These are chat archives for opf/openproject

8th
Oct 2015
kgalli
@kgalli
Oct 08 2015 09:25
@astehmari which kind of installation do you use -- do you use the packager installation?
astehmari
@astehmari
Oct 08 2015 10:20
@kgalli i'm using OpenProject 4.2.7 (Mysql2)
kgalli
@kgalli
Oct 08 2015 10:22
ok and you installed it manually on a Linux Server, right? Which Linux Distro do you use?
astehmari
@astehmari
Oct 08 2015 10:22
Debian 8
kgalli
@kgalli
Oct 08 2015 10:24
ok I assume you followed this installation guide https://www.openproject.org/open-source/manual-installation/manual-installation-guide/ and you have only openproject as a vhost configured or do you have anything else running on this server especially in regard to you apache config
astehmari
@astehmari
Oct 08 2015 10:25
yes i followed that guide, i do have other domain hosted under apache.
several domains
i've bought a ssl from godaddy
kgalli
@kgalli
Oct 08 2015 10:27
so it is possible it is just a misconfiguration of you apache conf. How do you try to setup SSL for your site

your setup of the virtual host for openproject should include something similar to this

<VirtualHost *:443>
...
SSLEngine on
SSLCertificateKeyFile /etc/apache2/mycert/server.key
SSLCertificateFile /etc/apache2/mycert/server.crt
...
</VirtualHost>

And you have to activate the SSL module: a2enmod ssl

Is that different to what you did to set thing up?
astehmari
@astehmari
Oct 08 2015 10:32
Under Webmin / Apache / Vitural Host / SSL Option; i setup the ssl.
ServerAdmin webmaster@localhost
ServerName www.[domain]

SSLEngine on

SSLCertificateFile /etc/ssl/certs/[domain].pem
SSLCertificateKeyFile /etc/ssl/private/[domain].key
SSLCACertificateFile /etc/ssl/certs/sf_bundle-g2-g1_piu.crt

DocumentRoot "/home/www/[domain]"
ServerAdmin webmaster@[domain]
ErrorLog /var/log/apache2/error.log
CustomLog /var/log/apache2/access.log combined
<Directory "/home/www/[domain]">
    allow from all
    Options None
    Require all granted
</Directory>
<Directory "/home/www/[domain]">
    allow from all
    Options None
    Require all granted
</Directory>

SSLProtocol +TLSv1 +TLSv1.1 +TLSv1.2

kgalli
@kgalli
Oct 08 2015 10:36
ok fine. Can you please paste the error log for the configuration. I do not think the module passenger_module is already loaded is your problem because that is typically just a warning.
astehmari
@astehmari
Oct 08 2015 10:44
oops wrong vhost details
ServerAdmin webmaster@localhost
ServerName [domain]
SSLEngine off
SSLCertificateFile /etc/ssl/certs/15aa1a9ec4efbbc2.crt
SSLCertificateKeyFile /etc/ssl/private/[domain].key
SSLCACertificateFile /etc/ssl/certs/sfroot-g2.crt

DocumentRoot /home/openproject/openproject/public

<Directory /home/openproject/openproject/public>
AllowOverride all
Options -MultiViews
Require all granted
</Directory>
<Directory "/home/openproject/openproject/public">
allow from all
Options None
Require all granted
</Directory>

when i turn on SSL:
Failed to apply changes :
[ 2015-10-08 10:43:16.4751 9043/7ffb8d952700 Ser/Server.h:752 ]: [ServerThr.2] Freed 128 spare client objects
[ 2015-10-08 10:43:16.4751 9043/7ffb8d952700 Ser/Server.h:443 ]: [ServerThr.2] Shutdown finished
[ 2015-10-08 10:43:16.4753 9043/7ffb8d0d0700 Ser/Server.h:752 ]: [ApiServer] Freed 0 spare client objects
[ 2015-10-08 10:43:16.4753 9043/7ffb8d0d0700 Ser/Server.h:443 ]: [ApiServer] Shutdown finished
[ 2015-10-08 10:43:16.4895 9043/7ffb935b3780 age/Cor/CoreMain.cpp:942 ]: Passenger core shutdown finished
kgalli
@kgalli
Oct 08 2015 11:03
you should also set the RequestHeader set X_FORWARDED_PROTO 'https' but still do not realy understand what is the problem. Where is the output which complains about module passenger_module is already loaded
if you want you can follow the following approach. It is setting up a proxy for https. That should work for you http://blog.miloot.com/blog/2013/10/25/how-to-setup-apache-with-passanger-plus-https-and-rails/
maybe that is a better help then iterating to the problem itself
astehmari
@astehmari
Oct 08 2015 11:13
I just converted the first .crt to .pem. Now the servers does not crash. but the site is not assessable. checked with https://www.ssllabs.com/ssltest/ and got No secure protocols supported. I will make the changes you advised and follow that guide.
RequestHeader set X_FORWARDED_PROTO 'https'. Where is this to be set?
astehmari
@astehmari
Oct 08 2015 11:23
@kgalli RequestHeader set X_FORWARDED_PROTO 'https'. Where is this to be set?
kgalli
@kgalli
Oct 08 2015 11:26
just place it under your SSL... settings
SSLCertificateFile /etc/ssl/certs/15aa1a9ec4efbbc2.crt
SSLCertificateKeyFile /etc/ssl/private/[domain].key
SSLCACertificateFile /etc/ssl/certs/sfroot-g2.crt

# rails needs the header for its own processing
 RequestHeader set X_FORWARDED_PROTO 'https'
astehmari
@astehmari
Oct 08 2015 13:01
@kgalli thanks, its working now.
kgalli
@kgalli
Oct 08 2015 13:04
@astehmari that is perfect. Do you know what went wrong in the first place? Just curious ...
astehmari
@astehmari
Oct 08 2015 13:31
there was a discrepancy between the key and the crt, i reprocessed them and added the RequestHeader, now its all good.