Hotfix release available: 2025-05-14b "Librarian".
upgrade now! [56.2] (what's this?)
Hotfix release available: 2025-05-14a "Librarian".
upgrade now! [56.1] (what's this?)
New release available: 2025-05-14 "Librarian".
upgrade now! [56] (what's this?)
Hotfix release available: 2024-02-06b "Kaos".
upgrade now! [55.2] (what's this?)
Hotfix release available: 2024-02-06a "Kaos".
upgrade now! [55.1] (what's this?)
New release available: 2024-02-06 "Kaos".
upgrade now! [55] (what's this?)
Hotfix release available: 2023-04-04b "Jack Jackrum".
upgrade now! [54.2] (what's this?)
projekte:openproject
Table of Contents
Openproject
Zugänge
| Root Zugriff | |
|---|---|
| URL | projects.tema-dev.de |
| User | root@5.182.33.247 |
| Passwort | GUT4kMdeXjllbvFcK0TiPukH0yD9w6 |
| Openproject Installation Admin | |
|---|---|
| Username | admin |
chojetzki@tema.de |
|
| Passwort | NToQMvSPnHiYIkw5nzgV |
Setup
Install ZSH
sudo apt install zsh chsh -s $(which zsh)
logout and log in
Setup OHmyZSH
sh -c "$(curl -fsSL https://raw.githubusercontent.com/ohmyzsh/ohmyzsh/master/tools/install.sh)"
git clone --depth=1 https://github.com/romkatv/powerlevel10k.git ${ZSH_CUSTOM:-$HOME/.oh-my-zsh/custom}/themes/powerlevel10k
Upgrade all packages
apt update apt upgrade
Install nginx
apt install nginx systemctl enable nginx
Setup Firewall
ufw default deny incoming ufw default allow outgoing ufw allow ssh ufw allow http ufw allow https ufw allow 'Nginx Full' ufw enable
Install acme.sh
curl https://raw.githubusercontent.com/acmesh-official/acme.sh/master/acme.sh | sh -s -- --install-online -m chojetzki@tema.de acme.sh --set-default-ca --server letsencrypt
logout and log back in
Setup Nginx
copy openproject.conf scp openproject.conf root@5.182.33.247:/etc/nginx/conf.d/ form local machine to remote
mkdir var/www/letsencrypt chown -R $USER:www-data /var/www/letsencrypt chmod -R 755 /var/www/letsencrypt
Get Certificates
mkdir /etc/ssl/openproject chown -R $USER:www-data /etc/ssl/openproject chmod -R 755 /etc/ssl/openproject acme.sh --issue -w /var/www/letsencrypt -d projects.tema-dev.de --keylength ec-384 --key-file /etc/ssl/openproject/openproject.key --fullchain-file /etc/ssl/openproject/openproject.crt --reloadcmd "systemctl reload nginx" openssl dhparam -out /etc/ssl/openproject/ffdhe2048 2048
Setup Openproject
copy openproject.https.conf scp openproject.https.conf root@5.182.33.247:/etc/nginx/conf.d/ form local machine to remote
copy favicons scp -r assets/* root@5.182.33.247:/var/www/html/ form local machine to remote
mkdir /opt/openproject mkdir /opt/openproject/logs cd /opt/openproject systemctl reload nginx apt install apt-transport-https ca-certificates wget wget -qO- https://dl.packager.io/srv/opf/openproject/key | sudo apt-key add - wget -O /etc/apt/sources.list.d/openproject.list https://dl.packager.io/srv/opf/openproject/stable/12/installer/ubuntu/22.04.repo apt update apt install openproject openproject configure #interactive openproject config:set SERVER_PROTOCOL_FORCE_HTTPS="true"
openproject.conf
server {
listen 80;
listen [::]:80;
server_name projects.tema-dev.de;
location ^~ /.well-known/acme-challenge {
default_type text/plain;
root /var/www/letsencrypt;
}
location / {
return 301 https://$server_name$request_uri;
}
}
openproject.https.conf
server {
listen *:443 ssl http2 ipv6only=on;
server_name projects.tema-dev.de;
ssl_certificate /etc/ssl/openproject/openproject.crt;
ssl_certificate_key /etc/ssl/openproject/openproject.key;
ssl_dhparam /etc/ssl/openproject/ffdhe2048;
ssl_session_timeout 1d;
ssl_session_cache shared:SSL:10m;
ssl_session_tickets off;
ssl_protocols TLSv1.2 TLSv1.3;
ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384;
ssl_prefer_server_ciphers off;
# gzip
# gzip on;
# gzip_vary on;
# gzip_proxied any;
# gzip_comp_level 6;
# gzip_types text/plain text/css text/xml application/json application/javascript application/xml+rss application/atom+xml image/svg+xml;
# brotli
# brotli on;
# brotli_comp_level 6;
# brotli_types text/xml image/svg+xml application/x-font-ttf image/vnd.microsoft.icon application/x-font-opentype application/json font/eot application/vnd.ms-fontobject application/javascript font/otf application/xml application/xhtml+>
access_log /opt/openproject/logs/access.log combined;
error_log /opt/openproject/logs/error.log;
if ($host != $server_name) {
rewrite ^/(.*) https://$server_name/$1 permanent;
}
location ^~ /.well-known/acme-challenge {
default_type text/plain;
root /var/www/letsencrypt;
}
location = /favicon.ico {
alias /var/www/html/favicon.ico;
}
location ~ ^\/assets\/favicon-[a-z0-9]+\.ico$ {
alias /var/www/html/favicon.ico;
}
location ~ ^\/assets\/apple-touch-icon-120x120-[a-z0-9]+\.png$ {
alias /var/www/html/touch-icon.png;
}
location ~ ^\/assets\/logo_openproject_white_big-[a-z0-9]+\.png$ {
alias /var/www/html/tema-logo.png;
}
location / {
client_max_body_size 32M;
proxy_pass_header Server;
proxy_set_header Host $http_host;
proxy_redirect off;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Scheme $scheme;
proxy_set_header X-Forwarded-For $remote_addr;
proxy_set_header X-Forwarded-Host $http_host;
proxy_set_header X-Forwarded-Server $host;
proxy_set_header X-Forwarded-Proto https;
proxy_set_header X-Forwarded-Ssl on;
proxy_pass http://127.0.0.1:6000;
proxy_connect_timeout 90s;
proxy_read_timeout 90s;
proxy_send_timeout 90s;
proxy_buffering off;
proxy_buffer_size 128k;
proxy_buffers 100 128k;
}
}
Unterprojekte
js doku
Neues Projekt anlegen: projekte:openproject
Kommentare
projekte/openproject.txt · Last modified: 2024/01/05 13:07 by 127.0.0.1