To set up SSL in an OpenProject Docker container, you'll need to use a reverse proxy like Nginx or Apache to handle the SSL termination. Here's a basic guide using Nginx:  

1. Install Docker and Nginx:

  • Make sure Docker is installed and running on your system.

  • Install Nginx:

    Bash

    sudo apt install nginx
    

2. Create a Docker Compose file:

Create a file named docker-compose.yml with the following content:

YAML

version: '3.7'

services:
  openproject:
    image: openproject/openproject
    container_name: openproject
    ports:
      - "80:80"
    environment:
      OPENPROJECT_HOST: openproject.example.com
      OPENPROJECT_DATABASE_HOST: db
    depends_on:
      - db

  db:
    image: postgres:15-alpine
    container_name: openproject_db

Replace openproject.example.com with your desired domain name.

3. Create an Nginx configuration file:

Create a new Nginx configuration file (e.g., /etc/nginx/sites-available/openproject) with the following content:

Nginx

server {
    listen 443 ssl;
    server_name openproject.example.com;

    ssl_certificate /etc/letsencrypt/live/openproject.example.com/fullchain.pem;
    ssl_certificate_key /etc/letsencrypt/live/openproject.example.com/privkey.pem;   

    location / {
        proxy_pass http://openproject:80;
        proxy_set_header Host $host;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header X-Forwarded-Proto https;   
    }
}

 

Replace the SSL certificate and key paths with the actual paths to your SSL certificates.  

4. Obtain SSL certificates:

Use a tool like Certbot to obtain SSL certificates for your domain name.  

5. Enable the Nginx configuration:

Create a symbolic link from the configuration file to /etc/nginx/sites-enabled:

Bash

sudo ln -s /etc/nginx/sites-available/openproject /etc/nginx/sites-enabled/openproject

6. Restart Nginx:

Bash

sudo systemctl restart nginx

7. Start Docker containers:

Bash

docker-compose up -d

Now you should be able to access your OpenProject instance using HTTPS.