Hi, I have a simple question.

What (if there is any documentation please let me know the link) is the best practice to put openproject behind a Apache Proxy with SSL ?

Right now, we have:

Internet -> web01-apache-proxy (network 1) -> web02 (dmz network with openproject)

So openproject runs successfully on web02 but just internal, not accessible via internet.
To get that done I want to use our apache reverse proxy on web01.

What would be the vhost configuration on both sites and do I have to reconfigure openproject after that ?

My idea was:

web01:

<VirtualHost *:80>
ServerName openproject.domain.com

RewriteEngine on
RewriteCond %{HTTPS} !on
RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI}

</VirtualHost>

<IfModule mod_ssl.c>
<VirtualHost *:443>
ServerName openproject.domain.com

ProxyPreserveHost On
ProxyRequests off
ProxyPass "/"  "http://10.30.10.26/"
ProxyPassReverse "/"  "http://10.30.10.26/"

ErrorLog /var/log/apache2/error.log
LogLevel warn
CustomLog /var/log/apache2/access.log combined
ServerSignature Off
</VirtualHost>
</IfModule>

and on

web02 (10.30.10.26):

<VirtualHost *:80>
ServerName openproject.domain.com
DocumentRoot /opt/openproject/public

ProxyRequests off

Include /etc/openproject/addons/apache2/includes/vhost/*.conf

# Can't use Location block since it would overshadow all the other proxypass directives on CentOS
ProxyPass / http://127.0.0.1:6000/ retry=0
ProxyPassReverse / http://127.0.0.1:6000/

ErrorLog /var/log/apache2/error.log
LogLevel warn
CustomLog /var/log/apache2/access.log combined
</VirtualHost>

Would that work or shoul I go from the web01 directly to web02 with the IPADRESSOF_WEB02:6000 ?

Right now I'm not sure where I should start with the Reverse Proxy. And if I'll get certificate error.
Do you have any example configurations ?