Top Menu

Jump to content
Home
    Modules
      • Projects
      • Activity
      • Work packages
      • Gantt charts
      • Calendars
      • Team planners
      • Boards
      • News
    • Getting started
    • Introduction video
      Welcome to OpenProject Community
      Get a quick overview of project management and team collaboration with OpenProject. You can restart this video from the help menu.
    • Help and support
    • User guides
    • Videos
    • Shortcuts
    • Community forum
    • Enterprise support
    • Additional resources
    • Data privacy and security policy
    • Digital accessibility (DE)
    • OpenProject website
    • Security alerts / Newsletter
    • OpenProject blog
    • Release notes
    • Report a bug
    • Development roadmap
    • Add and edit translations
    • API documentation
  • Sign in
      Forgot your password?

      or sign in with your existing account

      Google

Side Menu

  • Overview
  • Activity
    Activity
  • Roadmap
  • Work packages
    Work packages
  • Gantt charts
    Gantt charts
  • Calendars
    Calendars
  • Team planners
    Team planners
  • Boards
    Boards
  • News
  • Forums
  • Feature tour
    Feature tour

Content

You are here:
  1. Forums
  2. General discussion

OP behind a reverse proxy

Added by Martin Kurz over 7 years ago

I’m having problems getting OP working properly behind a reverse proxy (apache 2.4). In general the pages are showing but Timelines and Avatars won’t work (http:// not being rewritten to https://).

Setup is as follows:

client ——> https ——> reverse proxy ——> http ——> OP

Problem seems to me somehow apache-related.
Tried several things with rewriting and proxy_html. So far no success.

Anybody having solved this skind of problem already? Help greatly appreciated.


Replies (4)

RE: OP behind a reverse proxy - Added by Oliver Günther over 7 years ago

Hi Martin,

do you set the X-FORWARDED-PROTO header in your apache configuration? Our packaged installation does that automatically when choosing to terminate SSL at the Apache server.

RequestHeader set X_FORWARDED_PROTO 'https'

Also, some URLs are not correctly promoting the url helper in a proxy environment. See this bug for instance.
I can’t tell if that affects your case, though.

The patch is available at https://github.com/opf/openproject/pull/5183.patch and will be made part of 6.1.5 (yet unreleased).

Best,
Oliver

RE: OP behind a reverse proxy - Added by Martin Kurz over 7 years ago

Hi Oliver,

thank you for the hint!

Setting X-Forwarded-Proto to https solved all of the problems but one:

Coming across the reverse proxy and looking for activities and user documents the links shown still won’t get mapped correctly:

Opening e.g. https://project.mysite.org:59444/users/10 yields html reading

…
Document: mydoc
…

while one would have expected sth. like

…
Document: mydoc
…

Still trying to fix this one…..

regards,

Martin

RE: OP behind a reverse proxy - Added by Oliver Günther over 7 years ago

That should be fixed with the patch I wrote about in my previous post. You can apply it to your installation. Also, It will be part of 6.1.5 released probably next week.

Best,
Oliver

RE: OP behind a reverse proxy - Added by Mauricio Lazo over 4 years ago

Hi Martin! I solved this by switching to NGINX as a reverse proxy, so my scenario is: 
Internet <--https--> NGINX  <--http--> OpenProject server.

On NGINX in a linux server, the firewall only allows connection from any IP to port 443. In my Open Project server the Linux firewall only allows connections from NGINX IP to OpenProject IP on port 80, nothing else. 

At the Open Project server is set up with the defaults on the wizard with sudo openproject configure. That being Apache as a internal reverse-proxy for the Open Project Service. 

My NGINX config is:

server {
        server_name op.example.com;
        location / {
                proxy_pass http://192.168.1.2;
                proxy_set_header Host $host;
        }
}
  • (1 - 4/4)
Loading...