redmine4 설치

OS : RockyLinux 8.0
redmine : 4.2.3

# /etc/sysconfig/selinux
SELINUX=disabled
# sudo dnf update
# systemctl firewalld stop

1. Apache install

# sudo dnf install httpd
# systemctl enable --now httpd.service
redmine 경로는 /var/www/redmine 으로 할 예정이다.
# usermod -aG $USER apache

2.  MySQL Server install

# sudo dnf install mysql-server
# sudo systemctl enable mysqld --now
# mysql_secure_installation
# mysql -u root -p
mysql> CREATE USER 'redmine'@'localhost' IDENTIFIED BY 'password';
mysql> CREATE DATABASE redmine CHARACTER SET utf8mb4;
mysql> GRANT ALL PRIVILEGES ON redmine.* TO 'redmine'@'localhost';
mysql> exit

3. EPEL Repository install

# dnf install epel-release
# dnf config-manager --set-enabled powertools

4. Ruby and other requisites install

# dnf module list ruby
Rocky Linux 8 - AppStream
Name            Stream             Profiles              Summary
ruby            2.5 [d]            common [d]            An interpreter of object-oriented scripting language
ruby            2.6                common [d]            An interpreter of object-oriented scripting language
ruby            2.7                common [d]            An interpreter of object-oriented scripting language
ruby            3.0                common [d]            An interpreter of object-oriented scripting language

Redmine's latest version is compatible with every version except 3.0. We will install Ruby 2.7 for our tutorial.

Reset other versions and enable the 2.7 version of Ruby.

# dnf module reset ruby
# dnf module enable ruby:2.7
# dnf install ruby ruby-devel
# ruby -v
ruby 2.7.4p191 (2021-07-07 revision a21a3b7d23) [x86_64-linux]

# sudo dnf install rpm-build wget libxml2-devel make automake libtool ImageMagick ImageMagick-devel mariadb-devel httpd-devel openssl-devel libcurl-devel gcc gcc-c++

5. redmine install

# cd /var/www
# wget https://redmine.org/releases/redmine-4.2.3.tar.gz
# mv redmine-4.2.3 /var/www/redmine
# cd /var/www/redmine
# cp config/configuration.yml.example config/configuration.yml
# cp config/database.yml.example config/database.yml
# cp public/dispatch.fcgi.example public/dispatch.fcgi

# config/database.yml
production:
  adapter: mysql2
  database: redmine
  host: localhost
  username: root
  password: "password"
  # Use "utf8" instead of "utfmb4" for MySQL prior to 5.7.7
  encoding: utf8mb4
  
# gem install bundler
# bundle config set --local without 'development test'
# bundle install
# gem pristine --all
# bundle exec rake generate_secret_token
# RAILS_ENV=production bundle exec rake db:migrate

# mkdir -p public/plugin_assets
# chown -R $USER:$USER files log tmp public/plugin_assets
# chmod -R 755 /var/www/remine/

# bundle exec rails server webrick -e production
=> Booting WEBrick
=> Rails 5.2.6 application starting in production on http://0.0.0.0:3000
=> Run `rails server -h` for more startup options
[2022-05-12 12:58:19] INFO  WEBrick 1.6.1
[2022-05-12 12:58:19] INFO  ruby 2.7.4 (2021-07-07) [x86_64-linux]
[2022-05-12 12:58:19] INFO  WEBrick::HTTPServer#start: pid=117224 port=3000
Open the URL http://<yourserverIP>:3000/login to obtain the Redmine Login screen.

Redmine Login 화면

최초 계정은 admin / addmin , 로그인 후 패스워드는 변경할 수 있다.

6. Phusion Passenger Install
Phusion Passenger is a ruby application server that allows us to serve Redmine via a 3rd party server. In our case, we will use Apache.

# gem install passenger
# passenger-install-apache2-module

Welcome to the Phusion Passenger Apache 2 module installer, v6.0.12.

This installer will guide you through the entire installation process. It
shouldn't take more than 3 minutes in total.

Here's what you can expect from the installation process:

 1. The Apache 2 module will be installed for you.
 2. You'll learn how to configure Apache.
 3. You'll learn how to deploy a Ruby on Rails application.

Don't worry if anything goes wrong. This installer will advise you on how to
solve any problems.

Press Enter to continue, or Ctrl-C to abort.

--------------------------------------------
Next, you will be asked for the language. Ruby is selected by default, so just press Enter to continue.

Which languages are you interested in?

Use <space> to select.
If the menu doesn't display correctly, press '!'

 ? ?  Ruby
   ?  Python
   ?  Node.js
   ?  Meteor

--------------------------------------------
You may get a warning about file permissions. If you have been following our tutorial, just press Enter to continue.

Warning: some directories may be inaccessible by the web server!

The web server typically runs under a separate user account for security
reasons. That user must be able to access the Phusion Passenger(R) files.
However, it appears that some directories have too strict permissions. This
may prevent the web server user from accessing Phusion Passenger(R) files.

It is recommended that you relax permissions as follows:

  sudo chmod o+x "/home/navjot"

Press Ctrl-C to return to the shell. (Recommended)
After relaxing permissions, re-run this installer.
  -OR-
Press Enter to continue anyway.
The whole process will take around 10-15 minutes to finish. If you get an error like the following, it is most likely due to low RAM. You should either increase RAM on your server or install swap space.

c++: fatal error: Killed signal terminated program cc1plus
compilation terminated.
rake aborted!
Once the process is complete, you will get the following message.

--------------------------------------------
Almost there!

Please edit your Apache configuration file, and add these lines:

   LoadModule passenger_module /usr/local/share/gems/gems/passenger-6.0.13/buildout/apache2/mod_passenger.so
   <IfModule mod_passenger.c>
     PassengerRoot /usr/local/share/gems/gems/passenger-6.0.13
     PassengerDefaultRuby /usr/bin/ruby
   </IfModule>

After you restart Apache, you are ready to deploy any number of web
applications on Apache, with a minimum amount of configuration!

Press ENTER when you are done editing.
Don't press Enter yet. Open a new session on your server as the current user and perform the following configurations.

Configure Apache Server
Create an Apache module configuration file for Phusion Passenger.

# vim /etc/httpd/conf.modules.d/00-passenger.conf

LoadModule passenger_module /usr/local/share/gems/gems/passenger-6.0.13/buildout/apache2/mod_passenger.so
 <IfModule mod_passenger.c>
   PassengerRoot /usr/local/share/gems/gems/passenger-6.0.13
   PassengerDefaultRuby /usr/bin/ruby
 </IfModule>

# vim /etc/httpd/conf.d/redmine.conf

Listen 3000
<IfModule mod_passenger.c>
  PassengerRoot /usr/local/share/gems/gems/passenger-6.0.13
  PassengerDefaultRuby /usr/bin/ruby
</IfModule>
<VirtualHost *:3000>
    ServerName pms.abc.com
    DocumentRoot "/var/www/redmine/public"

    CustomLog logs/redmine_access.log combined
    ErrorLog logs/redmine_error_log
    LogLevel warn

    <Directory "/var/www/redmine/public">
        Options Indexes ExecCGI FollowSymLinks
        Require all granted
        AllowOverride all
    </Directory>
</VirtualHost>

# vim  /etc/httpd/conf/httpd.conf

ServerName localhost

# httpd -t
# systemctl restart httpd
Your website should be available at http://pms.abc.com:3000.

7. SSL install

# dnf install certbot
# systemctl stop httpd
# certbot certonly --standalone --agree-tos --no-eff-email --staple-ocsp --preferred-challenges http -m name@abc.com -d pms.abc.com
# systemctl start httpd
# openssl dhparam -out /etc/ssl/certs/dhparam.pem 2048
# mkdir -p /var/lib/letsencrypt
# vim /etc/cron.daily/certbot-renew
#!/bin/sh
certbot renew --cert-name pms.abc.com --webroot -w /var/lib/letsencrypt/ --post-hook "systemctl restart nginx"
# chmod +x /etc/cron.daily/certbot-renew

8. Configure Nginx as Reverse-proxy install
Rocky Linux 8 ships with four different versions of Nginx - 1.14, 1.16, 1.18 and 1.20.

# dnf module list nginx
Last metadata expiration check: 20:23:20 ago on Mon 03 Jan 2022 12:38:07 PM UTC.
Rocky Linux 8 - AppStream
Name                      Stream                       Profiles                      Summary
nginx                     1.14 [d]                     common [d]                    nginx webserver
nginx                     1.16                         common [d]                    nginx webserver
nginx                     1.18                         common [d]                    nginx webserver
nginx                     1.20                         common [d]                    nginx webserver

Extra Packages for Enterprise Linux Modular 8 - x86_64
Name                      Stream                       Profiles                      Summary
nginx                     mainline                     common                        nginx webserver
nginx                     1.20                         common [d]                    nginx webserver

Hint: [d]efault, [e]nabled, [x]disabled, [i]nstalled
Reset other versions and enable the 1.20 version of Nginx.


# sudo dnf module reset nginx
# sudo dnf module enable nginx:1.20
Install Nginx. We are temporarily disabling the Epel repository since we want to grab Nginx from the Appstream.

# sudo dnf install nginx --disablerepo=epel-modular
# nginx -v
nginx version: nginx/1.20.1

# vim /etc/httpd/conf/httpd.conf

Listen 8080

# systemctl restart httpd
# vim /etc/nginx/conf.d/redmine.conf

# Redirect all non-encrypted to encrypted
server {
    listen 80;
    server_name pms.abc.com;
    return 301 https://$host$request_uri;
}

server {
    listen 443 ssl http2;

    server_name pms.abc.com;

    ssl_certificate     /etc/letsencrypt/live/pms.abc.com/fullchain.pem;
    ssl_certificate_key /etc/letsencrypt/live/pms.abc.com/privkey.pem;
    ssl_trusted_certificate /etc/letsencrypt/live/pms.abc.com/chain.pem;

    ssl_session_timeout  5m;
    #ssl_session_cache shared:MozSSL:10m;
    ssl_session_tickets off;

    ssl_protocols TLSv1.2 TLSv1.3;
    ssl_prefer_server_ciphers on;
    ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384;
    ssl_ecdh_curve X25519:prime256v1:secp384r1:secp521r1;
    ssl_stapling on;
    ssl_stapling_verify on;
    ssl_dhparam /etc/ssl/certs/dhparam.pem;
    resolver 8.8.8.8;

    access_log /var/log/nginx/pms.abc.com.access.log main;
    error_log  /var/log/nginx/pms.abc.com.error.log;

        location / {
        proxy_pass          http://localhost:3000;
        proxy_redirect      off;
        proxy_buffering     off;
        proxy_set_header    Host $host;
        proxy_set_header    X-Real-IP $remote_addr;
        proxy_set_header    X-Forwarded-For $proxy_add_x_forwarded_for;
    }
}


# vim /etc/nginx/nginx.conf

    server_names_hash_bucket_size  64; ---> 이 부분 추가
    include /etc/nginx/conf.d/*.conf;
    
# nginx -t
# nginx -t
nginx: the configuration file /etc/nginx/nginx.conf syntax is ok
nginx: configuration file /etc/nginx/nginx.conf test is successful

# systemctl start nginx

 

 

 

참고)

https://www.howtoforge.com/how-to-install-redmine-project-management-software-on-rocky-linux-8/