I would use VirtualHost and SSL instead of relying on Directory like so:
# Apache config file for Dolibarr
<IfModule mod_ssl.c>
# This virtual host will be available only from internal netwrok
<VirtualHost dolibarr.mycompanie.com:443>
# Get your free certificate from https://letsencrypt.org/getting-started/
SSLCertificateFile /etc/letsencrypt/live/YOURCERT_HERE
SSLCertificateKeyFile /etc/letsencrypt/live/YOURCERT_HERE
# Directory for web pages
<Directory /usr/share/dolibarr/htdocs>
<RequireAll>
# Put your internal ip range below
Require ip 192.168.0.0/24
</RequireAll>
DirectoryIndex index.php
Options +FollowSymLinks +Indexes
ErrorDocument 401 /dolibarr/public/error-401.php
ErrorDocument 404 /dolibarr/public/error-404.php
<IfModule mod_php5.c>
php_flag magic_quotes_gpc Off
php_flag register_globals Off
</IfModule>
</Directory>
</VirtualHost>
# This host will be available from anywhere
<VirtualHost ticket.mycompanie.com:443>
SSLCertificateFile /etc/letsencrypt/live/YOURCERT_HERE
SSLCertificateKeyFile /etc/letsencrypt/live/YOURCERT_HERE
ServerName ticket.mycompanie.com
ServerAdmin webmaster@localhost
DocumentRoot /usr/share/dolibarr/htdocs/public/ticket
<Directory /usr/share/dolibarr/htdocs/public/ticket>
<IfVersion >= 2.3>
Require all granted
</IfVersion>
DirectoryIndex index.php
Options +FollowSymLinks +Indexes
ErrorDocument 401 /dolibarr/public/error-401.php
ErrorDocument 404 /dolibarr/public/error-404.php
<IfModule mod_php5.c>
php_flag magic_quotes_gpc Off
php_flag register_globals Off
</IfModule>
</Directory>
</VirtualHost>
</IfModule>
I have the ticket interface exposed to the wild. While the rest is only accessible from within my LAN.
But I had to:
install certbot for lets encrypt
fetch a lets encrypt certificate using DNS records challenge (because port 80/443 cannot be exposed for that purpose)
play around with a lot of apache settings like enabling SSL (a2enmod)
But how can I now use the https server in my local network as well? The server is locally reachable under another name (or IP directly). So the certificate I got from lets encrypt for my public domain name will lead to a warning screen, that the certificate doesn’t match the host name.
And Yes, you are right, my bad. If your dolibarr instance is internal only, you will not be able to use Lets encrypt cert.
So what to do in this case?
Well you have 3 choices:
If you have an internal server certificate, then use it to generate a Cert and use it on your dolibarr instance.
Create a self sign certificate, but this will generate a warring on every client that will access the site. (I wouldn’t recommend this, even it encrypt the traffic and secure the exchange between the server and clients it does scare the users a lot to see the warning message)
Just don’t use SSL and go for HTTP. Depending of the size of your company you should be fine with that.
PS: Just one last recommendation as your ticketing system is facing the internet, don’t forget to harden your apache config and to install fail2ban. This should put you on the safe side.