Skip to content

About Open Project

OpenProject is the leading open source project management software. Established in 2012 OpenProject supports your projects throughout the whole life-cycle.

Official website : OpenProject

Installation

We'll import the packager.io repository with his signed key.

wget -qO- https://dl.packager.io/srv/opf/openproject-ce/key | sudo apt-key add -

We install the https support for apt package manager.

apt install apt-transport-https

We also add the OpenProject package at our sources list.

wget -O /etc/apt/sources.list.d/openproject-ce.list \
  https://dl.packager.io/srv/opf/openproject-ce/stable/8/installer/debian/9.repo

Finally we can install the OpenProject community edition package

apt-get update
apt-get install openproject

If you have your certificates you can finish the installation by typing and follow the instruction

openproject configure

1 Choose if you need à local mysql server (is better for recurity reason) mysql

2 Apache2 apache2

3 Indicate the domain or subdomain domain

4 IF you need to install openproject in a subfolder , indicate in this step or leave blank prefix

5 Indicate if you need to use TLS/SSL ssl

Warning

Before to finish our installation you must verified if you have already SSL certificates. If you don't have SSL certificate you can create it by follow this procedure let's encrypt.

In case where you wish use TLS/SSL layer, OpenProject will ask you to indicate the path of your certificates with three little steps .

Example :

  • Certificate /etc/letsencrypt/live/testing.probetech.be/cert.pem.
  • Private Key /etc/letsencrypt/live/testing.probetech.be/privkey.pem
  • Cetification autority bundle /etc/letsencrypt/live/testing.probetech.be/chain.pem

6 Choose you mail server for notification mail

7 Choose if you need memory cache , memcached ( Required for better cache performance) memcached

Get HTTPS layer

To get HTTPS we must do few manipulations.

The apache2 configuration is splited in two places.

The firt part is located under /etc/apache2/sites-enabled/openproject.conf

Include /etc/openproject/addons/apache2/includes/server/*.conf

<VirtualHost *:80>
  ServerName test56.probetech.ovh
  RewriteEngine On
  RewriteRule ^/?(.*) https://%{SERVER_NAME}:443/$1 [R,L]
</VirtualHost>

<VirtualHost *:443>
  ServerName test56.probetech.ovh
  DocumentRoot /opt/openproject/public

  ProxyRequests off

  Include /etc/openproject/addons/apache2/includes/vhost/*.conf

  # Can't use Location block since it would overshadow all the other proxypass directives on CentOS
  ProxyPass / http://127.0.0.1:6000/ retry=0
  ProxyPassReverse / http://127.0.0.1:6000/
</VirtualHost>

The new config file with our modifications

Include /etc/openproject/addons/apache2/includes/server/*.conf

<VirtualHost *:80>
  ServerName test56.probetech.ovh
  RewriteEngine On
  RewriteRule ^/?(.*) https://%{SERVER_NAME}:443/$1 [R,L]
</VirtualHost>

SSLStaplingCache shmcb:/tmp/stapling_cache(128000)
<VirtualHost *:443>
  ServerName test56.probetech.ovh
  DocumentRoot /opt/openproject/public
  Protocols h2 h2c http/1.1

  ProxyRequests off

  Include /etc/openproject/addons/apache2/includes/vhost/*.conf
  SSLProtocol             all -SSLv3 -TLSv1 -TLSv1.1
  SSLCipherSuite  EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH
  SSLHonorCipherOrder     on
  SSLCompression          off
  SSLSessionTickets       off
  SSLHonorCipherOrder     on
  SSLUseStapling          on
  SSLStaplingResponderTimeout 5
  SSLStaplingReturnResponderErrors off
  # Can't use Location block since it would overshadow all the other proxypass directives on CentOS
  ProxyPass / http://127.0.0.1:6000/ retry=0
  ProxyPassReverse / http://127.0.0.1:6000/
</VirtualHost>

And the second part is located under /etc/openproject/addons/apache2/includes/vhost/

assets.conf
compression.conf
expiration.conf
ssl_ca.conf
ssl.conf
sys.conf

These four files store the informations about TLS configurations and few specific tweaks to OpenProject

Activate the necessary modules

To improve the security, we activate the http2 support

a2enmod http2

And we restart apache2 service

systemctl restart apache2.service

For more informations read the official documentation

Login

Finally we can login in admin panel with the following acces and change password

Url : https://your.domain.com/
Username : admin
password : admin