Content
You are here:
Added by Marc Walter over 4 years ago
Dear openproject helpers,
I have succesfully installed openproject (latest version) on centos 8. So far it's no problem and everything is running fine.
Now I want to add in front of the openproject a NGINX reverse proxy which is running on a different server.
So this is the config at the reverse proxy nginx at the moment.
I have added and removed everything and tested several times the config and tried to access. But unfortunately because of the link generation in openproject the links are not always correct. Can someone share a actual running nginx reverse proxy config?
What do I need to set on the apache configuration in openproject? Can I there also activate SSL as well?
server {
# if ($blockedagent) {
# return 403;
# }
client_max_body_size 20m;
listen 443 ssl http2;
server_name openproject.XXXXXX.ch;
access_log /var/log/nginx/access_wan.log;
ssl_certificate /etc/nginx/ssl/fullchain.cer;
ssl_certificate_key /etc/nginx/ssl/XXXXX.ch.key;
ssl_session_timeout 1d;
ssl_session_cache shared:SSL:50m;
ssl_session_tickets off;
ssl_dhparam /etc/ssl/certs/dhparam.pem;
ssl_protocols TLSv1.2 TLSv1.3;
ssl_ciphers 'TLS13-CHACHA20-POLY1305-SHA256:TLS13-AES-256-GCM-SHA384:TLS13-AES-128-GCM-SHA256:EECDH+CHACHA20:EECDH+AESGCM:EECDH+AES';
ssl_ecdh_curve secp384r1;
ssl_prefer_server_ciphers on;
add_header Strict-Transport-Security max-age=15768000;
ssl_stapling on;
ssl_stapling_verify on;
resolver 192.168.10.1;
# server_tokens versteckt die NGINX Version bei Abfragen
server_tokens off;
access_log on;
error_log on;
location / {
proxy_pass https://192.168.XX.XX;
# proxy_redirect https://192.168.XX.XX;
proxy_ssl_protocols TLSv1.2 TLSv1.3;
proxy_pass_request_headers on;
proxy_set_header X-Forwarded-Server $host:$server_port;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
# proxy_set_header X-Forwarded-Proto https;
}
}
Replies (3)
+1
I'm also interested in this. Have you found a solution. If yes plz share.
Hi
Yes i have it running behind a reverse proxy.
This is a fully 100% working configuration vor NGINX. You have to replace: YOURDOMAIN and XX for the IP'addresses.
server { listen 80; server_name openproject.YOURDOMAIN.com; access_log off; error_log off; return 301 https://$server_name$request_uri; } server { # if ($blockedagent) { # return 403; # } client_max_body_size 20m; listen 443 ssl http2; server_name openproject.YOURDOMAIN.com; access_log /var/log/nginx/access_wan.log; ssl_certificate /etc/nginx/ssl/fullchain.cer; ssl_certificate_key /etc/nginx/ssl/YOURDOMAIN.key; ssl_session_timeout 1d; ssl_session_cache shared:SSL:50m; ssl_session_tickets off; ssl_dhparam /etc/ssl/certs/dhparam.pem; ssl_protocols TLSv1.2 TLSv1.3; ssl_ciphers 'TLS13-CHACHA20-POLY1305-SHA256:TLS13-AES-256-GCM-SHA384:TLS13-AES-128-GCM-SHA256:EECDH+CHACHA20:EECDH+AESGCM:EECDH+AES'; ssl_ecdh_curve secp384r1; ssl_prefer_server_ciphers on; add_header Strict-Transport-Security max-age=15768000; ssl_stapling on; ssl_stapling_verify on; resolver 192.168.XXX.XXX; # server_tokens versteckt die NGINX Version bei Abfragen server_tokens off; access_log on; error_log on; location / { proxy_pass http://192.168.XX.XX:8181; proxy_pass_request_headers on; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Host $server_name; proxy_set_header X-Forwarded-Proto https; } }Hi Marck,
Did you make any changes in OP doscker-compose.override.yml file, please?
My nginx docker-compose.yml is:
version: "3.7"
services:
nginx:
image: nginx:latest
container_name: nginx_container
ports:
- 80:80
volumes:
- "/etc/nginx/nginx.conf:/etc/nginx/nginx.conf"
network_mode: bridge
and its nginx.conf file is:
server {
listen 80;
server_name openproject.intra.fph.hu;
return 301 https://$host$request_uri;
}
server {
listen 443 ssl;
server_name openproject.intra.fph.hu;
ssl_certificate /etc/ssl/crt/openproject.crt;
ssl_certificate_key /etc/ssl/crt/openproject.key;
proxy_redirect off;
location / {
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto https;
proxy_pass http://127.0.0.1:8080;
}
}
Can you check it, please?