This guide deploys OpenProject with Docker Compose on Debian 10 to latest stable, Ubuntu LTS, and RHEL 9+ compatible hosts. OpenProject is a project management software for Agile, Scrum, and Kanban teams.
- name: Deploy OpenProject
hosts: openproject
become: true
vars:
app_root: /opt/openproject
app_port: 8080
openproject_version: "17"
secret_key_base: "{{ vault_openproject_secret_key }}"
host_name: "openproject.example.com"
smtp_address: "smtp.example.com"
smtp_username: "smtp-user"
smtp_password: "{{ vault_openproject_smtp_password }}"
tasks:
- name: Install Docker on Debian/Ubuntu
apt:
name:
- docker.io
- docker-compose-plugin
state: present
update_cache: true
when: ansible_os_family == "Debian"
- name: Install Docker on RHEL family
dnf:
name:
- docker-ce
- docker-ce-cli
- containerd.io
- docker-compose-plugin
state: present
when: ansible_os_family == "RedHat"
- name: Enable and start Docker
service:
name: docker
state: started
enabled: true
- name: Create app directory
file:
path: "{{ app_root }}"
state: directory
mode: "0755"
- name: Write Docker Compose file
copy:
dest: "{{ app_root }}/docker-compose.yml"
mode: "0644"
content: |
version: '3.8'
services:
openproject:
image: openproject/openproject:{{ openproject_version }}
container_name: openproject
restart: unless-stopped
ports:
- "{{ app_port }}:80"
environment:
- SECRET_KEY_BASE={{ secret_key_base }}
- OPENPROJECT_HOST__NAME={{ host_name }}
- OPENPROJECT_HTTPS=false
- OPENPROJECT_EMAIL_SEND_ADDRESS={{ smtp_address }}
- OPENPROJECT_EMAIL_SEND_USERNAME={{ smtp_username }}
- OPENPROJECT_EMAIL_SEND_PASSWORD={{ smtp_password }}
- OPENPROJECT_EMAIL_SEND_DELIVERY_METHOD=smtp
volumes:
- ./pgdata:/var/openproject/pgdata
- ./assets:/var/openproject/assets
- ./logs:/var/openproject/log
- name: Start application stack
community.docker.docker_compose:
project_src: "{{ app_root }}"
state: present
- name: Wait for OpenProject to be ready
uri:
url: "http://localhost:{{ app_port }}"
status_code: 200,302
register: result
until: result.status in [200, 302]
retries: 60
delay: 5
Create an ansible-vault file with secure secrets:
# group_vars/all/vault.yml
vault_openproject_secret_key: "your-random-32-character-secret-key"
vault_openproject_smtp_password: "your-smtp-password"
Generate the secret key with: openssl rand -hex 32
# Run the playbook
ansible-playbook -i inventory.ini openproject.yml
# With vault password
ansible-playbook -i inventory.ini openproject.yml --ask-vault-pass
For production deployments, consider adding:
pgdata and assets volumesFor production, enable HTTPS:
vars:
host_name: "openproject.example.com"
environment:
- OPENPROJECT_HTTPS=true
For large deployments, use external PostgreSQL:
environment:
- DATABASE_URL=postgresql://openproject:password@db-host:5432/openproject
- SECRET_KEY_BASE={{ secret_key_base }}
See Configuration and Security for production hardening.
Any questions?
Feel free to contact us. Find all contact information on our contact page.