- Tukar port HTTPS Citadel ke 2001 dengan arahan
dpkg-reconfigure citadel-webcit
- Pasang SSL truecrypt dengan merujuk kepada artikel https://www.digitalocean.com/community/tutorials/how-to-secure-nginx-with-let-s-encrypt-on-ubuntu-16-04
- Edit /etc/nginx/sites-enabled/citadel seperti berikut:
[code lang=’plain’]
server {server_name domain.com citadel.domain.com;
listen 443 ssl http2;
listen [::]:443 ssl http2;
include snippets/ssl-domain.com.conf;
include snippets/ssl-params.conf;error_log /var/log/nginx/citadel-error.log;
access_log /var/log/nginx/citadel-access.log;root /usr/share/citadel-webcit;
# optional:
# listen 192.168.1.1:443
# instead depending on your setup…
# Main location
location /webcit/ {
proxy_pass https://127.0.0.1:2001/;
proxy_redirect off;proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;client_max_body_size 10m;
client_body_buffer_size 128k;proxy_connect_timeout 90;
proxy_send_timeout 90;
proxy_read_timeout 90;proxy_buffer_size 4k;
proxy_buffers 4 32k;
proxy_busy_buffers_size 64k;
proxy_temp_file_write_size 64k;
}
location /listsub/ {
proxy_pass https://127.0.0.1:2001;
proxy_redirect off;proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;client_max_body_size 10m;
client_body_buffer_size 128k;proxy_connect_timeout 90;
proxy_send_timeout 90;
proxy_read_timeout 90;proxy_buffer_size 4k;
proxy_buffers 4 32k;
proxy_busy_buffers_size 64k;
proxy_temp_file_write_size 64k;
}
location /groupdav/ {
proxy_pass https://127.0.0.1:2001/;
proxy_redirect off;proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;client_max_body_size 10m;
client_body_buffer_size 128k;proxy_connect_timeout 90;
proxy_send_timeout 90;
proxy_read_timeout 90;proxy_buffer_size 4k;
proxy_buffers 4 32k;
proxy_busy_buffers_size 64k;
proxy_temp_file_write_size 64k;
}
location /freebusy/ {
proxy_pass https://127.0.0.1:2001/;
proxy_redirect off;proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;client_max_body_size 10m;
client_body_buffer_size 128k;proxy_connect_timeout 90;
proxy_send_timeout 90;
proxy_read_timeout 90;proxy_buffer_size 4k;
proxy_buffers 4 32k;
proxy_busy_buffers_size 64k;
proxy_temp_file_write_size 64k;
}
}[/code]
Sumber:
http://www.citadel.org/doku.php/faq:installation:apacheproxy
https://www.digitalocean.com/community/tutorials/how-to-secure-nginx-with-let-s-encrypt-on-ubuntu-16-04