HowTo configure Nginx to run Redmine » History » Revision 2
Revision 1 (Jeff Mitchell, 2010-06-06 02:30) → Revision 2/3 (Jeff Mitchell, 2010-06-06 02:43)
h1. HowTo configure Nginx to run Redmine This has configurations for Nginx and Thin that are working well for me. It is *not* an exhaustive installation guide; it is assumed that you have read the installation instructions and installed the appropriate packages for your distribution. This setup gives you four Thin processes for concurrent handling of requests, and forwards (Note: I intend to SSL at appropriate places do this, but got interrupted right after I started...so more to keep logins secure. First, Thin -- here's what is in my /etc/thin/redmine.yml: <pre> --- pid: tmp/pids/thin.pid group: redmine wait: 30 timeout: 30 log: log/thin.log max_conns: 1024 require: [] environment: production max_persistent_conns: 512 servers: 4 daemonize: true user: redmine socket: /tmp/thin.sock chdir: /var/lib/redmine/redmine </pre> You'll have to change the user/group/chdir to appropriate values for your setup. Next, the nginx configuration. This isn't an exhaustive configuration, just the relevant server{} bits. First, my standard proxy include file proxy.include, which you'll see referenced in the Redmine-specific part: <pre> proxy_set_header Host $http_host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto $scheme; client_max_body_size 10m; client_body_buffer_size 128k; proxy_connect_timeout 90; proxy_send_timeout 90; proxy_read_timeout 90; proxy_buffer_size 4k; proxy_buffers 4 32k; proxy_busy_buffers_size 64k; proxy_temp_file_write_size 64k; </pre> Next, the actual nginx configuration: <pre> # Upstream Ruby process cluster for load balancing upstream thin_cluster { server unix:/tmp/thin.0.sock; server unix:/tmp/thin.1.sock; server unix:/tmp/thin.2.sock; server unix:/tmp/thin.3.sock; } server { listen your.ip.address.here:80; server_name your.domain.name; access_log /var/log/nginx/redmine-proxy-access; error_log /var/log/nginx/redmine-proxy-error; include sites/proxy.include; root /var/lib/redmine/redmine/public; proxy_redirect off; # Send sensitive stuff via https rewrite ^/login(.*) https://your.domain.here$request_uri permanent; rewrite ^/my/account(.*) https://your.domain.here$request_uri permanent; rewrite ^/my/password(.*) https://your.domain.here$request_uri permanent; rewrite ^/admin(.*) https://your.domain.here$request_uri permanent; location / { try_files $uri/index.html $uri.html $uri @cluster; } location @cluster { proxy_pass http://thin_cluster; } } server { listen your.ip.address.here:443; server_name your.domain.here; access_log /var/log/nginx/redmine-ssl-proxy-access; error_log /var/log/nginx/redmine-ssl-proxy-error; ssl on; ssl_certificate /etc/ssl/startssl/your.domain.here.pem.full; ssl_certificate_key /etc/ssl/startssl/your.domain.here.key; include sites/proxy.include; proxy_redirect off; root /var/lib/redmine/redmine/public; # When we're back to non-sensitive things, send back to http rewrite ^/$ http://your.domain.here$request_uri permanent; rewrite ^/projects(.*) http://your.domain.here$request_uri permanent; rewrite ^/guide(.*) http://your.domain.here$request_uri permanent; rewrite ^/users(.*) http://your.domain.here$request_uri permanent; rewrite ^/my/page(.*) http://your.domain.here$request_uri permanent; rewrite ^/logout(.*) http://your.domain.here$request_uri permanent; location / { try_files $uri/index.html $uri.html $uri @cluster; } location @cluster { proxy_pass http://thin_cluster; } } </pre> come)