Developing OpenProject locally with HTTPS

In some cases, running OpenProject locally with https can be useful for development. For example, if your testing or developing an OmniAuth plugin, you’ll want to be able to return to OpenProject running under https.

This guide will instruct you how to install and configure an Apache2 proxy/reverse-proxy pattern with OpenProject. This closely matches the way OpenProject is run in production systems for packaged and docker-based installations.

Step 1: Create a self-signed certificate

You will need a certificate to terminate SSL requests at Apache. For development purposes only, create a self-signed certificate as follows:

sudo mkdir -p /etc/ssl/openproject-dev/
sudo openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout /etc/ssl/openproject-dev/privkey.key -out /etc/ssl/openproject-dev/cert.crt

This will output a private key and certificate to /etc/ssl/openproject-dev for use with Apache2.

Step 2: Set up a custom host

You may want to have a full host name available for development. Let’s assume this is You can forward this hostname to your local machine by editing /etc/hosts and adding to it.

Step 3: Install and configure Apache2

First, you’ll need to install the Apache2 web server. The actual command will differ depending on your actual distribution. For apt-based systems, the following command is used:

sudo apt-get install apache2

Next, ensure that mod_ssl, mod_proxy and mod_proxy_http are installed and active. Read up in your distribution’s apache configuration on how to enable them. You can check the output of apachectl -M and verify they are being loaded.

You will then add a configuration for OpenProject under:

nano /etc/apache2/sites-available/openproject-dev-ssl.conf

The path might differ. For RHEL/Fedora systems, the configuration directory resides at /etc/apache2/conf.d/.

The following contains an exemplary configuration:

<VirtualHost *:80>
    redirect permanent /

<VirtualHost *:443>
    # SSL Start

    SSLEngine On
    SSLCertificateFile /etc/ssl/openproject-dev/cert.crt
    SSLCertificateKeyFile /etc/ssl/openproject-dev/privkey.key
    # If you have a chain file (not self-signed certificate), uncomment this
    # SSLCertificateChainFile /etc/ssl/openproject-dev/chain.pem

    # Set Forwarded protocol header to proxy
    # otherwise OpenProject doesn't know we're terminating SSL here.
    RequestHeader set X_FORWARDED_PROTO 'https'

    # SSL End


    # Proxy requests to development localhost:3000 / puma worker
    ProxyRequests off
    ProxyPass / retry=0
    ProxyPassReverse /

Save the configuration file and reload the Apache2 server. Ensure the syntax is correct with apachectl configtest.

In case you’re in an environment with SELinux enabled, you will also need to allow Apache2 to connect locally to the application server. You can do that with /usr/sbin/setsebool -P httpd_can_network_connect 1.

Step 4: Configure OpenProject for HTTPS usage

We assume you have already configured your OpenProject local development environment as described in this guide. You will need to add your custom host name to config/environments/development.rb:

Rails.application.config.hosts << ''

Then, you will start a REPL console for OpenProject with: RAILS_ENV=development ./bin/rails console

Update the settings for host name and protocol:

Setting.protocol = 'https'
Setting.host_name = ''

Finally, start your OpenProject development server and Frontend server and access in your browser.

Questions, Comments, and Feedback

If you have any further questions, comments, feedback, or an idea to enhance this guide, please tell us at the appropriate forum. Follow OpenProject on twitter, and follow the news to stay up to date.