Project

General

Profile

HowTo configure Nginx to run Redmine » History » Revision 2

Revision 1 (Jeff Mitchell, 2010-06-06 02:30) → Revision 2/3 (Jeff Mitchell, 2010-06-06 02:43)

h1. HowTo configure Nginx to run Redmine 

 This has configurations for Nginx and Thin that are working well for me. It is *not* an exhaustive installation guide; it is assumed that you have read the installation instructions and installed the appropriate packages for your distribution. 

 This setup gives you four Thin processes for concurrent handling of requests, and forwards (Note: I intend to SSL at appropriate places do this, but got interrupted right after I started...so more to keep logins secure. 

 First, Thin -- here's what is in my /etc/thin/redmine.yml: 

 <pre> 
 ---  
 pid: tmp/pids/thin.pid 
 group: redmine 
 wait: 30 
 timeout: 30 
 log: log/thin.log 
 max_conns: 1024 
 require: [] 

 environment: production 
 max_persistent_conns: 512 
 servers: 4 
 daemonize: true 
 user: redmine 
 socket: /tmp/thin.sock 
 chdir: /var/lib/redmine/redmine  
 </pre> 

 You'll have to change the user/group/chdir to appropriate values for your setup. 

 Next, the nginx configuration. This isn't an exhaustive configuration, just the relevant server{} bits. First, my standard proxy include file proxy.include, which you'll see referenced in the Redmine-specific part: 

 <pre> 
     proxy_set_header     Host $http_host;                                                                                                                      
     proxy_set_header     X-Real-IP $remote_addr;                                                                                                                    
     proxy_set_header     X-Forwarded-For $proxy_add_x_forwarded_for; 
     proxy_set_header     X-Forwarded-Proto $scheme; 

     client_max_body_size         10m; 
     client_body_buffer_size      128k; 

     proxy_connect_timeout        90; 
     proxy_send_timeout           90; 
     proxy_read_timeout           90; 

     proxy_buffer_size            4k; 
     proxy_buffers                4 32k; 
     proxy_busy_buffers_size      64k; 
     proxy_temp_file_write_size 64k; 
 </pre> 

 Next, the actual nginx configuration: 

 <pre> 
 # Upstream Ruby process cluster for load balancing 
 upstream thin_cluster { 
     server unix:/tmp/thin.0.sock; 
     server unix:/tmp/thin.1.sock; 
     server unix:/tmp/thin.2.sock; 
     server unix:/tmp/thin.3.sock; 
 } 

 server { 
     listen         your.ip.address.here:80; 
     server_name    your.domain.name; 

     access_log    /var/log/nginx/redmine-proxy-access; 
     error_log     /var/log/nginx/redmine-proxy-error; 

     include sites/proxy.include; 
     root /var/lib/redmine/redmine/public; 
     proxy_redirect off; 

     # Send sensitive stuff via https 
     rewrite ^/login(.*) https://your.domain.here$request_uri permanent; 
     rewrite ^/my/account(.*) https://your.domain.here$request_uri permanent; 
     rewrite ^/my/password(.*) https://your.domain.here$request_uri permanent; 
     rewrite ^/admin(.*) https://your.domain.here$request_uri permanent; 

     location / { 
         try_files $uri/index.html $uri.html $uri @cluster; 
     } 

     location @cluster { 
         proxy_pass http://thin_cluster; 
     } 
 } 

 server { 
     listen         your.ip.address.here:443; 
     server_name    your.domain.here; 

     access_log    /var/log/nginx/redmine-ssl-proxy-access; 
     error_log     /var/log/nginx/redmine-ssl-proxy-error; 

     ssl on; 

     ssl_certificate /etc/ssl/startssl/your.domain.here.pem.full; 
     ssl_certificate_key /etc/ssl/startssl/your.domain.here.key; 

     include sites/proxy.include; 
     proxy_redirect off; 
     root /var/lib/redmine/redmine/public; 

     # When we're back to non-sensitive things, send back to http 
     rewrite ^/$ http://your.domain.here$request_uri permanent; 
     rewrite ^/projects(.*) http://your.domain.here$request_uri permanent; 
     rewrite ^/guide(.*) http://your.domain.here$request_uri permanent; 
     rewrite ^/users(.*) http://your.domain.here$request_uri permanent; 
     rewrite ^/my/page(.*) http://your.domain.here$request_uri permanent; 
     rewrite ^/logout(.*) http://your.domain.here$request_uri permanent; 

     location / { 
         try_files $uri/index.html $uri.html $uri @cluster; 
     } 

     location @cluster { 
         proxy_pass http://thin_cluster; 
     } 
 } 
 </pre> come)