In this post, I will share steps to set up OpenProject with SSL and Enterprice token enabled that I have applied for my company.
The high level process:
1. Install docker
1.1 Install using the apt repository
https://docs.docker.com/engine/install/ubuntu/#install-using-the-repository
Run the following commands
sudo apt-get update
sudo apt-get install ca-certificates curl
sudo install -m 0755 -d /etc/apt/keyrings
sudo curl -fsSL https://download.docker.com/linux/ubuntu/gpg -o /etc/apt/keyrings/docker.asc
sudo chmod a+r /etc/apt/keyrings/docker.asc
echo "deb [arch=$(dpkg --print-architecture) signed-by=/etc/apt/keyrings/docker.asc] https://download.docker.com/linux/ubuntu $(. /etc/os-release && echo "${UBUNTU_CODENAME:-$VERSION_CODENAME}") stable" | sudo tee /etc/apt/sources.list.d/docker.list > /dev/null
sudo apt-get update
sudo apt-get install docker-ce docker-ce-cli containerd.io docker-buildx-plugin docker-compose-plugin
1.2 Post-Install
https://docs.docker.com/engine/install/linux-postinstall/
Run the following commands
sudo groupadd docker
sudo usermod -aG docker $USER
newgrp docker
2. Install openproject
https://www.openproject.org/docs/installation-and-operations/installation/docker-compose/
At the home location of linux user (such as "azureuser"), run the following commands:
git clone https://github.com/opf/openproject-deploy --depth=1 --branch=stable/15 openproject15
cd openproject15
cp .env.example .env
sudo mkdir -p /var/openproject/assets
sudo chown 1000:1000 -R /var/openproject/assets
3. Unlock enterprice token and enable SSL
3.1 Unlock enterprice token
Upload the "enterprise_token.rb" file to "/home/azureuser/openproject15/"
Update the "docker-compose.yml" file
x-op-app: &app
<<: [*image, *restart_policy]
environment:
...
volumes:
- ...
- "./enterprise_token.rb:/app/app/models/enterprise_token.rb"
3.2 Enable SSL (automatic TLS)
Enable SSL by using automatic TLS of Caddy and Let’s Encrypt.
Update .env
OPENPROJECT_HTTPS=true
OPENPROJECT_HOST__NAME=your-domain
PORT=80
Update file "proxy/Caddyfile.template" inside "/home/azureuser/openproject15/"
{
email <your-email>
}
your-domain {
reverse_proxy ${APP_HOST}:8080 {
header_up X-Forwarded-Proto {scheme}
header_up X-Forwarded-Host {host}
header_up X-Real-IP {remote}
}
tls {
protocols tls1.2 tls1.3
}
file_server
log
}
Update "docker-compose.yml": Update "proxy" and "web" services
proxy:
...
hostname: ${OPENPROJECT_HOST__NAME}
environment:
APP_HOST: web
SERVER_NAME: ${OPENPROJECT_HOST__NAME}
OPENPROJECT_RAILS__RELATIVE__URL__ROOT: "${OPENPROJECT_RAILS__RELATIVE__URL__ROOT:-}"
ACME_AGREE: "true"
ports:
- "${PORT:-80}:80"
- "443:443"
...
web:
...
ports:
- "8080:8080"
...
4. Map domain "your-domain" to server
5. Start all services
docker compose up -d --build
docker compose logs -f
With SSL enabled with Caddy and Let's Encrypt, your certificates will be automatically renewed.
With Enterprice token enabled, you fully use all features.
Hope this post be useful!
Top comments (0)