As starting point, instructions says: web server such as Apache2 or Nginx to function as the web server forwarding to our internal server listening at localhost:6000 by proxying.
It seems there is something missing. Using the OpenProject instructions and skipping the Apache2 installation, they suggest to use an Apache config file as follows:
<VirtualHost *:80>
ServerName openproject.example.com
redirect permanent / https://openproject.example.com/
</VirtualHost>
<VirtualHost *:443>
#
# SSL Start
#
SSLEngine On
# SSLCertificateChainFile /etc/apache2/ssl/cdc_ca.cert.pem
SSLCertificateFile /etc/letsencrypt/live/openproject.example.com/cert.pem
SSLCertificateKeyFile /etc/letsencrypt/live/openproject.example.com/privkey.pem
SSLCertificateChainFile /etc/letsencrypt/live/openproject.example.com/fullchain.pem
# Set Forwarded protocol header to proxy
# otherwise OpenProject doesn't know we're terminating SSL here.
RequestHeader set X_FORWARDED_PROTO 'https'
#
# SSL End
#
ServerName openproject.example.com
ServerAdmin [email protected]
DocumentRoot /opt/openproject/public
# Proxy requests to localhost:6000 (puma)
ProxyRequests off
ProxyPass / http://127.0.0.1:6000/ retry=0
ProxyPassReverse / http://127.0.0.1:6000/
# Disallow internal API for external use
# (used for repository authenticiation, if any)
<LocationMatch "^/sys">
<IfModule mod_authz_core.c>
Require local
</IfModule>
<IfModule !mod_authz_core.c>
Order Deny,Allow
Deny from all
Allow from 127.0.0.1
</IfModule>
</LocationMatch>
# Configure assets and uploads
Alias /assets /opt/openproject/public/assets
Alias /uploads /opt/openproject/public/uploads
<Directory "/opt/openproject/public">
Options -Indexes
<IfModule mod_authz_core.c>
# apache 2.4+
Require all granted
</IfModule>
<IfModule !mod_authz_core.c>
Order deny,allow
Allow from all
</IfModule>
</Directory>
# Don't pass assets through proxy but deliver them through apache
ProxyPass /assets/ !
<Location /assets/>
# Avoid using mtime or inode information for ETag
FileETag Size
ExpiresActive On ExpiresDefault "access plus 1 year"
</Location>
# Send expiry headers for assets, that carry an asset id. Assuming, an asset
# id is a unix timestamp, which is currently a 10 digit integer. This might
# change in the far future.
<FilesMatch "\.(ico|pdf|flv|jpg|jpeg|png|gif|js|css|swf)$">
ExpiresActive On
ExpiresDefault "access plus 1 year"
</FilesMatch>
# Enabling compression for common text formats
AddOutputFilterByType DEFLATE text/html text/css application/x-javascript application/javascript
ErrorLog /var/log/apache2/openproject.example.com-error.log
</VirtualHost>
Thanks for your communication. Unfortunately, no. There is no way to put all the OpenProject files in the /home/{user}/web/{domain}/public_html folder…
We are still researching. If we found how to, we’ll let you know…
OpenProject working beside HestiaCP with Docker.
I have to find the way to personalize URL (with subdomain, and not IP address), port and some fine tuning, but it’s looks good.