Top Menu

Jump to content
Home
    Modules
      • Projects
      • Activity
      • Work packages
      • Gantt charts
      • Calendars
      • Team planners
      • Boards
      • News
    • Getting started
    • Introduction video
      Welcome to OpenProject Community
      Get a quick overview of project management and team collaboration with OpenProject. You can restart this video from the help menu.
    • Help and support
    • Upgrade to Enterprise edition
    • User guides
    • Videos
    • Shortcuts
    • Community forum
    • Enterprise support
    • Additional resources
    • Data privacy and security policy
    • Digital accessibility (DE)
    • OpenProject website
    • Security alerts / Newsletter
    • OpenProject blog
    • Release notes
    • Report a bug
    • Development roadmap
    • Add and edit translations
    • API documentation
  • Sign in
      Forgot your password?

      or sign in with your existing account

      Google

Side Menu

  • Overview
  • Activity
    Activity
  • Roadmap
  • Work packages
    Work packages
  • Gantt charts
    Gantt charts
  • Calendars
    Calendars
  • Team planners
    Team planners
  • Boards
    Boards
  • News
  • Forums

Content

General discussion
  1. OpenProject
  2. Forums
  3. General discussion
  4. Openproject and NGINX Reverse proxy

Openproject and NGINX Reverse proxy

Added by Marc Walter about 5 years ago

Dear openproject helpers,

I have succesfully installed openproject (latest version) on centos 8. So far it's no problem and everything is running fine.
Now I want to add in front of the openproject a NGINX reverse proxy which is running on a different server.
So this is the config at the reverse proxy nginx at the moment.
I have added and removed everything and tested several times the config and tried to access. But unfortunately because of the link generation in openproject the links are not always correct. Can someone share a actual running nginx reverse proxy config?

What do I need to set on the apache configuration in openproject? Can I there also activate SSL as well?

server {
#   if ($blockedagent) {
#        return 403;
#   }
   client_max_body_size 20m;
   listen 443 ssl http2;
   server_name openproject.XXXXXX.ch;
      access_log  /var/log/nginx/access_wan.log;
      ssl_certificate /etc/nginx/ssl/fullchain.cer;
      ssl_certificate_key /etc/nginx/ssl/XXXXX.ch.key;
      ssl_session_timeout 1d;
      ssl_session_cache shared:SSL:50m;
      ssl_session_tickets off;

      ssl_dhparam /etc/ssl/certs/dhparam.pem;

      ssl_protocols TLSv1.2 TLSv1.3;
      ssl_ciphers 'TLS13-CHACHA20-POLY1305-SHA256:TLS13-AES-256-GCM-SHA384:TLS13-AES-128-GCM-SHA256:EECDH+CHACHA20:EECDH+AESGCM:EECDH+AES';
      ssl_ecdh_curve secp384r1;

      ssl_prefer_server_ciphers on;
      add_header Strict-Transport-Security max-age=15768000;
      ssl_stapling on;
      ssl_stapling_verify on;
      resolver 192.168.10.1;
   #  server_tokens versteckt die NGINX Version bei Abfragen
      server_tokens off;
      access_log on;
      error_log on;

      location / {

      proxy_pass https://192.168.XX.XX;
  #   proxy_redirect https://192.168.XX.XX;
      proxy_ssl_protocols TLSv1.2 TLSv1.3;

       proxy_pass_request_headers on;
       proxy_set_header X-Forwarded-Server $host:$server_port;
       proxy_set_header X-Real-IP $remote_addr;
       proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
  #    proxy_set_header X-Forwarded-Proto https;
   }
}

Replies (3)

RE: Openproject and NGINX Reverse proxy - Added by Nanak Singh almost 2 years ago

+1

I'm also interested in this. Have you found a solution. If yes plz share.

RE: Openproject and NGINX Reverse proxy - Added by Marc Walter almost 2 years ago

Hi 

Yes i have it running behind a reverse proxy.

This is a fully 100% working configuration vor NGINX. You have to replace: YOURDOMAIN and XX for the IP'addresses.

server {

   listen 80;
   server_name openproject.YOURDOMAIN.com;
   access_log off;
   error_log off;
   return 301 https://$server_name$request_uri;
}

server {
#   if ($blockedagent) {
#        return 403;
#   }
   client_max_body_size 20m;
   listen 443 ssl http2;
   server_name openproject.YOURDOMAIN.com;

      access_log  /var/log/nginx/access_wan.log;
      ssl_certificate /etc/nginx/ssl/fullchain.cer;
      ssl_certificate_key /etc/nginx/ssl/YOURDOMAIN.key;
      ssl_session_timeout 1d;
      ssl_session_cache shared:SSL:50m;
      ssl_session_tickets off;

      ssl_dhparam /etc/ssl/certs/dhparam.pem;

      ssl_protocols TLSv1.2 TLSv1.3;
      ssl_ciphers 'TLS13-CHACHA20-POLY1305-SHA256:TLS13-AES-256-GCM-SHA384:TLS13-AES-128-GCM-SHA256:EECDH+CHACHA20:EECDH+AESGCM:EECDH+AES';
      ssl_ecdh_curve secp384r1;

      ssl_prefer_server_ciphers on;
      add_header Strict-Transport-Security max-age=15768000;
      ssl_stapling on;
      ssl_stapling_verify on;
      resolver 192.168.XXX.XXX;
   #  server_tokens versteckt die NGINX Version bei Abfragen
      server_tokens off;
      access_log on;
      error_log on;

      location / {

      proxy_pass http://192.168.XX.XX:8181;

      proxy_pass_request_headers on;
      proxy_set_header Host $host;

      proxy_set_header X-Real-IP $remote_addr;
      proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
      proxy_set_header X-Forwarded-Host $server_name;
      proxy_set_header X-Forwarded-Proto https;
   }
}

RE: Openproject and NGINX Reverse proxy - Added by Sándor Hatvani over 1 year ago

Hi Marck,
Did you make any changes in OP doscker-compose.override.yml file, please?
My nginx docker-compose.yml is:

version: "3.7"

services:
 nginx:
   image: nginx:latest
   container_name: nginx_container
   ports:
     - 80:80
   volumes:
     - "/etc/nginx/nginx.conf:/etc/nginx/nginx.conf"
   network_mode: bridge

and its nginx.conf file is:

server {
   listen 80;

   server_name openproject.intra.fph.hu;

   return 301 https://$host$request_uri;
}

server {
 listen 443 ssl;
 server_name openproject.intra.fph.hu;

 ssl_certificate     /etc/ssl/crt/openproject.crt;
 ssl_certificate_key /etc/ssl/crt/openproject.key;

 proxy_redirect    off;

 location / {
   proxy_set_header Host $host;
   proxy_set_header X-Real-IP  $remote_addr;
   proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
   proxy_set_header X-Forwarded-Proto https;

   proxy_pass http://127.0.0.1:8080;
 }
}
Can you check it, please?

  • (1 - 3/3)
Loading...