Skip to content

Fixes #696 - Overhaul webserver configuration documentation#870

Merged
ralf401 merged 6 commits into
pre-releasefrom
rsc/fixes/696
Jul 17, 2026
Merged

Fixes #696 - Overhaul webserver configuration documentation#870
ralf401 merged 6 commits into
pre-releasefrom
rsc/fixes/696

Conversation

@ralf401

@ralf401 ralf401 commented Jul 16, 2026

Copy link
Copy Markdown
Contributor

No description provided.

ralf401 added 4 commits July 16, 2026 11:17
Restructure getting-started/configure-webserver.rst around one linear
flow per webserver (Nginx, Apache 2) instead of five parallel tabs at
the certificate step.

What changed:
- Certbot consolidated as the recommended happy path, pointing to the
  upstream instructions per supported distro (Ubuntu, Debian,
  openSUSE / SLES, CentOS / RHEL).
- acme.sh retained as an alternative under Let's Encrypt, trimmed.
- Self-signed certificate section removed.
- 'I don't need that' tab removed.
- Mozilla SSL config generator mention dropped (downstream tooling,
  widely known).
- Apache 'enable the site' step demoted to a normal step with per
  distro sub-tabs. The previous '(Optional)' label was misleading on
  Debian / Ubuntu / openSUSE.
- dhparam hint folded into the Nginx and Apache steps inline (no
  longer a separate include file).
- Mozilla SSL config generator include dropped.
- CSRF proxy hints moved to a Troubleshooting section at the bottom of
  the page, split into a Nginx variant and an Apache 2 variant behind
  tabs.

Files:
- getting-started/configure-webserver.rst: rewritten (427 -> 320 lines).
- getting-started/include-csrf-hints.rst: removed.
- getting-started/include-dhparam-webserver.rst: removed.
- getting-started/include-ssl-config-generator-webserver.rst: removed.

The Nginx acme dynamic module was investigated as a candidate for
replacing Certbot. It is not available in any Zammad-supported distro's
package repositories (Ubuntu, Debian, openSUSE / SLES, RHEL / CentOS),
so a section promoting it would not be honest on these distros. The
module could be covered in a future 'Advanced' note once a distro ships
it; for now Certbot remains the recommended path.

Refs zammad/zammad#696
Includes two user tweaks plus two follow-ups that close gaps the
tweaks created.

User-applied tweaks (preserved):
- Docker Compose / Kubernetes note: added a colon after the bold
  label, split it onto its own line so the bold-headed one-liner
  reads more cleanly, and reflowed the link text to stay under
  the 80-char line limit.
- Moved the 'If you just installed Zammad' sentence and the
  getting-started-wizard image out from under Troubleshooting and
  up under Adjust the Webserver Configuration, where the wizard
  actually appears.

Follow-ups (closes gaps from the user tweaks):
- Inserted a purpose-first intro paragraph before the existing
  intros: 'Configure your webserver to reverse-proxy the Zammad
  application server. The page covers obtaining an SSL
  certificate, adjusting the sample configuration for Nginx or
  Apache 2 and reloading the webserver to apply the changes.'
  The original intro only mentioned where to find the sample
  files; it did not tell the reader what this page walks them
  through.
- Updated the in-page references from the Nginx and Apache tabs
  (`Troubleshooting`_) to a named :ref: target
  (``Troubleshooting section <configure_webserver_troubleshooting>``).
  The previous inline link relied on a `.. _Troubleshooting:`
  label that the user-applied tweak deleted; without these
  reference fixes the two references would render as broken
  internal cross-references.
Two user-applied tweaks (in the page-intro paragraphs):

1. The purpose-first sentence now reads 'Nginx and Apache 2' instead
   of 'Nginx or Apache 2' — 'and' is the correct conjunction since
   the page covers both webservers together.

2. The 'sample configuration files' sentence was rewritten for
   readability: 'current' dropped (redundant with 'you can find'),
   'contrib/' wrapped as 'the contrib/ directory of your Zammad
   installation' (adds 'directory' for natural prose), and the
   package-installation clause tightened to a single sentence instead
   of two short ones.

Two follow-up tweaks in the same commit (grammar / readability):

3. 'During a package installation of Zammad, it automatically tries
   to install a configuration file to your Nginx.' moved
   'automatically' to before 'install' (replaces 'automatically
   tries', which is a near-contradiction in terms — if the action
   is automatic, the agent isn't really trying).

4. The Certbot 'Once installed, request a certificate' phrase
   changed 'with either nginx or apache' to 'with
   nginx or apache'. The parallel construction 'replace A
   with either X or Y and B with Z' over-paired the conjunction;
   the bare 'replace A with X or Y and B with Z' parses
   unambiguously when the reader reads across to the second
   'with'.
acme.sh no longer uses Let's Encrypt by default (the project's
default CA switched to ZeroSSL in v3.0.7); without an explicit
`--set-default-ca --server letsencrypt` call, the certificate
issued by `acme.sh --issue` will be a ZeroSSL cert. Browsers
trust ZeroSSL but a reader copy-pasting the command from this
page and pointing Zammad at a non-Let's-Encrypt cert will see
unrelated behaviour depending on which trust stores their clients
have. The trimmed 2b acme.sh tab (commit 761bad4) had dropped this
warning; restoring it now.

Note placed at the top of the acme.sh tab so the reader sees the
CA-setup step before they reach `--issue` or `--install-cert`.
@ralf401 ralf401 self-assigned this Jul 16, 2026
@ralf401 ralf401 linked an issue Jul 16, 2026 that may be closed by this pull request
@github-actions

github-actions Bot commented Jul 16, 2026

Copy link
Copy Markdown

Artifacts

Produced during runtime

📦 html-ad7fcb2

Comment thread getting-started/configure-webserver.rst Outdated
Comment thread getting-started/configure-webserver.rst Outdated
This is a single consolidated commit that captures all the
review-driven changes to the page, including:

- Replace the 4-parallel-tab certificate step with one
  'happy-path' flow (Certbot happy path + acme.sh trimmed
  alternative, plus commercial-CA short-cut and the dropped
  self-signed).
- Fold the wizard sentence + image into a single
  transition between the happy-path and Troubleshooting.
- Restore the acme.sh 'default CA is ZeroSSL' warning as
  a folded-into-intro note with a real code block, so the
  reader sees the --set-default-ca step before --issue.
- Move CSRF troubleshooting hints from the page-intro note
  into a Troubleshooting sub-section using 3-space-indented
  definition blocks.
- Cap :doc: link text to the noun 'environment variables page'
  (no doubled 'environment variables' phrase), with the
  NGINX_*/ZAMMAD_RAILSSERVER_* names mentioned as inline
  code in the prose.
- Replace the redundant host- or server name note in the
  page-intro with per-webserver inline instructions that
  point at the actual sample-config placeholder
  (example.com for Nginx; localhost for the second
  ServerName in Apache).
- Update the in-page Nginx/Apache tab references to use
  named :ref: targets (Troubleshooting section) instead of
  an inline label.
- Adjust h3 underline convention (use ^, matching the
  repo-wide convention used 84 times vs ~ for h4 which
  appears 5 times).
- Clarify the page-intro: name both sample config files
  per webserver (zammad.conf plain HTTP, zammad_ssl.conf
  HTTPS), state that the package install automatically
  copies the non-SSL one, and instruct the user to swap
  manually for production.
- Nginx 'Adjust server name' block: locate both
  server_name directives (port-80 and port-443 blocks) and
  adjust example.com in each.
- Apache 'Adjust server name' block: enumerate the two
  ServerName directives, with the first defaulting to
  example.com and the second to localhost.
- Heading and link-text style: 80-char line limit, ASCII
  hyphens, no Oxford comma, capitalised :ref: link text,
  title-case Troubleshooting sub-section headings.

Refs zammad/zammad#696
@ralf401
ralf401 merged commit 9ca813c into pre-release Jul 17, 2026
1 check passed
@ralf401
ralf401 deleted the rsc/fixes/696 branch July 17, 2026 09:59
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Projects

None yet

Development

Successfully merging this pull request may close these issues.

Overhaul webserver configuration guide

2 participants