128-SHA:DES-CBC3-SHA:HIGH:!aNULL:!eNULL:!EXPORT:!DES:!MD5:!PSK:!RC4 | ||
SSLProtocol All -SSLv2 -SSLv3 | ||
SSLCompression off | ||
SSLHonorCipherOrder on | ||
|
||
## [Optional] Generate a stronger DHE parameter: | ||
## cd /etc/ssl/certs | ||
## sudo openssl dhparam -out dhparam.pem 4096 | ||
## | ||
# SSLOpenSSLConfCmd DHParameters "/etc/ssl/certs/dhparam.pem" | ||
|
||
SSLProxyEngine On | ||
SSLProxyCheckPeerCN on | ||
SSLProxyCheckPeerExpire on | ||
|
||
SetEnvIf Host "^(.*)$" THE_HOST=$1 | ||
RequestHeader setifempty X-Forwarded-Proto https | ||
RequestHeader setifempty X-Forwarded-Host %{THE_HOST}e | ||
ProxyAddHeaders Off | ||
|
||
ProxyPassMatch (.*)(\/websocket)$ "wss://backendserver-address/$1$2" | ||
ProxyPass / "https://backendserver-address/" | ||
ProxyPassReverse / "https://backendserver-address/" |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,8 @@ | ||
#### Generation of Self Signed Certificates | ||
``` | ||
./gen-onlyoffice-cert.sh | ||
``` | ||
#### To run test | ||
``` | ||
sudo docker-compose up -d | ||
``` |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,40 @@ | ||
version: '2' | ||
services: | ||
onlyoffice-documentserver: | ||
container_name: onlyoffice-documentserver | ||
image: onlyoffice/4testing-documentserver-ie:latest | ||
stdin_open: true | ||
volumes: | ||
- ./backend.crt:/var/www/onlyoffice/Data/certs/onlyoffice.crt | ||
- ./backend.key:/var/www/onlyoffice/Data/certs/onlyoffice.key | ||
restart: always | ||
networks: | ||
onlyoffice: | ||
aliases: | ||
- backendserver-address | ||
expose: | ||
- '80' | ||
- '443' | ||
|
||
onlyoffice-httpd: | ||
container_name: onlyoffice-httpd | ||
image: httpd:2.4.23 | ||
depends_on: | ||
- onlyoffice-documentserver | ||
stdin_open: true | ||
volumes: | ||
- ../../../apache/proxy-https-to-https.conf:/usr/local/apache2/conf/httpd.conf | ||
- ./server.crt:/etc/ssl/certs/server.crt | ||
- ./server.key:/etc/ssl/private/server.key | ||
- ./backend.crt:/usr/share/ca-certificates/backend.crt | ||
restart: always | ||
networks: | ||
- onlyoffice | ||
ports: | ||
- '80:80' | ||
- '443:443' | ||
|
||
networks: | ||
onlyoffice: | ||
driver: 'bridge' | ||
|
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,14 @@ | ||
#!/bin/bash | ||
|
||
private_key=backend.key | ||
certificate_request=backend.csr | ||
certificate=backend.crt | ||
|
||
# Generate certificate | ||
openssl genrsa -out ${private_key} 2048 | ||
openssl req \ | ||
-new \ | ||
-subj "/C=US/ST=Denial/L=Springfield/O=Dis/CN=backendserver-address" \ | ||
-key ${private_key} \ | ||
-out ${certificate_request} | ||
openssl x509 -req -days 365 -in ${certificate_request} -signkey ${private_key} -out ${certificate} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters