Setting up an OpenProject Server

Introduction

This tutorial explains how to set up an OpenProject instance.

Environment

Hardware amd64 VPS
OS Debian 10 Buster

Dependencies

  1. Docker
  2. docker-compose
  3. Internet Domain

Step by Step Instructions

1. Add DNS entry to your domain.

A domain of your choice needs to point to the address of your server.

2. Change to root user

sudo -s

3. Installation of additional Dependencies

apt update
apt install -y certbot nginx

4. Create user user and add persistence

useradd --system --create-home --shell /bin/bash --password <your-password-here> openproject
mkdir /home/openproject/pgdata
mkdir /home/openproject/assets
chown -R openproject:openproject /home/openproject

5. Configure NGINX server

Create and open vhost file:

cd /home/openproject
nano /etc/nginx/sites-available/openproject.domain.tld.vhost

Paste the following configuration into the file:

server {
  listen 80;
  server_name openproject.domain.tld;

  location / {
    proxy_pass http://127.0.0.1:4567;
    proxy_redirect default;
    proxy_set_header Host      $host;
    proxy_set_header X-Real-IP $remote_addr;
    proxy_set_header X-Forwarded-Host $host;
    proxy_set_header X-Forwarded-Server $host;
    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
  }

  location ~ /.well-known/acme-challenge/ {
    allow all;
  }
}

Activate vhost file:

ln -s /etc/nginx/sites-available/openproject.domain.tld.vhost /etc/nginx/sites-enabled/openproject.domain.tld.vhost

Restart NGINX:

systemctl restart nginx

6. Create Let's Encrypt certificate for openproject.domain.tld

https://certbot.eff.org/lets-encrypt/debianbuster-nginx

Restart NGINX:

systemctl restart nginx

7. Run server

Create and open docker-compose.yaml:

cd /home/openproject
touch docker-compose.yaml
chmod 600 docker-compose.yaml
nano docker-compose.yaml

Paste the following configuration into the file:

version: "3.7"

networks:
  frontend:
  backend:

volumes:
  pgdata:
  opdata:

x-op-restart-policy: &restart_policy
  restart: unless-stopped
x-op-image: &image
  image: openproject/community:${TAG:-11}
x-op-app: &app
  <<: *image
  <<: *restart_policy
  environment:
    RAILS_CACHE_STORE: "memcache"
    OPENPROJECT_CACHE__MEMCACHE__SERVER: "cache:11211"
    OPENPROJECT_RAILS__RELATIVE__URL__ROOT: "${OPENPROJECT_RAILS__RELATIVE__URL__ROOT:-}"
    DATABASE_URL: "postgres://postgres:p4ssw0rd@db/openproject" # Change this to the value of POSTGRES_PASSWORD below!
    USE_PUMA: "true"
    # set to true to enable the email receiving feature. See ./docker/cron for more options
    IMAP_ENABLED: "${IMAP_ENABLED:-true}"
  volumes:
    - "opdata:/home/openproject/assets"

services:
  db:
    image: postgres:10
    <<: *restart_policy
    stop_grace_period: "3s"
    volumes:
      - "pgdata:/home/openproject/pgdata"
    environment:
      POSTGRES_PASSWORD: p4ssw0rd # Change this!
      POSTGRES_DB: openproject
    networks:
      - backend

  cache:
    image: memcached
    <<: *restart_policy
    networks:
      - backend

  proxy:
    <<: *image
    <<: *restart_policy
    command: "./docker/prod/proxy"
    ports:
      - "${PORT:-8080}:80"
    environment:
      APP_HOST: web
      OPENPROJECT_RAILS__RELATIVE__URL__ROOT: "${OPENPROJECT_RAILS__RELATIVE__URL__ROOT:-}"
    depends_on:
      - web
    networks:
      - frontend

  web:
    <<: *app
    command: "./docker/prod/web"
    networks:
      - frontend
      - backend
    depends_on:
      - db
      - cache
      - seeder

  worker:
    <<: *app
    command: "./docker/prod/worker"
    networks:
      - backend
    depends_on:
      - db
      - cache
      - seeder

  cron:
    <<: *app
    command: "./docker/prod/cron"
    networks:
      - backend
    depends_on:
      - db
      - cache
      - seeder

  seeder:
    <<: *app
    command: "./docker/prod/seeder"
    restart: on-failure
    networks:
      - backend

Run server:

docker-compose up -d

8. Set up server

Visit your website: https://openproject.domain.tld and log in.

The default username and password is login: admin, and password: admin

 

 

Sources