Install OpenProject on Debian 12, with NGINX
OpenProject's official documentation provides many ways you can use to install OpenProject. You can choose to install via a package manager on bare metal or virtual machine, install via docker, or install with Kubernetes.
https://www.openproject.org/download-and-installation/
In this guide, I will go over installing OpenProject on a Debian 12 system.
https://www.openproject.org/docs/installation-and-operations/installation/packaged/
The official documentation has the installation steps for Debian 12 using the root user.
However, as I prefer to run commands with a sudo user instead on a Debian system, I took a look at the Ubuntu installation steps, and used those commands instead, with modifying the package source to be the Debian one.
Prerequisites for Debian 12 Minimal Installations
On a fresh, new Debian 12 Minimal Installations, you will need to install the following prerequisites packages before you can successfully install OpenProject.
sudo apt install apt-transport-https ca-certificates wget 
Installation
Import the OpenProject PGP key that is used to sign the OpenProject packages:
wget -qO- https://dl.packager.io/srv/opf/openproject/key | sudo apt-key add -
Add the OpenProject package source:
sudo wget -O /etc/apt/sources.list.d/openproject.list \
https://dl.packager.io/srv/opf/openproject/stable/13/installer/debian/12.repo
Update the package repo, and install OpenProject
sudo apt update -y
sudo apt install openproject
After a while, OpenProject will be installed.
At this point, OpenProject is not yet ready to be used. You will need to perform some initial configurations first.
Initial Configurations
To start configuring OpenProject, run the following:
sudo openproject reconfigureYou will be greeted with the GUI for the OpenProject initial configuration.
Select default unless you know you need the BIM version of OpenProject.
Choose Install PostgreSQL server and database locally for a simple setup.
As I prefer to use NGINX as my web server, I choose to skip the web server install step. I will cover setting up the NGINX config later on.
You can choose to let the GUI configuration setup apache2 for you.
Choose Install new memcached server.
Give your server a FQDN.
Enable SSL.
Set the login email address for your initial admin account.
Choose your language.
OpenProject will now go through all the configuration processes.
After a while, OpenProject will finish configuring itself. If you have choose the apache2 setup in the GUI step, you can head over to https://your-openproject-server-FQDN and explore the web interfaces.
Otherwise, continue on to install the NGINX components.
Install and Configure NGINX
Install NGINX from the package repository.
sudo apt install nginx -y
NGINX Configs
Create a new NGINX config file at /etc/nginx/sites-available, using your preferred text editor such as nano.
I named my config file openproject to keep it simple. Modify and paste the following into the new file, and save.
server {
server_tokens off;
listen 443 ssl http2;
root /opt/openproject/public; #Your OpenProject Location. By default, OpenProject is install in /opt/openproject/public
index index.html index.htm index.php;
access_log /var/log/nginx/projects.example.com.log;
error_log /var/log/nginx/projects.example.com-error.log error;
server_name openproject.example.com; #Change this to your OpenProject Server FQDN
charset utf-8;
add_header Referrer-Policy "no-referrer-when-downgrade" always;
add_header X-Content-Type-Options nosniff always;
add_header X-Frame-Options DENY always;
add_header X-XSS-Protection "1; mode=block" always;
add_header Cache-Control "no-transform";
ssl_session_cache shared:SSL:10m;
ssl_session_timeout 24h;
ssl_prefer_server_ciphers on;
ssl_protocols TLSv1.3;
ssl_ciphers EECDH+CHACHA20:EECDH+AES;
ssl_ecdh_curve X25519:prime256v1:secp521r1:secp384r1;
ssl_certificate /etc/letsencrypt/live/projects.example.com/fullchain.pem; #Replace this with your SSL Certs
ssl_certificate_key /etc/letsencrypt/live/projects.example.com/privkey.pem; #Replace this with your SSL Key
location / {
proxy_pass http://127.0.0.1:6000;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Host $server_name;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_read_timeout 1200s;
client_max_body_size 0;
}
location = /favicon.ico { log_not_found off; access_log off; }
location = /robots.txt { log_not_found off; access_log off; }
# block access to all hidden files except .well-known
location ~* /\.(?!well-known\/) {
deny all;
}
}
Unlink the default config file, and link the newly created file.
sudo unlink /etc/nginx/sites-enabled/default
sudo ln -s /etc/nginx/sites-available/openproject /etc/nginx/sites-enabled/openproject
Test your NGINX config file
sudo nginx -t
If NGINX config test is successful, enable NGINX to auto-start on boot.
sudo systemctl enable nginx
If you have UFW enabled on your system, make sure you allow HTTPS on the UFW
sudo ufw status verbose
sudo ufw allow https
That's it! You should now be able to reach your OpenProject server at https://your-openproject-server-FQDN
Initial Sign In
The default credential for OpenProject Admin account is admin:admin. Change this upon first login!
Use a strong passphrase!
Choose your preferred language.
You can now start looking around and explore OpenProject.
