How-To: SSL/VHOST, agent and customer web-frontend separated

Dont create your support topics here! No new topics with questions allowed!

Moderator: crythias

Forum rules
Dont create your support topics here! No new topics with questions allowed!
Post Reply
hensels
Znuny newbie
Posts: 5
Joined: 25 Apr 2008, 10:07

How-To: SSL/VHOST, agent and customer web-frontend separated

Post by hensels »

EDIT 16-05-2011: Updated for OTRS 3.x

Hello all,

since it took me quite a while to figure out how to run OTRS with two different ssl certified apache vhosts i thought its a good time to share my working configuration file.

Code: Select all


# --
# added for OTRS (http://otrs.org/)
# $Id: zzz_otrs_two_hosts.conf,v 1.0 2011/05/16 00:00:00 Stephan Hensel stephan@stephan.ws $
# --

# load all otrs modules
Perlrequire /opt/otrs/scripts/apache2-perl-startup.pl

# Apache::Reload - Reload Perl Modules when Changed on Disk
PerlModule Apache2::Reload
PerlInitHandler Apache2::Reload
PerlModule Apache2::RequestRec

NameVirtualHost 10.100.1.100:80
NameVirtualHost 10.100.1.100:443
NameVirtualHost 10.100.1.200:80
NameVirtualHost 10.100.1.200:443

Listen 10.100.1.100:80
Listen 10.100.1.100:443
Listen 10.100.1.200:80
Listen 10.100.1.200:443

#
# customer frontend
#

<VirtualHost 10.100.1.100:80>
  ServerName      customer.example.com
  Alias /otrs-web/ "/opt/otrs/var/httpd/htdocs/"
  ScriptAlias /otrs/ "/opt/otrs/bin/cgi-bin/"
  ServerAdmin admin@example.com
  DocumentRoot /opt/otrs/var/httpd/htdocs/
  ServerSignature On

    <Location /otrs/>
        SetHandler perl-script
        PerlResponseHandler ModPerl::Registry
        PerlOptions +ParseHeaders
        PerlSetupEnv On
        Options +ExecCGI
    </Location>

    <Directory />
        Options FollowSymLinks
        AllowOverride None
    </Directory>

    <Directory /opt/otrs/var/httpd/htdocs/>
        Options Indexes FollowSymLinks MultiViews
        AllowOverride None
        Order allow,deny
        allow from all
        RedirectMatch ^/$ http://customer.example.com/otrs/customer.pl
    </Directory>

    # Allowed values: debug, info, notice, warn, error, crit, alert, emerg

    LogLevel warn
    ErrorLog /var/log/httpd/otrs-err_customer.example.com.log
    CustomLog /var/log/httpd/otrs-acc_customer.example.com.log combined

#
# Only allow customer.pl for customers
#


<Files faq.pl>
        Order deny,allow
        Deny from all
</Files>

<Files index.pl>
        Order deny,allow
        Deny from all
</Files>

<Files installer.pl>
        Order deny,allow
        Deny from all
</Files>

<Files public.pl>
        Order deny,allow
        Deny from all
</Files>

<Files rpc.pl>
        Order deny,allow
        Deny from all
</Files>

</VirtualHost>


<VirtualHost 10.100.1.100:443>

  ServerName      customer.example.com:443
  Alias /otrs-web/ "/opt/otrs/var/httpd/htdocs/"
  ScriptAlias /otrs/ "/opt/otrs/bin/cgi-bin/"
  ServerAdmin admin@example.com
  DocumentRoot /opt/otrs/var/httpd/htdocs/
  ServerSignature On

    <Location /otrs/>
        SetHandler perl-script
        PerlResponseHandler ModPerl::Registry
        PerlOptions +ParseHeaders
        PerlSetupEnv On
        Options +ExecCGI
    </Location>

    <Directory />
        Options FollowSymLinks
        AllowOverride None
    </Directory>

    <Directory /opt/otrs/var/httpd/htdocs/>
        Options Indexes FollowSymLinks MultiViews
        AllowOverride None
        Order allow,deny
        allow from all
        RedirectMatch ^/$ https://customer.example.com/otrs/customer.pl
    </Directory>

    # Allowed values: debug, info, notice, warn, error, crit, alert, emerg

    LogLevel warn
    ErrorLog /var/log/httpd/otrs-err_customer_SSL.example.com.log
    CustomLog /var/log/httpd/otrs-acc_customer_SSL.example.com.log combined
    SSLEngine on
    SSLCipherSuite ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL
    SSLCertificateFile /etc/httpd/ssl/customer.example.com/customer.example.com.crt
    SSLCertificateKeyFile /etc/httpd/ssl/customer.example.com/customer.example.com.key
    SSLCertificateChainFile /etc/httpd/ssl/customer.example.com/customer.example.com.crt

#
# Only allow customer.pl for customers
#

<Files faq.pl>
        Order deny,allow
        Deny from all
</Files>

<Files index.pl>
        Order deny,allow
        Deny from all
</Files>

<Files installer.pl>
        Order deny,allow
        Deny from all
</Files>

<Files public.pl>
        Order deny,allow
        Deny from all
</Files>

<Files rpc.pl>
        Order deny,allow
        Deny from all
</Files>

</VirtualHost>

#
# agent frontend
#

<VirtualHost 10.100.1.200:80>

    ServerName      agent.example.com
    Alias /otrs-web/ "/opt/otrs/var/httpd/htdocs/"
    ScriptAlias /otrs/ "/opt/otrs/bin/cgi-bin/"
    ServerAdmin admin@example.com
    DocumentRoot /opt/otrs/var/httpd/htdocs/
    ServerSignature On

    <Location /otrs/>
        SetHandler perl-script
        PerlResponseHandler ModPerl::Registry
        PerlOptions +ParseHeaders
        PerlSetupEnv On
        Options +ExecCGI
    </Location>

    <Directory />
        Options FollowSymLinks
        AllowOverride None
    </Directory>

    <Directory /opt/otrs/var/httpd/htdocs/>
        Options Indexes FollowSymLinks MultiViews
        AllowOverride None
        Order allow,deny
        allow from all
        RedirectMatch ^/$ http://agent.example.com/otrs/index.pl
    </Directory>

    # Allowed values: debug, info, notice, warn, error, crit, alert, emerg

    LogLevel warn
    ErrorLog /var/log/httpd/otrs-err_agent.example.com.log
    CustomLog /var/log/httpd/otrs-acc_agent.example.com.log combined

#
# Use this, if you only want the agent interface be available from one certain IP
#


#<Files *>
#  Order deny,allow
#  Deny from all
#  Allow from [FIREWALL_IP]
#</Files>

</VirtualHost>

<VirtualHost 10.100.1.200:443>

    ServerName      agent.example.com:443
    Alias /otrs-web/ "/opt/otrs/var/httpd/htdocs/"
    ScriptAlias /otrs/ "/opt/otrs/bin/cgi-bin/"
    ServerAdmin admin@example.com
    DocumentRoot /opt/otrs/var/httpd/htdocs/
    ServerSignature On

    <Location /otrs/>
        SetHandler perl-script
        PerlResponseHandler ModPerl::Registry
        PerlOptions +ParseHeaders
        PerlSetupEnv On
        Options +ExecCGI
    </Location>

    <Directory />
        Options FollowSymLinks
        AllowOverride None
    </Directory>

    <Directory /opt/otrs/var/httpd/htdocs/>
        Options Indexes FollowSymLinks MultiViews
        AllowOverride None
        Order allow,deny
        allow from all
        RedirectMatch ^/$ https://agent.example.com/otrs/index.pl
    </Directory>

    # Allowed values: debug, info, notice, warn, error, crit, alert, emerg

    LogLevel warn
    ErrorLog /var/log/httpd/otrs-err_agent_SSL.example.com.log
    CustomLog /var/log/httpd/otrs-acc_agent_SSL.example.com.log combined

    SSLEngine on
    SSLCipherSuite ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL
    SSLCertificateFile /etc/httpd/ssl/agent.example.com/agent.example.com.crt
    SSLCertificateKeyFile /etc/httpd/ssl/agent.example.com/agent.example.com.key
    SSLCertificateChainFile /etc/httpd/ssl/agent.example.com/agent.example.com.crt

#
# Use this, if you only want the agent interface be available from one certain IP
#

#<Files *>
#  Order deny,allow
#  Deny from all
#  Allow from [FIREWALL_IP]
#</Files>

</VirtualHost>

# EOF

Cheers!
Stephan
Last edited by hensels on 16 May 2011, 15:11, edited 2 times in total.
Madininian
Znuny newbie
Posts: 1
Joined: 20 Apr 2010, 13:37
Znuny Version: 2.4

How-To: SSL/VHOST, agent and customer web-frontend separated

Post by Madininian »

Hi,
Its for the otrs.conf file in the apache con.d folder ?
hensels
Znuny newbie
Posts: 5
Joined: 25 Apr 2008, 10:07

Re: How-To: SSL/VHOST, agent and customer web-frontend separ

Post by hensels »

exactly.
akhanna3
Znuny newbie
Posts: 1
Joined: 28 Jul 2010, 20:36
Znuny Version: 2.4.7

Re: How-To: SSL/VHOST, agent and customer web-frontend separ

Post by akhanna3 »

Hi

I am having this problem while creating the database through the web interface.

Software error:

Can't locate object method "new" via package "Kernel::Config" at /opt/otrs/bin/cgi-bin/installer.pl line 51.

For help, please send mail to the webmaster (webmaster@localhost), giving this error message and the time and date of the error.

Can you help me with this.
hensels
Znuny newbie
Posts: 5
Joined: 25 Apr 2008, 10:07

Re: How-To: SSL/VHOST, agent and customer web-frontend separ

Post by hensels »

akhanna3 wrote:Hi

I am having this problem while creating the database through the web interface.

Software error:

Can't locate object method "new" via package "Kernel::Config" at /opt/otrs/bin/cgi-bin/installer.pl line 51.

For help, please send mail to the webmaster (webmaster@localhost), giving this error message and the time and date of the error.

Can you help me with this.

install first via webinterface
do the vhosts after you've completed configuration and installation of otrs
Post Reply