Public Repository

Last pushed: 6 hours ago
Short Description
Docker image for OpenProject Community Edition
Full Description

There are the following tags:

  • openproject/community:7 - The latest stable version of OpenProject's Community Edition.
  • openproject/community:7.0 - The latest build of the current release branch. This is not stable. As in this includes commits towards the next stable release currently being developed.

Quick start

This runs the latest stable branch of OpenProject. The database and attachments will be saved on the host. Meaning they will still be there after a restart of the docker container.

docker run \
  -p 8080:80 \
  -v /persistent/db-data/dir/on/host:/var/lib/postgresql/9.4/main \
  -v /persistent/openproject/data/on/host:/var/db/openproject \
  -e SECRET_KEY_BASE=youshouldoverwritethiswithsomethingelse \
  openproject/community:7

Don't forget to override the SECRET_KEY_BASE with a sensible value. I.e. a long, once randomly generated string.
After running this you can access OpenProject under http://localhost:8080.

Production

In production you will want to use a separate database running in a different container. Also it's a good idea to have the attachments on a NFS share if you want to run several OpenProject containers so that they share the attachments. Lastly a separate, shared memcached should be used so that the cache does not get lost when a container is restarted.

docker run \
  -v /mnt/nfs-share/openproject:/var/db/openproject \
  -e DATABASE_URL="postgres://user:password@host:5432/dbname?pool=10&encoding=unicode&timeout=5000&reconnect=true" \
  -e SECRET_KEY_BASE=youshouldoverwritethiswithsomethingelse \
  -e CACHE_MEMCACHE_SERVER=memcache.host
  -e CACHE_NAMESPACE=openproject
  openproject/community:7

Overriding DATABASE_URL allows you to use an external database.

SSL/TLS

The docker image does not support SSL. It only serves normal HTTP requests on port 80. If you do want OpenProject to be available under HTTPS you can put it behind a load balancer which takes care of SSL termination.

Alternatively you can use the packaged installation which does support SSL.

Docker Pull Command
Owner
openproject

Comments (10)
daxid
6 days ago

It seems tag 7 is now version 7.3
(u7 tag is not available anymore)

akafester
6 days ago

Use the u7 tag to get the 7.3 version.

r4j4h
15 days ago

Yeah 7.3 would be great to see.

It looks like https://community.openproject.com/projects/docker/work_packages/26459/ was recently created so hopefully soon!

weareframops
21 days ago

I am waiting for release 7.3. Hope it could be onboard soon

tureba
a year ago

Openproject is pretty good, but this container needs some better defaults. First off, the tags go against basic POLA. Versions with more components are supposed to be more tied down ("static" as people like to call it), whereas fewer components should really mean a more rolling release (latest in that LTS branch, for instance). But they reverse it in their "6<->stable & 6.0<->rolling" mapping, which is just weird. A couple of projects that do ir right are the linux kernel and postgres, for example, just so you know I'm not making this up. Thankfully, the "latest" tag finally works! (I can only hope it means what I think it means...)

Next off, session tokens aren't stored durably by default. So restarts cause users to re-login, which is a completely unnecessary pain for end users. Instead, they store it only on memcached, which is a bad idea in so many ways that even memcached guys have a very beefy item in their own FAQ advising against it.

Speaking of durability, never trust a container with a self-hosted database - it harms monitoring, backups, resources configuration - everything. Always use your own database outside of app containers. The database can be a container dedicated for that, sure. I'm just saying that an app container should bring only the app and connection points to the outside, not a dozen services plus the kitchen sink.

So to review: I like openproject, but it needs better defaults. This is the errata I propose for any user out there (docker-compose v2 syntax, because that's what I have in hand):

environment:
  DATABASE_URL: 'postgresql:///openproject?user=openproject'
  SESSION_STORE: 'active_record_store'
volumes:
  - '/var/log/openproject:/var/log/supervisor:Z'
  - '/var/db/openproject:/var/db/openproject:Z'
  - '/run/postgresql:/run/postgresql:Z'

The "db" volume is actually only used to store uploaded files. The "lib" volume suggested by the container was for the bundled database, which is a bad idea in the first place, so don't even map it. These two have pretty bad names by default, I know...

And to use a trusted unix socket connection for postgres, put this in your pg_hba.conf: "local openproject openproject trust" The database must already exist, owned by the openproject user, who does not need any permissions other than login.

Much saner. :-D

tormen
a year ago

docker pull openproject/community

results in:

Tag latest not found in repository docker.io/openproject/community

Any particular reason for this ?

k3njiy
a year ago

The docker-compose version doesn't seem to work. When building the image it hangs at

Building worker
Step 1 : FROM ruby:2.1
...
Step 7 : RUN gem install bundler --version "${BUNDLER_VERSION}"
 ---> Running in cc752c7df5d2
jmokwena
a year ago

@tobiaschochguertel @gruentee If you do a docker exec -it <container-id> bash you will land inside /usr/src/app there is a Dockerfile in there. I hope thats the file you are looking for.

gruentee
a year ago

Yeah, indeed, that'd be great!

tobiashochguertel
2 years ago

Can we see the Dockerfile or be able to fork it?