openproject Setup
In this tutorial we're going to setup an OpenProject instance, and yes i won't comment the beginning due to how easy the developers made it to install:
In this tutorial we're going to setup an OpenProject instance, and yes i won't comment the beginning due to how easy the developers made it to install:
apt install gnupg gnupg2
wget -qO- https://dl.packager.io/srv/opf/openproject/key | sudo apt-key add -
wget -O /etc/apt/sources.list.d/openproject.list \
https://dl.packager.io/srv/opf/openproject/stable/11/installer/debian/10.repo
apt update
apt install openproject -y
root@openproject:~# sudo openproject configure
However there's a problem since we don't have the TLS certificates yet:
[...]
To activate the new configuration, you need to run:
systemctl reload apache2
[Tue Aug 17 18:00:57.541956 2021] [so:warn] [pid 29146] AH01574: module dav_module is already loaded, skipping
AH00526: Syntax error on line 2 of /etc/openproject/addons/apache2/includes/vhost/ssl.conf:
SSLCertificateFile: file '/etc/ssl/certs/example.com.crt' does not exist or is empty
Action 'configtest' failed.
The Apache error log may have more information.
ERROR: apache config check failed. See above.
So let's get them using acme.sh:
apt install socat -y
wget -O - https://get.acme.sh | sh
source ~/.bashrc
systemctl stop apache2
acme.sh --issue --standalone -d openproject.void.yt -k 4096
So that's if you want the ssl certificate to be on the same machine, but since for my setup i have it on a local VM behind another VM which acts as a reverse proxy, i will setup the TLS certificates there, and leave the current VM with just http.
[on my reverse proxy VM]
root@home:/var/www/void.yt/config# cp openproject.void.yt.conf /etc/nginx/sites-available/
root@home:/var/www/void.yt/config# cd /etc/nginx/
root@home:/etc/nginx# ln -s /etc/nginx/sites-available/openproject.void.yt.conf /etc/nginx/sites-enabled/
root@home:/etc/nginx# nginx -t
nginx: the configuration file /etc/nginx/nginx.conf syntax is ok
nginx: configuration file /etc/nginx/nginx.conf test is successful
root@home:/etc/nginx# cat /etc/nginx/sites-available/openproject.void.yt.conf
upstream openprojectbackend {
server 10.0.0.102:80;
}
server {
listen 80;
listen [::]:80;
server_name openproject.void.yt;
return 301 https://$server_name$request_uri;
}
server {
listen 443 ssl http2;
listen [::]:443 ssl http2;
server_name openproject.void.yt;
ssl_certificate /root/.acme.sh/openproject.void.yt/fullchain.cer;
ssl_trusted_certificate /root/.acme.sh/openproject.void.yt/openproject.void.yt.cer;
ssl_certificate_key /root/.acme.sh/openproject.void.yt/openproject.void.yt.key;
ssl_protocols TLSv1.3 TLSv1.2;
ssl_ciphers 'TLS13-CHACHA20-POLY1305-SHA256:TLS13-AES-256-GCM-SHA384:TLS13-AES-128-GCM-SHA256:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256';
ssl_prefer_server_ciphers on;
ssl_session_cache shared:SSL:10m;
ssl_session_timeout 10m;
ssl_session_tickets off;
ssl_ecdh_curve auto;
ssl_stapling on;
ssl_stapling_verify on;
resolver 80.67.188.188 80.67.169.40 valid=300s;
resolver_timeout 10s;
add_header X-XSS-Protection "1; mode=block"; #Cross-site scripting
add_header X-Frame-Options "SAMEORIGIN" always; #clickjacking
add_header X-Content-Type-Options nosniff; #MIME-type sniffing
add_header Strict-Transport-Security "max-age=31536000; includeSubDomains; preload";
location / {
proxy_pass http://openprojectbackend;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "Upgrade";
}
}
Some Address 67120,
Duttlenheim, France.
This cute theme was created to showcase your work in a simple way. Use it wisely.