Content
Added by Mauricio Lazo over 4 years ago
Hello everyone!
Just wanted to share a configuration that helped out with the following scenario:
- An internal Open Project installation is needed to be available through a public reverse proxy with HTTPS.
Servers setup:
- Internet (HTTPS) ---> NGINX reverse proxy ---> Open Project Server without local proxy (HTTPS enabled)
NGINX reverse proxy configuration:
server {
server_name public.example.com;
location / {
proxy_pass_request_headers on;
proxy_set_header X-Forwarded-Proto https;
proxy_pass http://10.10.10.10:6000;
proxy_connect_timeout 1000; #Whatever time you need
proxy_read_timeout 1000; #Whatever time you need
proxy_send_timeout 1000; #Whatever time you need
}
}
Considerations:
SSL certificate should be installed here
Open Project Server Installation:
- Skip Apache installation
- After finishing configuration of Open Project run the command:
sudo openproject config:set HOST=0.0.0.0
- Allow communication only between your public reverse proxy and your Open Project server, because the previous command exposes the bare server (http://OPserver:6000) in an insecure protocol to the network. So a firewall is recommended. For instance, on an Ubuntu server you could use the following firewall command:
sudo ufw allow from 100.100.100.100(public reverse proxy) to 192.168.1.2(Open Project server) port 6000
Conclusion:
This scenario allowed me to host an Open Project server at home, and my home router just forwards port 80 and 443 to my reverse proxy, and the reverse proxy handles all public request to other services and specially Open Project that is hosted at my home server. All my SSL certificates are Let's Encrypt certificated and are created and installed at the public reverse proxy. All communication at my internal network is handled privately between the servers and firewall.