This will execute `certbot renew` every day at 1am. The command checks if the certificate is expired and renews it if that is the case. The web server is restarted in a post hook in order for it to pick up the new certificate.
<divclass="alert alert-warning"role="alert">
## External SSL termination
If you terminate SSL externally before the request hits the OpenProject server, you need to let the OpenProject server know that the request being handled is https, even though SSL was terminated before. This is the most common source in problems in OpenProject when using an external server that terminates SSL.
Please ensure that if you're proxying to the openproject server, you set the HOST header to the internal server. This ensures that the host name of the outer request gets forwarded to the internal server. Otherwise you might see redirects in your browser to the internal host that OpenProject is running on.
On your outer proxying server, set these commands:
- In Apache2, set the `ProxyPreserveHost On`directive
- In NginX, use the following value: `proxy_set_header X-Forwarded-Host $host:$server_port;`
If you're terminating SSL on the outer server, you need to set the `X-Forwarded-Proto https`header to let OpenProject know that the request is HTTPS, even though its been terminated earlier in the request on the outer server.
- In Apache2, use `RequestHeader set "X-Forwarded-Proto" https`
- In Nginx, use `proxy_set_header X-Forwarded-Proto https;`
Finally, to let OpenProject know that it should create links with 'https' when no request is available (for example, when sending emails), you need to set the Protocol setting of OpenProject to `https`. You will find this setting on your system settings or via the rails console with `Setting.protocol = 'https'`
@ -325,7 +325,7 @@ If you have a separate server that is terminating SSL and only forwarding/proxyi
### Skip** (not recommended)
### Skip (not recommended)
The installer will not set up an external web server for accessing. You will need to either install and set up a web server such as Apache2 or Nginx to function as the web server forwarding to our internal server listeing at `localhost:6000` by proxying.