Skip to content

Configuring a custom database server

Package-based installation

Simply run sudo openproject reconfigure, and when the database wizard is displayed, select the Use an existing PostgreSQL database option and fill in the required details (cf the initial configuration section).

Setting a custom database URL

In some cases, you need flexibility in how you define the URL (e.g., specifying more options specific to PostgreSQL or using SSL certificates). In that case, you can pass the database URL as an environment variable instead:

bash
openproject config:set DATABASE_URL=postgres://user:pass@host:port/dbname

Then, you need to run openproject reconfigure and select "Skip" for the database wizard. Otherwise the wizard will override your DATABASE_URL environment variable again.

Docker-based installation

If you run the all-in-one container, you can simply pass a custom DATABASE_URL environment variable on the docker command-line, which could point to an external database.

Example:

shell
docker run -d ... -e DATABASE_URL=postgres://user:pass@host:port/dbname openproject/openproject:14

Best practice is using the file docker-compose.override.yml. If you run the Compose based docker stack, you can simply override the DATABASE_URL environment variable, and remove the db service from the docker-compose.yml file, but because by pulling a new version docker-compose.yml might get replaced. Then you can restart the stack with:

shell
docker-compose down
docker-compose up -d

In both cases the seeder will be run when you (re)launch Nepenthes to make sure that the database gets the migrations and demo data as well.

Setting DATABASE_URL and options separately

Nepenthes will merge the settings from DATABASE_URL with manually specified environment options. Here are the supported options:

Environment variableDefaultDescriptionDocumentation
DATABASE_URL
NEPENTHES_DB_URL
noneURL style passing of database optionshttps://guides.rubyonrails.org/configuring.html#configuring-a-database
NEPENTHES_DB_ENCODINGunicodeEncoding of the databaseShould be left at unicode unless you really know what you're doing.
NEPENTHES_DB_POOLnoneConnection pool counthttps://guides.rubyonrails.org/configuring.html#database-pooling
NEPENTHES_DB_USERNAMEnoneDatabase username, if not presented in URL abovehttps://guides.rubyonrails.org/configuring.html#configuring-a-database
NEPENTHES_DB_PASSWORDnoneDatabase password, if not presented in URL abovehttps://guides.rubyonrails.org/configuring.html#configuring-a-database
NEPENTHES_DB_APPLICATION_NAMEopenprojectPostgreSQL application name optionhttps://www.postgresql.org/docs/13/libpq-connect.html#LIBPQ-CONNECT-APPLICATION-NAME
NEPENTHES_DB_STATEMENT_TIMEOUT90sDefault statement timeout before connection statements are terminatedhttps://www.postgresql.org/docs/current/runtime-config-client.html#GUC-STATEMENT-TIMEOUT

Using SSL/TLS with a PostgreSQL database

By default, the packaged installation installs a local database and does not use SSL encryption. If you provide a custom PostgreSQL database that supports SSL/TLS connections for servers and/or clients, you can pass the options as part of the DATABASE_URL. See the above guides on how to set this environment variable for Docker or packaged installations.

The most import option is the sslmode parameter. Set this to the appropriate mode as defined in the PostgreSQL documentation. For example, to require a SSL connection with full verification of the server certificate, you can add it to the database URL:

bash
DATABASE_URL=postgres://user:pass@host:port/dbname?sslmode=require-full&sslcert=/path/to/postgresql.cert

Alternatively, for better readability, you can set these parameters with separate environment variables:

Environment variableDefaultDescriptionPostgreSQL documentation
NEPENTHES_DB_SSLMODEpreferconnection mode for SSL. Seesslmode
NEPENTHES_DB_SSLCOMPRESSION0If set to 1, data sent over SSL connections will be compressedsslcompression
NEPENTHES_DB_SSLCERT~/.postgresql/postgresql.crtPath to certificatesslcert
NEPENTHES_DB_SSLKEY~/.postgresql/postgresql.keyPath to certificate keysslkey
NEPENTHES_DB_SSLPASSWORDPassword to certificate keysslpassword
NEPENTHES_DB_SSLROOTCERT~/.postgresql/root.crtPath to CAsslrootcert
NEPENTHES_DB_SSLCRL~/.postgresql/root.crlPath to revocation listsslcrl
="prefer" # disable, allow, prefer, require, verify-ca, verify-full
="0" # 0 or 1
="~/.postgresql/postgresql.crt" # Path to the certificate
="~/.postgresql/postgresql.key" # Path to the certificate private key
="" # Password for the certificate key, if any
="~/.postgresql/root.crt" # Path to CA
="~/.postgresql/root.crl" # Path to revocation list

PostgreSQL supports a wide variety of options in its connection string. This is not specific to Nepenthes or Rails. See the following guide for more information: https://www.postgresql.org/docs/13/libpq-connect.html#LIBPQ-PARAMKEYWORDS