Checklist  
Enterprise Installation Service 
 

OpenProject GmbH 

Version 1.7 – 2019-10-31 

1. Purpose 
This checklist is used to ensure that our OpenProject staff can perform the initial installation 
of efficiently without additional information required by you during the installation event. 

2. Overview 

   

Checklist Installation Services

3. Server Requirements 
3.1 Linux distribution 

We currently support the following 64bit-only distributions. Please make sure you are 
providing us with a server that match one of the following: 

● Ubuntu 16.04 and 18.04 

● Debian 8 Jessie and 9 Stretch 
● CentOS/RHEL 7.x 
● Suse Linux Enterprise Server 12 
 
❏ Server is using a supported distribution from the above list 

 
Please verify that your server runs on a 64bit architecture by running the following 
command and verifying that the result is x86_64: 

$ uname -i 

x86_64 

❏ Server is running on 64bit architecture 

3.2 Separate application server 

The packaged installation will mount OpenProject into an Apache VirtualHost that ​will 
conflict with existing services integrated into the Apache web server. Please confirm that 
you have provisioned a separate virtual or physical server that OpenProject may control. 

Note: We do not support shared installations of OpenProject where Apache is already 

running other services. 

❏ Required: OpenProject is running on a separated environment and no other 

public-facing services are being run on the same environment. 
❏ Required: The Apache web server can be installed and controlled by OpenProject 
staff and will be public facing on standard ports (80, 443). 

Checklist Installation Services

3.3 Single or multi-server environment 

OpenProject can be configured to run across multiple application servers behind a shared 
load balancer. 

❏ OpenProject will be running as a ​single-server ​environment. 

❏ OpenProject will be running as a ​multi-server ​environment 
❏ There will be [​ ​] application servers provisioned for OpenProject 
❏ All application servers have access to and share the same database 
connection 
❏ I acknowledge that a load balancer needs to be set up beforehand for the 
application servers. 
❏ The load balancer terminates SSL/TLS connections (You will not be required 
to provide ​SSL/TLS certificates​) 

Terminating SSL/TLS at the load balancer level 

If you checked the option that SSL/TLS is being terminated at a load balancer you control, the
internal application servers we set up will not be handling any SSL connections. In this case, you
must set the header ​X-Forwarded-Proto HTTPS​ to let the internal servers know we’re running in a
terminated SSL/TLS connection. Without this header, the setup of OpenProject will fail.

To set this value in an Apache2 virtualhost , you can use the following directive:

RequestHeader set X_FORWARDED_PROTO 'https' 

Storage requirements 
OpenProject can persist files such as attachments either on a local disk (only for 
single-server environments), a network-attached storage, or Amazon S3 cloud storage. 

If multiple application servers are used, attachments and repositories need to be shared 
among them. An existing NFS mount should be made available to all servers or access to a S3 
storage granted. 

❏ The environment provides a local disk mount of [​ ​] Gigabytes storage 

❏ The environment provides a NFS mount of [​ ​] Gigabytes storage 
❏ S3 credentials for cloud storage attachments will be provided 

Checklist Installation Services

4. Access 

To perform the installation, we will need first-hand access to your server. Please let us know 
how we will be able to access it. 

❏ With SSH 

❏ With SSH and OpenVPN 

❏ With SSH and VPNC 
❏ With SSH and PPTP 
❏ Other (​Note: Please provide instructions for accessing your server from *Nix 
systems.) 

We will send you our signed public SSH key to be included on your server a few days before 
we perform the installation. 

5. Configuration 
5.1 Domain name 

What will be the fully qualified domain name that you want to associate with your 
OpenProject installation? E.g. openproject.company.com 

5.2 Access to OpenProject package repository 

The OpenProject packaged installation is retrieved from package sources at ​packager.io​. 

You need to ensure access is granted to these sources. Necessary permissions for the 
system user to add package sources and install packages must be granted. 

If a proxy or company firewall prohibits this access, the source must be whitelisted to allow 
installing/upgrading through the OS package manager or both ​http​ and ​https​ proxy 
configuration must be configured on the server. 

❏ Server has unrestrained internet access 

❏ Server is behind a proxy (http and https configuration must be provided) 

Checklist Installation Services

5.3 SSL/TLS certificates 

Do you require SSL/TLS certificates to be installed? If so, we require that the relevant files 
(​certificate, private key, intermediate CA bundle​) be copied on the server prior to the 
installation. 

❏ SSL/TLS certificates will be made available for the environment 

❏ Lets-Encrypt certificates shall be installed with certbot (​supported distribution 
required​) 
❏ SSL/TLS not required (load balancer terminates SSL/TLS or no TLS encryption 
required) 

5.4 Database 

By default we will install a local PostgreSQL 10 database server on the machine through the 
official postgresql.org package sources. This only applies to single-server environments. 

If you are planning to install a multi-server environment, you need to provide an existing 
PostgreSQL database server and provide us the necessary details (​host, port, database 
username, database password, database name​). Please ensure that the credentials are valid 
prior to our installation date. We do not support other database management systems. 

❏ A local PostgreSQL database shall be installed by OpenProject 

❏ An existing PostgreSQL database (>= 9.6) is present shall be used. 

Checklist Installation Services

6. Email configuration 
6.1 Outgoing mail configuration 

To enable email sending from OpenProject, we can either install a local sendmail server with 
a stock configuration (although the sent emails may end up in the spam folder of the 
recipients), or we can connect to mail account through SMTP with the following credentials 
you provide (SMTP host, port, username, password, domain). 

6.2 Incoming mail configuration 

OpenProject can optionally retrieve mail responses and new mails from a separate 
POP3/IMAP account to derive new tickets and status updates. This MAY be the SMTP 
account configured in the previous step. 

For more information about this feature, ​please visit our website​. 
 

Checklist Installation Services

7. Out of scope 
As part of our Enterprise installation service, we provide the one-off installation of 
OpenProject, therefore we cannot perform ensuing support tasks, such as 

● continuously backing up OpenProject, 

● ongoing maintenance, application and system upgrades, 
● configuration or maintenance of Load balancer, 
● creation or updating of SSL certificates. 
 
Please refer to the ​user and administration guides on our website​ to maintain your 
OpenProject environment. 
 

7.1 LDAP integration 

An existing LDAP server can be integrated through the admin panel. ​This is not part of the 
installation service​. For more information, please refer to the LDAP administration guides: 

● Managing LDAP authentication 

● Setting up LDAP group synchronization 

Requirements​: 

● Admin DN + Password for user lookup + synchronization 

● User attributes (UID identifier, mail, firstname, last name, admin flag) 

7.2 Monitoring and Backups 

OpenProject can be integrated into your monitoring system by periodically checking the 
URL `​your-openproject-domain.example/health_checks/all​`. 

Backups of the database, configuration and mounted attachments can be created by 
openproject run backup​ on demand, but are not run automatically by default. 

 
 

Checklist Installation Services