Project

General

Profile

Install Redmine 34 on RHEL74 » History » Version 20

Christophe de Dinechin, 2018-02-02 15:37
Add information about SELinux and https

1 1 Christophe de Dinechin
h1. Install Redmine 3.4 on RHEL7.4
2
3
Here is a procedure that worked for me to install Redmine 3.5 on RHEL 7.4. These instructions work as for Feb 1st, 2018.
4
I also chose to install with Postgres 10 to migrate an existing instance, although I believe it works with the default Postgres 9.2.
5
6
h2. Dependencies
7
8
Install the required packages.
9
<pre>
10 15 Christophe de Dinechin
% sudo yum -y install zlib-devel curl-devel openssl-devel httpd-devel apr-devel apr-util-devel mysql-devel postgresql-devel ImageMagick-devel
11 1 Christophe de Dinechin
</pre>
12
13
h2. Choice of database
14
15
Install your database of choice. I've mostly tested with Postgres 10.
16
17 2 Christophe de Dinechin
h3. Postgres 10
18 1 Christophe de Dinechin
19 2 Christophe de Dinechin
You can upgrade to Postgres 10 if you need for example to transfer an existing database.
20 1 Christophe de Dinechin
<pre>
21 2 Christophe de Dinechin
# More recent Postgres 10
22
% sudo yum -y install https://download.postgresql.org/pub/repos/yum/10/redhat/rhel-7-x86_64/pgdg-redhat10-10-1.noarch.rpm
23 3 Christophe de Dinechin
% sudo yum install -y postgresql10-server postgresql10 postgres-devel
24 4 Christophe de Dinechin
% export PATH=/usr/pgsql-10/bin/:$PATH
25 5 Christophe de Dinechin
% postgresql-10-setup initdb
26 1 Christophe de Dinechin
</pre>
27
28 2 Christophe de Dinechin
Note that the @postgres-devel@ package is still required for the @bundle install@ step below, and I am not sure if that step works with Postgres 10.
29 1 Christophe de Dinechin
30 2 Christophe de Dinechin
Like for Postgres 9, you need to add @trust@ for local IPv6 connexions in @/var/lib/pgsql/10/data/pg_hba.conf@:
31 1 Christophe de Dinechin
32
<pre>
33
# TYPE  DATABASE        USER            ADDRESS                 METHOD
34
35
# "local" is for Unix domain socket connections only
36
local   all             all                                     peer
37
# IPv4 local connections:
38
host    all             all             127.0.0.1/32            trust
39
# IPv6 local connections:
40
host    all             all             ::1/128                 trust
41 16 Christophe de Dinechin
</pre>
42
43
You can then start the database server:
44
<pre>
45
% sudo systemctl start postgresql-10
46
% sudo systemctl enable postgresql-10
47 1 Christophe de Dinechin
</pre>
48
49
Check that you can connect to the database, then create the @redmine@ user and a @redmine@ database:
50
<pre>
51
% sudo su - postgres
52 6 Christophe de Dinechin
% export PATH=/usr/pgsql-10/bin/:$PATH
53 1 Christophe de Dinechin
% psql
54
postgres=# alter role postgres with encrypted password 'insert-your-postgres-password-here';
55
postgres=# create user redmine with encrypted password 'insert-your-redmine-password-here';
56
postgres=# create database redmine with encoding 'UTF-8' owner redmine;
57
</pre>
58
59 7 Christophe de Dinechin
If you get an error related to the encoding (I only had that on Postgres 9):
60 1 Christophe de Dinechin
<pre>
61
ERROR:  new encoding (UTF8) is incompatible with the encoding of the template database (SQL_ASCII)
62
HINT:  Use the same encoding as in the template database, or use template0 as template.
63
</pre>
64
65
then you should explicitly use @template0@:
66
<pre>
67
postgres=# create database redmine with template=template0 encoding 'UTF-8' owner redmine;
68 3 Christophe de Dinechin
</pre>
69 1 Christophe de Dinechin
70 2 Christophe de Dinechin
h3. Postgres 9.2.23
71 1 Christophe de Dinechin
72 2 Christophe de Dinechin
Postgres 9.2.23 is what you get directly when installing with @yum@ in RHEL 7.4:
73 1 Christophe de Dinechin
<pre>
74 2 Christophe de Dinechin
# Default Postgres 9.2.23
75
% sudo yum -y install postgresql postgresql-server postgresql-devel
76 1 Christophe de Dinechin
% postgresql-setup initdb
77 2 Christophe de Dinechin
% sudo systemctl start postgresql
78
% sudo systemctl enable postgresql
79 1 Christophe de Dinechin
</pre>
80
81 2 Christophe de Dinechin
I have not been able to have Redmine connect to the database without altering @/var/lib/pgsql/data/pg_hba.conf@ to have @trust@ for local IPv6 connnexions:
82 1 Christophe de Dinechin
83
<pre>
84
# TYPE  DATABASE        USER            ADDRESS                 METHOD
85
86
# "local" is for Unix domain socket connections only
87
local   all             all                                     peer
88
# IPv4 local connections:
89
host    all             all             127.0.0.1/32            trust
90
# IPv6 local connections:
91
host    all             all             ::1/128                 trust
92
</pre>
93
94 2 Christophe de Dinechin
I suspect this is wrong, but I don't know how to do it "right", and that's also how it's configured in the Redmine docker containers I looked at.
95
96 1 Christophe de Dinechin
Create user and database like in the previous section.
97
98 2 Christophe de Dinechin
h3. For MySQL / MariaDB
99
100
Installing and starting the database server
101
<pre>
102
# MariaDB (formerly MySQL)
103
% sudo yum -y install mariadb mariadb-devel
104
% sudo systemctl start mariadb
105
% sudo systemctl enable mariadb
106
</pre>
107
108
Then you can setup the original database:
109
<pre>
110
% mysql -u root -p
111
MariaDB [(none)]> set password for 'root'@'localhost' = password('insert-your-password-here');
112
MariaDB [(none)]> create database redmine character set utf8;
113
MariaDB [(none)]> create user 'redmine'@'localhost' identified by 'somepass';
114
MariaDB [(none)]> grant all privileges on redmine.* to 'redmine'@'localhost';
115
</pre>
116
117
Note: The rest of this setup assumes Postgres, will need to be updated with MariaDB instructions as well.
118 1 Christophe de Dinechin
119
h2. Upgrade Ruby
120
121
The default @ruby@ is 2.0.0p648. If you keep that version, @gem install passenger@ fails.
122
123
<pre>
124 8 Christophe de Dinechin
% sudo yum install -y gcc
125 1 Christophe de Dinechin
% cd /usr/local/src
126
% wget https://cache.ruby-lang.org/pub/ruby/2.5/ruby-2.5.0.tar.gz
127
% tar xvfz ruby-2.5.0.tar.gz
128
% cd ruby-2.5.0/
129
% ./configure
130
% make
131 9 Christophe de Dinechin
% sudo make install
132 1 Christophe de Dinechin
</pre>
133
134
Verify that you have Ruby 2.5 installed after that: 
135
<pre>
136 10 Christophe de Dinechin
% export PATH=/usr/local/bin:$PATH
137 1 Christophe de Dinechin
% ruby -v
138
ruby 2.5.0p0 (2017-12-25 revision 61468) [x86_64-linux]
139
</pre>
140
141
h2. Install passenger and Gem bundler:
142
143
With Ruby 2.5, we can install Passenger:
144
<pre>
145
% gem install passenger
146
gem install passenger
147
Fetching: rack-2.0.3.gem (100%)
148
Successfully installed rack-2.0.3
149
Fetching: passenger-5.2.0.gem (100%)
150
Building native extensions. This could take a while...
151
Successfully installed passenger-5.2.0
152
Parsing documentation for rack-2.0.3
153
Installing ri documentation for rack-2.0.3
154
Parsing documentation for passenger-5.2.0
155
Installing ri documentation for passenger-5.2.0
156
Done installing documentation for rack, passenger after 53 seconds
157
2 gems installed
158
</pre>
159
160
Install Gem bundler:
161
<pre>
162
% gem install bundler
163
Fetching: bundler-1.16.1.gem (100%)
164
Successfully installed bundler-1.16.1
165
Parsing documentation for bundler-1.16.1
166
Installing ri documentation for bundler-1.16.1
167
Done installing documentation for bundler after 5 seconds
168
1 gem installed
169
</pre>
170
171
h2. Check out Redmine
172
173 11 Christophe de Dinechin
Add a @redmine@ user
174 1 Christophe de Dinechin
175
<pre>
176 11 Christophe de Dinechin
% sudo useradd redmine
177 1 Christophe de Dinechin
</pre>
178
179 12 Christophe de Dinechin
Install @svn@ to be able to checkout Redmine:
180
<pre>
181
% sudo yum -y install svn
182
</pre>
183
184 11 Christophe de Dinechin
Check out the version of Redmine you want, here with version 3.4:
185
<pre>
186
% su redmine
187 1 Christophe de Dinechin
% cd /var/www
188 11 Christophe de Dinechin
% svn co http://svn.redmine.org/redmine/branches/3.4-stable redmine
189 1 Christophe de Dinechin
</pre>
190
191
h2. Database configuration
192
193
The database configuration for Redmine is in @/var/www/redmine/config/database.yml@. There is a template in that directory which you can edit.
194
195
<pre>
196
% cd /var/www/redmine/config/
197
% cp database.yml.example database.yml
198
</pre>
199
200
Edit @database.yml@ to contain the correct information regarding your installation. For Postgres:
201
202
<pre>
203
production:
204
  adapter: postgresql
205
  database: redmine
206
  host: localhost
207
  username: redmine
208
  password: insert-your-password-here
209
</pre>
210
211
(Note that you always have the choice of running the database in some other host than @localhost@)
212
213
h2. Install dependencies using the Gem bundler
214
215
This step will look at the dependencies specified in the @Gemfile@:
216
217
<pre>
218 13 Christophe de Dinechin
% cd /var/www/redmine
219 1 Christophe de Dinechin
% bundle install
220
</pre>
221
222
You may have a message about YARD recommending you use the following command:
223
<pre>
224
% yard config --gem-install-yri
225
Updated ~/.gemrc: 'gem: --document=yri'
226
</pre>
227
228
h2. Setup the production environment 
229
230
Update @/var/www/redmine/config/environment.rb@, adding the following statement:
231
<pre>
232
ENV['RAILS_ENV'] ||= 'production'
233
</pre>
234
235
Generate a secret token:
236
<pre>
237
% RAILS_ENV=production bundle exec rake generate_secret_token
238
</pre>
239
240
Run the database migration step:
241
<pre>
242
% RAILS_ENV=production bundle exec rake db:migrate
243
</pre>
244
245
h2. Start the server
246
247 17 Christophe de Dinechin
Note that you may want to open the firewall for that port using @firewall-config@ or @firewall-cmd@, e.g.
248
<pre>
249
% sudo firewall-cmd  --zone=public --add-port=3000/tcp --permanent
250
</pre>
251
252 1 Christophe de Dinechin
You can now attempt to run the application:
253
<pre>
254
% sudo su - redmine
255
% cd /var/www/redmine
256
% /usr/local/bin/ruby bin/rails server -b 0.0.0.0 -e production
257
=> Booting WEBrick
258
=> Rails 4.2.8 application starting in production on http://0.0.0.0:3000
259
=> Run `rails server -h` for more startup options
260
=> Ctrl-C to shutdown server
261
[2018-02-01 12:49:02] INFO  WEBrick 1.4.2
262
[2018-02-01 12:49:02] INFO  ruby 2.5.0 (2017-12-25) [x86_64-linux]
263
[2018-02-01 12:49:02] INFO  WEBrick::HTTPServer#start: pid=21470 port=3000
264
</pre>
265 18 Christophe de Dinechin
266
267
h2. Optional installations
268
269
If you are using a revision control system, you may want something like (pick which ones apply):
270
<pre>
271
% yum -y install darcs hg cvs bzr git
272
</pre>
273 19 Christophe de Dinechin
274
h2. Add a systemd service
275
276
You can optionally ensure your server starts automatically by creating a systemd service for it in @ /usr/lib/systemd/system/redmine.service@.
277
278
<pre>
279
[Unit]
280
Description=Redmine server
281
After=network.target remote-fs.target nss-lookup.target
282
283
[Service]
284
Type=simple
285
User=redmine
286
Group=redmine
287
EnvironmentFile=/etc/sysconfig/httpd
288
ExecStart=/usr/local/bin/ruby /var/www/redmine/bin/rails server -b 0.0.0.0 -e production
289
TimeoutSec=300
290
ExecStop=/bin/kill -WINCH ${MAINPID}
291
292
[Install]
293
WantedBy=multi-user.target
294
</pre>
295 20 Christophe de Dinechin
296
h2. Adding https support
297
298
This is assuming you want to connect directly using the server name. Create a file named for example @/etc/httpd/conf.d/redmine.conf@, containing:
299
300
<pre>
301
<VirtualHost *:443>
302
  ServerName my-server-name@my-domain.com
303
  ServerAdmin my-admin-name@my-domain.com
304
  ErrorLog "logs/redmine_error_log"
305
306
  SSLEngine on
307
  SSLCertificateFile /etc/pki/tls/certs/ca.crt
308
  SSLCertificateKeyFile /etc/pki/tls/private/ca.key
309
310
  DocumentRoot /var/www/redmine/public
311
312
  <Directory /var/www/redmine/public>
313
    AllowOverride all
314
    Options -MultiViews
315
  </Directory>
316
317
</VirtualHost>
318
</pre>
319
320
Note that you need to have created the certificates (plenty of resources on the web on how to do that)
321
322
Add the following in @/var/www/redmine/public/.htaccess@:
323
324
<pre>
325
# General Apache options
326
<IfModule cgi_module>
327
    AddHandler cgi-script .cgi
328
</IfModule>
329
<IfModule mod_fastcgi.c>
330
    AddHandler fastcgi-script .fcgi
331
</IfModule>
332
<IfModule mod_fcgid.c>
333
    AddHandler fcgid-script .fcgi
334
</IfModule>
335
Options +FollowSymLinks +ExecCGI
336
337
# If you don't want Rails to look in certain directories,
338
# use the following rewrite rules so that Apache won't rewrite certain requests
339
#
340
# Example:
341
#   RewriteCond %{REQUEST_URI} ^/notrails.*
342
#   RewriteRule .* - [L]
343
344
# Redirect all requests not available on the filesystem to Rails
345
# By default the cgi dispatcher is used which is very slow
346
#
347
# For better performance replace the dispatcher with the fastcgi one
348
#
349
# Example:
350
#   RewriteRule ^(.*)$ dispatch.fcgi [QSA,L]
351
RewriteEngine On
352
353
# If your Rails application is accessed via an Alias directive,
354
# then you MUST also set the RewriteBase in this htaccess file.
355
#
356
# Example:
357
#   Alias /myrailsapp /path/to/myrailsapp/public
358
#   RewriteBase /myrailsapp
359
360
RewriteRule ^$ index.html [QSA]
361
RewriteRule ^([^.]+)$ $1.html [QSA]
362
RewriteCond %{REQUEST_FILENAME} !-f
363
<IfModule cgi_module>
364
    RewriteRule ^(.*)$ dispatch.cgi [QSA,L]
365
</IfModule>
366
<IfModule mod_fastcgi.c>
367
    RewriteRule ^(.*)$ dispatch.fcgi [QSA,L]
368
</IfModule>
369
<IfModule mod_fcgid.c>
370
    RewriteRule ^(.*)$ dispatch.fcgi [QSA,L]
371
</IfModule>
372
373
# In case Rails experiences terminal errors
374
# Instead of displaying this message you can supply a file here which will be rendered instead
375
#
376
# Example:
377
ErrorDocument 500 /500.html
378
</pre>
379
380
Finally, you need a @/var/www/redmine/public/dispatch.cgi@ script:
381
<pre>
382
#!/usr/local/bin/ruby                                                                                                                                                                                          
383
384
require File.dirname(__FILE__) + '/../config/boot'
385
require File.dirname(__FILE__) + '/../config/environment'
386
387
class Rack::PathInfoRewriter
388
  def initialize(app)
389
    @app = app
390
  end
391
392
  def call(env)
393
    env.delete('SCRIPT_NAME')
394
    parts = env['REQUEST_URI'].split('?')
395
    env['PATH_INFO'] = parts[0]
396
    env['QUERY_STRING'] = parts[1].to_s
397
    @app.call(env)
398
  end
399
end
400
401
Rack::Handler::CGI.run Rack::PathInfoRewriter.new(RedmineApp::Application)
402
</pre>
403
404
You also need to make sure that Apache is allowed to execute all that part:
405
406
<pre>
407
% cd /var/www/redmine/public
408
% sudo chown -R apache:apache .
409
% sudo chmod +x dispatch.cgi
410
</pre>
411
412
Finally, it's necessary to create an SELinux policy allowing that CGI script to run, otherwise you will get an internal server error:
413
414
<pre>
415
% sudo semanage boolean -m --on httpd_enable_cgi
416
% sudo semanage fcontext -a -t httpd_sys_script_exec_t /var/www/redmine/public
417
% sudo restorecon /var/www/redmine/public
418
% sudo setsebool -P httpd_can_network_connect 1
419
% sudo setsebool -P httpd_can_network_connect_db 1
420
% ausearch -c 'dispatch.cgi' --raw | audit2allow -M my-dispatchcgi
421
% semodule -i my-dispatchcgi.pp
422
</pre>