Hi.

Have you solved this problem, please? We have the same one with steps like yours.

Just changing the HTTPS option in the GUI is not enough if you never used a SSL certificate for your OP domain during (first) installation, you'll need to "reconfigure" to add the correct SSL info to the installer.dat file and creating the apache2 ssl.conf include file

Make a backup of your /etc/openproject folder (especially the installer.dat file) and rerun: sudo openproject reconfigure    ("Skip" the options not needed to update and make sure to set the SSL option to "Yes"

This should add the following to your installer.dat (in my case using letsencrypt):

server/ssl_cert /etc/letsencrypt/live/xxxxxxxxxxxx.com/fullchain.pem
server/ssl_key /etc/letsencrypt/live/xxxxxxxxxxxx.com/privkey.pem
server/ssl_ca

Now it should work as intended (took me a few hours, as an OP nob, to figure this out...)

Just make sure the apache2 includes exist as for some reason they are sometimes not available anymore after a reconfigure! Then copy them from your backup (/etc/openproject/addons/apache2/*), so ALWAYS backup if you have a working OP!

Thank you for your answer.

I ran openproject reconfigure yesterday and I tried it again today.
No "server/ssl_*" lines were added in the installer.dat file and no ssl.conf file in /etc/openproject/addons/apache2/includes/vhost was created.

In installer.dat file is related to ssl only "server/ssl yes"

I tried to put paths to certificates manually and run openproject configure, nothing change.

I can reach domain via https, it is showing me correct certificate, but that yellow notification banner with "Protocol setting mismatch" is still appearing.

Hi Juraj,

Just make sure the apache2 includes exist as for some reason they are sometimes not available anymore after a reconfigure!

OpenProject will always try to restore the configuration as you entered it in the wizard. If after a configure, the Apache2 confiugration is not present, it is due to you choosing "skip" on the Apache configuration wizard. We only output configuration files if you choose "autoinstall" there. If you have an existing Apache, you need to configure it manually. This is also described in our installation guides: https://docs.openproject.org/installation-and-operations/installation/packaged/#step-2-apache2-web-server

The issue you're running into is that you configured OpenProject to use https, but the request is not marked as https to the OpenProject internal server. This is usually because you're missing a proxy flag that signals that while a request has terminated SSL, it is still treated as such.

This header is called X-Forwarded-Proto

There's also a section on that in our guides: https://docs.openproject.org/installation-and-operations/installation/packaged/#step-2-apache2-web-server

Please ensure the header is set and restart apache.

In case of auto-installing Apache from OpenProject with server/ssl* set and configured from OpenProject, this header is being set automatically for you. https://github.com/pkgr/addon-apache2/blob/master/conf/includes/vhost/ssl.conf#L4 But it will only be set if you let OpenProject do the configuration.

Hope that helps, please let us know if you have any feedback regarding the documentation.

Best

Oliver

Hi Oliver.

I've just ran Apache configuration from the wizard.
It asked me for the path to the certificates files and after that it has created all neccessary.

After Apache restarting I've got too many redirects on our OpenProject site.
Looking to the /etc/httpd/conf.d folder shows that there were two files: openproject.conf and openproject-le-ssl.conf.
I've deleted second one, restarted Apache again and all is working as expected.

Thank you!

Juraj

Hi Juraj,

thanks for getting back. The second configuration is likely one that got created manually, it is not something that OpenProject generates. The two configuration files than collide and result in the error.

Great to hear you got it resolved

Cheers

Oliver