Categories
email

Setting SSL (letsencrypt) nginx Citadel

  1. Tukar port HTTPS Citadel ke 2001 dengan arahan

    dpkg-reconfigure citadel-webcit

  2. Pasang SSL truecrypt dengan merujuk kepada artikel https://www.digitalocean.com/community/tutorials/how-to-secure-nginx-with-let-s-encrypt-on-ubuntu-16-04
  3. Edit /etc/nginx/sites-enabled/citadel seperti berikut:

    [code lang=’plain’]
    server {

    server_name domain.com citadel.domain.com;
    listen 443 ssl http2;
    listen [::]:443 ssl http2;
    include snippets/ssl-domain.com.conf;
    include snippets/ssl-params.conf;

    error_log /var/log/nginx/citadel-error.log;
    access_log /var/log/nginx/citadel-access.log;

    root /usr/share/citadel-webcit;
    # optional:
    # listen 192.168.1.1:443
    # instead depending on your setup…
    # Main location
    location /webcit/ {
    proxy_pass https://127.0.0.1:2001/;
    proxy_redirect off;

    proxy_set_header Host $host;
    proxy_set_header X-Real-IP $remote_addr;
    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;

    client_max_body_size 10m;
    client_body_buffer_size 128k;

    proxy_connect_timeout 90;
    proxy_send_timeout 90;
    proxy_read_timeout 90;

    proxy_buffer_size 4k;
    proxy_buffers 4 32k;
    proxy_busy_buffers_size 64k;
    proxy_temp_file_write_size 64k;
    }
    location /listsub/ {
    proxy_pass https://127.0.0.1:2001;
    proxy_redirect off;

    proxy_set_header Host $host;
    proxy_set_header X-Real-IP $remote_addr;
    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;

    client_max_body_size 10m;
    client_body_buffer_size 128k;

    proxy_connect_timeout 90;
    proxy_send_timeout 90;
    proxy_read_timeout 90;

    proxy_buffer_size 4k;
    proxy_buffers 4 32k;
    proxy_busy_buffers_size 64k;
    proxy_temp_file_write_size 64k;
    }
    location /groupdav/ {
    proxy_pass https://127.0.0.1:2001/;
    proxy_redirect off;

    proxy_set_header Host $host;
    proxy_set_header X-Real-IP $remote_addr;
    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;

    client_max_body_size 10m;
    client_body_buffer_size 128k;

    proxy_connect_timeout 90;
    proxy_send_timeout 90;
    proxy_read_timeout 90;

    proxy_buffer_size 4k;
    proxy_buffers 4 32k;
    proxy_busy_buffers_size 64k;
    proxy_temp_file_write_size 64k;
    }
    location /freebusy/ {
    proxy_pass https://127.0.0.1:2001/;
    proxy_redirect off;

    proxy_set_header Host $host;
    proxy_set_header X-Real-IP $remote_addr;
    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;

    client_max_body_size 10m;
    client_body_buffer_size 128k;

    proxy_connect_timeout 90;
    proxy_send_timeout 90;
    proxy_read_timeout 90;

    proxy_buffer_size 4k;
    proxy_buffers 4 32k;
    proxy_busy_buffers_size 64k;
    proxy_temp_file_write_size 64k;
    }
    }[/code]

Sumber:
http://www.citadel.org/doku.php/faq:installation:apacheproxy
https://www.digitalocean.com/community/tutorials/how-to-secure-nginx-with-let-s-encrypt-on-ubuntu-16-04

Leave a Reply

Your email address will not be published. Required fields are marked *