Instalasi OpenProject pada Linux¶
Persiapan¶
Persyaratan perangkat keras¶
- 4Gb memori
- 2 core prosesor
- 10Gb ruang penyimpanan
Persyaratan perangkat lunak¶
Komponen peladen yang diperlukan untuk instalasi
Komponen | Deskripsi | |
---|---|---|
Platform | OpenProject | 10.x |
Sistem Operasi 64bit | - CentOS/RHEL - Debian: 9 & 10 - Ubuntu - SLES | 7.x & 8.x 9 & 10 16.04, 18.04, & 20.04 12 |
Runtime | Ruby | 2.6.x |
Peladen web | - Apache - Nginx | 2.4.x 1.10.x |
Peladen aplikasi | Puma | 4.2.x |
Peladen pangkalan data | PostgreSQL | 9.5 |
Persyaratan klien¶
OpenProject mendukung peramban modern dan mutakhir, diantaranya:
- Mozilla Firefox (ESR versi 68.6.0)
- Microsoft Edge
- Google Chrome
- Apple Safari
Proses¶
Semua perintah instalasi dan konfigurasi, dieksekusi sebagai root
sudo su
Instalasi klien pangkalan data - PostgreSQL¶
Paket / repositori instalasi PostgreSQL
```bash tab=”RHEL/CentOS 7”
yum install https://download.postgresql.org/pub/repos/yum/reporpms/EL-7-x86_64/pgdg-redhat-repo-latest.noarch.rpm
```bash tab="RHEL/CentOS 8"
dnf install https://download.postgresql.org/pub/repos/yum/reporpms/EL-8-x86_64/pgdg-redhat-repo-latest.noarch.rpm
dnf -qy module disable postgresql
```bash tab=”Debian & Ubuntu”
sh -c ‘echo “deb http://apt.postgresql.org/pub/repos/apt $(lsb_release -cs)-pgdg main” \
/etc/apt/sources.list.d/pgdg.list’
wget –quiet -O - https://www.postgresql.org/media/keys/ACCC4CF8.asc | apt-key add -
sudo apt-get update
```
Via paket repositori
```bash tab=”RHEL/CentOS (7)”
yum install -y postgresql12
```bash tab="RHEL/CentOS 8"
dnf install -y postgresql12
bash tab="Debian & Ubuntu" apt-get install -y ???
Verifikasi versi hasil instalasi
```bash tab=”eksekusi”
psql –version
```bash tab="hasil"
psql (PostgreSQL) 12.3
Instalasi interaktif - OpenProject¶
OpenProject proses instalasinya selalu menggunakan repositori sesuai dengan sistem operasi yang digunakan. Berikut adalah caranya.
Instalasi paket via repositori
```bash tab=”CentOS/RHEL 7”
wget -O /etc/yum.repos.d/openproject.repo \
https://dl.packager.io/srv/opf/openproject/stable/10/installer/el/7.repo
yum install -y openproject
```bash tab="CentOS/RHEL 8"
wget -O /etc/yum.repos.d/openproject.repo \
https://dl.packager.io/srv/opf/openproject/stable/10/installer/el/8.repo
dnf install -y openproject
wget -qO- https://dl.packager.io/srv/opf/openproject/key | apt-key add -
```bash tab=”Debian 9”
wget -O /etc/apt/sources.list.d/openproject.list \
https://dl.packager.io/srv/opf/openproject/stable/10/installer/debian/9.repo
```bash tab="Debian 10"
wget -O /etc/apt/sources.list.d/openproject.list \
https://dl.packager.io/srv/opf/openproject/stable/10/installer/debian/10.repo
```bash tab=”Ubuntu 16.04”
wget -O /etc/apt/sources.list.d/openproject.list \
https://dl.packager.io/srv/opf/openproject/stable/10/installer/ubuntu/16.04.repo
```bash tab="Ubuntu 18.04"
wget -O /etc/apt/sources.list.d/openproject.list \
https://dl.packager.io/srv/opf/openproject/stable/10/installer/ubuntu/18.04.repo
```bash tab=”Ubuntu 20.04”
wget -O /etc/apt/sources.list.d/openproject.list \
https://dl.packager.io/srv/opf/openproject/stable/10/installer/ubuntu/20.04.repo
```bash
apt-get update
apt-get install openproject
Konfigurasi komponen lain - Apache2, PostgreSQL, & Memcahed Server¶
OpenProject
openproject configure
Pangkalan data - PostgreSQL¶
Penggunaan peladen pangkalan data
IP atau nama hos panggkalan data
Porta panggkalan data
Nama pengguna (aplikasi) panggkalan data
Kata sandi pengguna
Nama pangkalan data bagi aplikasi
Peladen web - Apache2¶
Nama domain
Lokasi instalasi, gunakan /
untuk nama domain atau lainnya gunakan sub.domain.tld/subdirektori
Sementara tidak menggunakan SSL
Kunci API unik untuk komunikasi ke OpenProject
Kunci API ini dihasilkan unik pada setiap proses instalasi. Pilih Ok
Modul SCM (Subversion / Git)¶
Jika tidak menggunakan SCM dapat diabaikan.
SVN
Git
Modul notifikasi surel - SMTP¶
Pengaturan SMTP
Hos SMTP
Porta SMTP
Pengguna SMTP
Kata sandi SMTP
Surel admin pengirim
Peladen cache - Memcached¶
Instalasi peladen Memcached
Penyelesaian¶
Integrasi LDAP - FreeIPA¶
SSL¶
Diffie–Hellman key exchange¶
openssl dhparam -out /etc/ssl/certs/dhparam.pem 4096
LE Snippets¶
letsencrypt.conf
```bash tab=”CentOS”
¶
mkdir -p /var/lib/letsencrypt/.well-known
chgrp apache /var/lib/letsencrypt
chmod g+s /var/lib/letsencrypt
¶
cat << EOF > /etc/httpd/conf.d/letsencrypt.conf
Alias /.well-known/acme-challenge/ “/var/lib/letsencrypt/.well-known/acme-challenge/”
AllowOverride None
Options MultiViews Indexes SymLinksIfOwnerMatch IncludesNoExec
Require method GET POST OPTIONS
EOF
¶
cat << EOF > /etc/httpd/conf.d/ssl-params.conf
SSLCipherSuite EECDH+AESGCM:EDH+AESGCM
Requires Apache 2.4.36 & OpenSSL 1.1.1¶
SSLProtocol -all +TLSv1.3 +TLSv1.2
SSLOpenSSLConfCmd Curves X25519:secp521r1:secp384r1:prime256v1
Older versions¶
SSLProtocol All -SSLv2 -SSLv3 -TLSv1 -TLSv1.1¶
SSLHonorCipherOrder On
Header always set Strict-Transport-Security “max-age=63072000; preload”
Header always set X-Frame-Options DENY
Header always set X-Content-Type-Options nosniff
Requires Apache >= 2.4¶
SSLCompression off
SSLUseStapling on
SSLStaplingCache “shmcb:logs/stapling-cache(150000)”
Requires Apache >= 2.4.11¶
SSLSessionTickets Off
SSLOpenSSLConfCmd DHParameters “/etc/ssl/certs/dhparam.pem”
EOF
```
Certbot / Let’s Encrypt¶
Variabel
SUREL_LE="[email protected]"
NAMA_DOMAIN="openproject.domain.tld"
Instalasi Certbot
```bash tab=”Dasar”
bin¶
wget https://dl.eff.org/certbot-auto
mv certbot-auto /usr/local/bin/certbot-auto
chown root /usr/local/bin/certbot-auto
chmod 0755 /usr/local/bin/certbot-auto
cert¶
/usr/local/bin/certbot-auto –apache \
-m $SUREL_LE -d $NAMA_DOMAIN –agree-tos
```bash tab="Optimasi"
/usr/local/bin/certbot-auto enhance --apache --redirect --hsts --uir
/usr/local/bin/certbot-auto enhance --auto-hsts
bash tab="Perpanjangan otomatis" echo "0 0,12 * * * root python3 -c 'import random; import time; time.sleep(random.random() * 3600)' && /usr/local/bin/certbot-auto renew -q" | sudo tee -a /etc/crontab > /dev/null