2

I hope some had a similar problem and could solve it. I try to bind Nextcloud and OpenProject together but cant get it to work.

the following picture shows the setup:

enter image description here

I configured (or even tried to) both services as mentioned in their documentation. I use Node-Package-Manager as a proxy service

I use a wildcard certificate (no self-signed certificate) and at openproject i have set the following custom settings:

proxy_set_header X-Forwarded-Host $host:$server_port;
proxy_set_header X-Forwarded-Proto https;

The Apache serve shipping with openproject was configured by the installation steps

Include /etc/openproject/addons/apache2/includes/server/*.conf
IncludeOptional /etc/openproject/addons/apache2/custom/server/*.conf

<VirtualHost *:80>
  ServerName openproject.example.net
  DocumentRoot /opt/openproject/public

  ProxyRequests off

  Include /etc/openproject/addons/apache2/includes/vhost/*.conf
  IncludeOptional /etc/openproject/addons/apache2/custom/vhost/*.conf

  # Can't use Location block since it would overshadow all the other proxypass directives on CentOS
  ProxyPass / http://127.0.0.1:6000/ retry=0
  ProxyPassReverse / http://127.0.0.1:6000/
</VirtualHost>

Based on this description external SSL termination

I created the OpenProject configuration. At the nextcloud i have set the following custom settings:

client_body_buffer_size 512k;
proxy_read_timeout 86400s;
client_max_body_size 0;
proxy_set_header Host $host;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
add_header Front-End-Https on;

Based on teh discription here Nextcloud configuration - Reverse proxy I edited the config.php like so:

  'overwrite.cli.url' => 'https://nextcloud.example.net',
  'trusted_proxies'   => ['192.168.1.44'],
  'overwritehost'     => 'nextcloud.example.net',
  'overwriteprotocol' => 'https',
  'overwritewebroot'  => '/',
  'overwritecondaddr' => '^192\.168\.1\.44$',

The tests on this site integration - troubleshooting

curl --location --request GET 'https://nextcloud.example.net/index.php/apps/integration_openproject/check-config' --header 'Authorization: foo'

resulted in the following error

curl: (60) SSL certificate problem: unable to get local issuer certificate
More details here: https://curl.se/docs/sslcerts.html

curl failed to verify the legitimacy of the server and therefore could not
establish a secure connection to it. To learn more about this situation and
how to fix it, please visit the web page mentioned above.

As mentioned before I tried all the configurations but nothing helped to establish a connection. I don't know what I'am missing and what I could try to get this working together...

Patrick Mevzek
  • 10,995
  • 16
  • 38
  • 54
MichaelT
  • 71
  • 1
  • 1
  • 7
  • I have the same issue. These apps forcing HTTPS connection really complicates things because container hostname must match certificate hostname. I've added my host machine IP to containers hosts files and added Let's Encrypt's cert to trusted certificates. Now I can connect from OpenProject to NextCloud, but not in reverse for some reason. – Sergey Mar 31 '23 at 08:11
  • Hi Sergey, are both of your instances available von the internet? Within my systemconfiguration I have them both only internally available. Thats why it doesn't work. I've got some help from "apfelcast" Daniel. Actually I don't push that topic but will have your comment in mind. Thx – MichaelT Apr 01 '23 at 12:42
  • Hi @MichaelT, a couple of questions to help localize the problem: * From where was the curl request made? from external, from openproject? * Are the RootCAs present on both systems? * Are curl requests functioning in both directions? – ulferts Apr 03 '23 at 08:08

0 Answers0