Redmine

h1. HowTo configure Nginx to run Redmine

This has configurations for Nginx and Thin that are working well for me. It is *not* an exhaustive installation guide; it is assumed that you have read the installation instructions and installed the appropriate packages for your distribution.

This setup gives you four Thin processes for concurrent handling of requests, and forwards to SSL at appropriate places to keep logins secure.

First, Thin -- here's what is in my /etc/thin/redmine.yml:

<pre>

--- 

pid: tmp/pids/thin.pid

group: redmine

wait: 30

timeout: 30

log: log/thin.log

max_conns: 1024

require: []

environment: production

max_persistent_conns: 512

servers: 4

daemonize: true

user: redmine

socket: /tmp/thin.sock

chdir: /var/lib/redmine/redmine 

</pre>

You'll have to change the user/group/chdir to appropriate values for your setup.

Next, the nginx configuration. This isn't an exhaustive configuration, just the relevant server{} bits. First, my standard proxy include file proxy.include, which you'll see referenced in the Redmine-specific part:

<pre>

    proxy_set_header   Host $http_host;                                                                                                                     

    proxy_set_header   X-Real-IP $remote_addr;                                                                                                                   

    proxy_set_header   X-Forwarded-For $proxy_add_x_forwarded_for;

    proxy_set_header   X-Forwarded-Proto $scheme;

    client_max_body_size       10m;

    client_body_buffer_size    128k;

    proxy_connect_timeout      90;

    proxy_send_timeout         90;

    proxy_read_timeout         90;

    proxy_buffer_size          4k;

    proxy_buffers              4 32k;

    proxy_busy_buffers_size    64k;

    proxy_temp_file_write_size 64k;

</pre>

Next, the actual nginx configuration:

<pre>

# Upstream Ruby process cluster for load balancing

upstream thin_cluster {

    server unix:/tmp/thin.0.sock;

    server unix:/tmp/thin.1.sock;

    server unix:/tmp/thin.2.sock;

    server unix:/tmp/thin.3.sock;

}

server {

    listen       your.ip.address.here:80;

    server_name  your.domain.name;

    access_log  /var/log/nginx/redmine-proxy-access;

    error_log   /var/log/nginx/redmine-proxy-error;

    include sites/proxy.include;

    root /var/lib/redmine/redmine/public;

    proxy_redirect off;

    # Send sensitive stuff via https

    rewrite ^/login(.*) https://your.domain.here$request_uri permanent;

    rewrite ^/my/account(.*) https://your.domain.here$request_uri permanent;

    rewrite ^/my/password(.*) https://your.domain.here$request_uri permanent;

    rewrite ^/admin(.*) https://your.domain.here$request_uri permanent;

    location / {

        try_files $uri/index.html $uri.html $uri @cluster;

    }

    location @cluster {

        proxy_pass http://thin_cluster;

    }

}

server {

    listen       your.ip.address.here:443;

    server_name  your.domain.here;

    access_log  /var/log/nginx/redmine-ssl-proxy-access;

    error_log   /var/log/nginx/redmine-ssl-proxy-error;

    ssl on;

    ssl_certificate /etc/ssl/startssl/your.domain.here.pem.full;

    ssl_certificate_key /etc/ssl/startssl/your.domain.here.key;

    include sites/proxy.include;

    proxy_redirect off;

    root /var/lib/redmine/redmine/public;

    # When we're back to non-sensitive things, send back to http

    rewrite ^/$ http://your.domain.here$request_uri permanent;

    rewrite ^/projects(.*) http://your.domain.here$request_uri permanent;

    rewrite ^/guide(.*) http://your.domain.here$request_uri permanent;

    rewrite ^/users(.*) http://your.domain.here$request_uri permanent;

    rewrite ^/my/page(.*) http://your.domain.here$request_uri permanent;

    rewrite ^/logout(.*) http://your.domain.here$request_uri permanent;

    location / {

        try_files $uri/index.html $uri.html $uri @cluster;

    }

    location @cluster {

        proxy_pass http://thin_cluster;

    }

}

</pre>