Lewati ke isi

Instalasi OpenProject pada Linux

Persiapan

Persyaratan perangkat keras

  • 4Gb memori
  • 2 core prosesor
  • 10Gb ruang penyimpanan

Persyaratan perangkat lunak

Komponen peladen yang diperlukan untuk instalasi

Komponen Deskripsi
Platform OpenProject 10.x
Sistem Operasi 64bit - CentOS/RHEL
- Debian: 9 & 10
- Ubuntu
- SLES
7.x & 8.x
9 & 10
16.04, 18.04, & 20.04
12
Runtime Ruby 2.6.x
Peladen web - Apache
- Nginx
2.4.x
1.10.x
Peladen aplikasi Puma 4.2.x
Peladen pangkalan data PostgreSQL 9.5

Persyaratan klien

OpenProject mendukung peramban modern dan mutakhir, diantaranya:

  1. Mozilla Firefox (ESR versi 68.6.0)
  2. Microsoft Edge
  3. Google Chrome
  4. Apple Safari

Proses

Semua perintah instalasi dan konfigurasi, dieksekusi sebagai root
sudo su

Instalasi klien pangkalan data - PostgreSQL

Paket / repositori instalasi PostgreSQL

```bash tab=”RHEL/CentOS 7”
yum install https://download.postgresql.org/pub/repos/yum/reporpms/EL-7-x86_64/pgdg-redhat-repo-latest.noarch.rpm

```bash tab="RHEL/CentOS 8"
dnf install https://download.postgresql.org/pub/repos/yum/reporpms/EL-8-x86_64/pgdg-redhat-repo-latest.noarch.rpm
dnf -qy module disable postgresql

```bash tab=”Debian & Ubuntu”
sh -c ‘echo “deb http://apt.postgresql.org/pub/repos/apt $(lsb_release -cs)-pgdg main” \

/etc/apt/sources.list.d/pgdg.list’
wget –quiet -O - https://www.postgresql.org/media/keys/ACCC4CF8.asc | apt-key add -
sudo apt-get update
```

Via paket repositori

```bash tab=”RHEL/CentOS (7)”
yum install -y postgresql12

```bash tab="RHEL/CentOS 8"
dnf install -y postgresql12

bash tab="Debian & Ubuntu" apt-get install -y ???

Verifikasi versi hasil instalasi

```bash tab=”eksekusi”
psql –version

```bash tab="hasil"
psql (PostgreSQL) 12.3

Instalasi interaktif - OpenProject

OpenProject proses instalasinya selalu menggunakan repositori sesuai dengan sistem operasi yang digunakan. Berikut adalah caranya.

Instalasi paket via repositori

```bash tab=”CentOS/RHEL 7”
wget -O /etc/yum.repos.d/openproject.repo \
https://dl.packager.io/srv/opf/openproject/stable/10/installer/el/7.repo
yum install -y openproject

```bash tab="CentOS/RHEL 8"
wget -O /etc/yum.repos.d/openproject.repo \
https://dl.packager.io/srv/opf/openproject/stable/10/installer/el/8.repo
dnf install -y openproject

wget -qO- https://dl.packager.io/srv/opf/openproject/key | apt-key add -

```bash tab=”Debian 9”
wget -O /etc/apt/sources.list.d/openproject.list \
https://dl.packager.io/srv/opf/openproject/stable/10/installer/debian/9.repo

```bash tab="Debian 10"
wget -O /etc/apt/sources.list.d/openproject.list \
https://dl.packager.io/srv/opf/openproject/stable/10/installer/debian/10.repo

```bash tab=”Ubuntu 16.04”
wget -O /etc/apt/sources.list.d/openproject.list \
https://dl.packager.io/srv/opf/openproject/stable/10/installer/ubuntu/16.04.repo

```bash tab="Ubuntu 18.04"
wget -O /etc/apt/sources.list.d/openproject.list \
https://dl.packager.io/srv/opf/openproject/stable/10/installer/ubuntu/18.04.repo

```bash tab=”Ubuntu 20.04”
wget -O /etc/apt/sources.list.d/openproject.list \
https://dl.packager.io/srv/opf/openproject/stable/10/installer/ubuntu/20.04.repo

```bash
apt-get update
apt-get install openproject

Konfigurasi komponen lain - Apache2, PostgreSQL, & Memcahed Server

OpenProject

openproject configure

Pangkalan data - PostgreSQL

Penggunaan peladen pangkalan data

image-20200706013316490

IP atau nama hos panggkalan data

image-20200706013350848

Porta panggkalan data

image-20200706013359917

Nama pengguna (aplikasi) panggkalan data

image-20200706013413460

Kata sandi pengguna

image-20200706013423259

Nama pangkalan data bagi aplikasi

image-20200706013431148

Peladen web - Apache2

Nama domain

image-20200706013447930

Lokasi instalasi, gunakan / untuk nama domain atau lainnya gunakan sub.domain.tld/subdirektori

image-20200706013455613

Sementara tidak menggunakan SSL

image-20200706013508348

Kunci API unik untuk komunikasi ke OpenProject

Kunci API ini dihasilkan unik pada setiap proses instalasi. Pilih Ok

Modul SCM (Subversion / Git)

Jika tidak menggunakan SCM dapat diabaikan.

SVN

image-20200706013603079

Git

image-20200706013607856

Modul notifikasi surel - SMTP

Pengaturan SMTP

image-20200706013701044

Hos SMTP

image-20200706013711333

Porta SMTP

image-20200706013746323

Pengguna SMTP

image-20200706013752808

Kata sandi SMTP

image-20200706013758110

Surel admin pengirim

image-20200706013828192

Peladen cache - Memcached

Instalasi peladen Memcached

image-20200706013841943

Penyelesaian

Integrasi LDAP - FreeIPA

SSL

Diffie–Hellman key exchange

openssl dhparam -out /etc/ssl/certs/dhparam.pem 4096

LE Snippets

letsencrypt.conf

```bash tab=”CentOS”

mkdir -p /var/lib/letsencrypt/.well-known
chgrp apache /var/lib/letsencrypt
chmod g+s /var/lib/letsencrypt

cat << EOF > /etc/httpd/conf.d/letsencrypt.conf
Alias /.well-known/acme-challenge/ “/var/lib/letsencrypt/.well-known/acme-challenge/”

AllowOverride None
Options MultiViews Indexes SymLinksIfOwnerMatch IncludesNoExec
Require method GET POST OPTIONS

EOF

cat << EOF > /etc/httpd/conf.d/ssl-params.conf
SSLCipherSuite EECDH+AESGCM:EDH+AESGCM

Requires Apache 2.4.36 & OpenSSL 1.1.1

SSLProtocol -all +TLSv1.3 +TLSv1.2
SSLOpenSSLConfCmd Curves X25519:secp521r1:secp384r1:prime256v1

Older versions

SSLProtocol All -SSLv2 -SSLv3 -TLSv1 -TLSv1.1

SSLHonorCipherOrder On
Header always set Strict-Transport-Security “max-age=63072000; preload”
Header always set X-Frame-Options DENY
Header always set X-Content-Type-Options nosniff

Requires Apache >= 2.4

SSLCompression off
SSLUseStapling on
SSLStaplingCache “shmcb:logs/stapling-cache(150000)”

Requires Apache >= 2.4.11

SSLSessionTickets Off

SSLOpenSSLConfCmd DHParameters “/etc/ssl/certs/dhparam.pem”
EOF

```

Certbot / Let’s Encrypt

Variabel
SUREL_LE="[email protected]"
NAMA_DOMAIN="openproject.domain.tld"

Instalasi Certbot

```bash tab=”Dasar”

bin

wget https://dl.eff.org/certbot-auto
mv certbot-auto /usr/local/bin/certbot-auto
chown root /usr/local/bin/certbot-auto
chmod 0755 /usr/local/bin/certbot-auto

cert

/usr/local/bin/certbot-auto –apache \
-m $SUREL_LE -d $NAMA_DOMAIN –agree-tos

```bash tab="Optimasi"
/usr/local/bin/certbot-auto enhance --apache --redirect --hsts --uir
/usr/local/bin/certbot-auto enhance --auto-hsts

bash tab="Perpanjangan otomatis" echo "0 0,12 * * * root python3 -c 'import random; import time; time.sleep(random.random() * 3600)' && /usr/local/bin/certbot-auto renew -q" | sudo tee -a /etc/crontab > /dev/null