Kimai

Zugänge

Root Zugriff
URL	`timetrack.tema-dev.de`
User	`root@5.182.33.247`
Passwort	`GUT4kMdeXjllbvFcK0TiPukH0yD9w6`

Kimai Installation Admin
Username	`dCA6932g4vPQHydJCtAFKutq`
Passwort	`hymwSr7tfPUdEdm8FHWyJJsQ`

Setup

Get Certificates

mkdir /etc/ssl/kimai2
chown -R $USER:www-data /etc/ssl/kimai2
chmod -R 755 /etc/ssl/kimai2
acme.sh --issue -w /var/www/letsencrypt -d timetrack.tema-dev.de --keylength ec-384 --key-file /etc/ssl/kimai2/kimai2.key --fullchain-file /etc/ssl/kimai2/kimai2.crt --reloadcmd "systemctl reload nginx"
openssl dhparam -out /etc/ssl/kimai2/ffdhe2048  2048

Setup Kimai

copy openproject.https.conf scp openproject.https.conf root@5.182.33.247:/etc/nginx/conf.d/ form local machine to remote

copy favicons scp -r assets/* root@5.182.33.247:/var/www/html/ form local machine to remote

mkdir /opt/openproject
mkdir /opt/openproject/logs
cd /opt/openproject
systemctl reload nginx
apt install apt-transport-https ca-certificates wget
wget -qO- https://dl.packager.io/srv/opf/openproject/key | sudo apt-key add -
wget -O /etc/apt/sources.list.d/openproject.list https://dl.packager.io/srv/opf/openproject/stable/12/installer/ubuntu/22.04.repo
apt update
apt install openproject
openproject configure #interactive
openproject config:set SERVER_PROTOCOL_FORCE_HTTPS="true"

kimai2.conf

server {
  listen 80;
  listen [::]:80;
  server_name   timetrack.tema-dev.de;
  location ^~ /.well-known/acme-challenge {
    default_type text/plain;
    root /var/www/letsencrypt;
  }
  location / {
    return 301 https://$server_name$request_uri;
  }
}

kimai2.https.conf

server {
  listen        443 ssl http2;
  server_name   timetrack.tema-dev.de;
  ssl_certificate           /etc/ssl/kimai2/kimai2.crt;
  ssl_certificate_key       /etc/ssl/kimai2/kimai2.key;
  ssl_dhparam               /etc/ssl/openproject/ffdhe2048;
  ssl_session_timeout       1d;
  ssl_session_cache         shared:SSL:10m;
  ssl_session_tickets       off;
  ssl_protocols             TLSv1.2 TLSv1.3;
  ssl_ciphers               ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384;
  ssl_prefer_server_ciphers off;
  # gzip
  # gzip on;
  # gzip_vary on;
  # gzip_proxied any;
  # gzip_comp_level 6;
  # gzip_types text/plain text/css text/xml application/json application/javascript application/xml+rss application/atom+xml image/svg+xml;
  # brotli
  # brotli on;
  # brotli_comp_level 6;
  # brotli_types text/xml image/svg+xml application/x-font-ttf image/vnd.microsoft.icon application/x-font-opentype application/json font/eot application/vnd.ms-fontobject application/javascript font/otf application/xml application/xhtml+>
  access_log            /opt/kimai2/logs/access.log combined;
  error_log             /opt/kimai2/logs/error.log;
  if ($host != $server_name) {
    rewrite ^/(.*) https://$server_name/$1 permanent;
  }
  location ^~ /.well-known/acme-challenge {
    default_type text/plain;
    root /var/www/letsencrypt;
  }
  location = /favicon.ico {
    alias /var/www/html/favicon.ico;
  }
  location / {
    client_max_body_size 32M;

    proxy_set_header    Host                $http_host;
    proxy_set_header    X-Real-IP           $remote_addr;
    proxy_set_header    X-Forwarded-Host    $host:$server_port;
    proxy_set_header    X-Forwarded-Server  $host;
    proxy_set_header    X-Forwarded-For     $proxy_add_x_forwarded_for;
    proxy_set_header    X-Forwarded-Proto   $scheme;
    proxy_set_header    X-Forwarded-Port    $server_port;
    proxy_pass          http://127.0.0.1:8020;
    proxy_connect_timeout 90s;
    proxy_read_timeout 90s;
    proxy_send_timeout 90s;
    proxy_buffering    off;
    proxy_buffer_size  128k;
    proxy_buffers 100  128k;
  }
}

Unterprojekte

js doku
Neues Projekt anlegen: projekte:openproject

DokuWiki

Table of Contents