Redmine

h1. Install Redmine 3.4 on RHEL7.4

Here is a procedure that worked for me to install Redmine 3.5 on RHEL 7.4. These instructions work as for Feb 1st, 2018.

I also chose to install with Postgres 10 to migrate an existing instance, although I believe it works with the default Postgres 9.2.

h2. Dependencies

Install the required packages.

<pre>

% sudo yum -y install zlib-devel curl-devel openssl-devel httpd-devel apr-devel apr-util-devel mysql-devel postgresql-devel ImageMagick-devel

</pre>

h2. Choice of database

Install your database of choice. I've mostly tested with Postgres 10.

h3. Postgres 10

You can upgrade to Postgres 10 if you need for example to transfer an existing database.

<pre>

# More recent Postgres 10

% sudo yum -y install https://download.postgresql.org/pub/repos/yum/10/redhat/rhel-7-x86_64/pgdg-redhat10-10-1.noarch.rpm

% sudo yum install -y postgresql10-server postgresql10 postgres-devel

% export PATH=/usr/pgsql-10/bin/:$PATH

% postgresql-10-setup initdb

</pre>

Note that the @postgres-devel@ package is still required for the @bundle install@ step below, and I am not sure if that step works with Postgres 10.

Like for Postgres 9, you need to add @trust@ for local IPv6 connexions in @/var/lib/pgsql/10/data/pg_hba.conf@:

<pre>

# TYPE  DATABASE        USER            ADDRESS                 METHOD

# "local" is for Unix domain socket connections only

local   all             all                                     peer

# IPv4 local connections:

host    all             all             127.0.0.1/32            trust

# IPv6 local connections:

host    all             all             ::1/128                 trust

</pre>

You can then start the database server:

<pre>

% sudo systemctl start postgresql-10

% sudo systemctl enable postgresql-10

</pre>

Check that you can connect to the database, then create the @redmine@ user and a @redmine@ database:

<pre>

% sudo su - postgres

% export PATH=/usr/pgsql-10/bin/:$PATH

% psql

postgres=# alter role postgres with encrypted password 'insert-your-postgres-password-here';

postgres=# create user redmine with encrypted password 'insert-your-redmine-password-here';

postgres=# create database redmine with encoding 'UTF-8' owner redmine;

</pre>

If you get an error related to the encoding (I only had that on Postgres 9):

<pre>

ERROR:  new encoding (UTF8) is incompatible with the encoding of the template database (SQL_ASCII)

HINT:  Use the same encoding as in the template database, or use template0 as template.

</pre>

then you should explicitly use @template0@:

<pre>

postgres=# create database redmine with template=template0 encoding 'UTF-8' owner redmine;

</pre>

h3. Postgres 9.2.23

Postgres 9.2.23 is what you get directly when installing with @yum@ in RHEL 7.4:

<pre>

# Default Postgres 9.2.23

% sudo yum -y install postgresql postgresql-server postgresql-devel

% postgresql-setup initdb

% sudo systemctl start postgresql

% sudo systemctl enable postgresql

</pre>

I have not been able to have Redmine connect to the database without altering @/var/lib/pgsql/data/pg_hba.conf@ to have @trust@ for local IPv6 connnexions:

<pre>

# TYPE  DATABASE        USER            ADDRESS                 METHOD

# "local" is for Unix domain socket connections only

local   all             all                                     peer

# IPv4 local connections:

host    all             all             127.0.0.1/32            trust

# IPv6 local connections:

host    all             all             ::1/128                 trust

</pre>

I suspect this is wrong, but I don't know how to do it "right", and that's also how it's configured in the Redmine docker containers I looked at.

Create user and database like in the previous section.

h3. For MySQL / MariaDB

Installing and starting the database server

<pre>

# MariaDB (formerly MySQL)

% sudo yum -y install mariadb mariadb-devel

% sudo systemctl start mariadb

% sudo systemctl enable mariadb

</pre>

Then you can setup the original database:

<pre>

% mysql -u root -p

MariaDB [(none)]> set password for 'root'@'localhost' = password('insert-your-password-here');

MariaDB [(none)]> create database redmine character set utf8;

MariaDB [(none)]> create user 'redmine'@'localhost' identified by 'somepass';

MariaDB [(none)]> grant all privileges on redmine.* to 'redmine'@'localhost';

</pre>

Note: The rest of this setup assumes Postgres, will need to be updated with MariaDB instructions as well.

h2. Upgrade Ruby

The default @ruby@ is 2.0.0p648. If you keep that version, @gem install passenger@ fails.

<pre>

% sudo yum install -y gcc

% cd /usr/local/src

% wget https://cache.ruby-lang.org/pub/ruby/2.5/ruby-2.5.0.tar.gz

% tar xvfz ruby-2.5.0.tar.gz

% cd ruby-2.5.0/

% ./configure

% make

% sudo make install

</pre>

Verify that you have Ruby 2.5 installed after that: 

<pre>

% export PATH=/usr/local/bin:$PATH

% ruby -v

ruby 2.5.0p0 (2017-12-25 revision 61468) [x86_64-linux]

</pre>

h2. Install passenger and Gem bundler:

With Ruby 2.5, we can install Passenger:

<pre>

% gem install passenger

gem install passenger

Fetching: rack-2.0.3.gem (100%)

Successfully installed rack-2.0.3

Fetching: passenger-5.2.0.gem (100%)

Building native extensions. This could take a while...

Successfully installed passenger-5.2.0

Parsing documentation for rack-2.0.3

Installing ri documentation for rack-2.0.3

Parsing documentation for passenger-5.2.0

Installing ri documentation for passenger-5.2.0

Done installing documentation for rack, passenger after 53 seconds

2 gems installed

</pre>

Install Gem bundler:

<pre>

% gem install bundler

Fetching: bundler-1.16.1.gem (100%)

Successfully installed bundler-1.16.1

Parsing documentation for bundler-1.16.1

Installing ri documentation for bundler-1.16.1

Done installing documentation for bundler after 5 seconds

1 gem installed

</pre>

h2. Check out Redmine

Add a @redmine@ user

<pre>

% sudo useradd redmine

</pre>

Install @svn@ to be able to checkout Redmine:

<pre>

% sudo yum -y install svn

</pre>

Check out the version of Redmine you want, here with version 3.4:

<pre>

% su redmine

% cd /var/www

% svn co http://svn.redmine.org/redmine/branches/3.4-stable redmine

</pre>

h2. Database configuration

The database configuration for Redmine is in @/var/www/redmine/config/database.yml@. There is a template in that directory which you can edit.

<pre>

% cd /var/www/redmine/config/

% cp database.yml.example database.yml

</pre>

Edit @database.yml@ to contain the correct information regarding your installation. For Postgres:

<pre>

production:

  adapter: postgresql

  database: redmine

  host: localhost

  username: redmine

  password: insert-your-password-here

</pre>

(Note that you always have the choice of running the database in some other host than @localhost@)

h2. Install dependencies using the Gem bundler

This step will look at the dependencies specified in the @Gemfile@:

<pre>

% cd /var/www/redmine

% bundle install

</pre>

You may have a message about YARD recommending you use the following command:

<pre>

% yard config --gem-install-yri

Updated ~/.gemrc: 'gem: --document=yri'

</pre>

h2. Setup the production environment 

Update @/var/www/redmine/config/environment.rb@, adding the following statement:

<pre>

ENV['RAILS_ENV'] ||= 'production'

</pre>

Generate a secret token:

<pre>

% RAILS_ENV=production bundle exec rake generate_secret_token

</pre>

Run the database migration step:

<pre>

% RAILS_ENV=production bundle exec rake db:migrate

</pre>

h2. Start the server

Note that you may want to open the firewall for that port using @firewall-config@ or @firewall-cmd@, e.g.

<pre>

% sudo firewall-cmd  --zone=public --add-port=3000/tcp --permanent

</pre>

You can now attempt to run the application:

<pre>

% sudo su - redmine

% cd /var/www/redmine

% /usr/local/bin/ruby bin/rails server -b 0.0.0.0 -e production

=> Booting WEBrick

=> Rails 4.2.8 application starting in production on http://0.0.0.0:3000

=> Run `rails server -h` for more startup options

=> Ctrl-C to shutdown server

[2018-02-01 12:49:02] INFO  WEBrick 1.4.2

[2018-02-01 12:49:02] INFO  ruby 2.5.0 (2017-12-25) [x86_64-linux]

[2018-02-01 12:49:02] INFO  WEBrick::HTTPServer#start: pid=21470 port=3000

</pre>

h2. Optional installations

If you are using a revision control system, you may want something like (pick which ones apply):

<pre>

% yum -y install darcs hg cvs bzr git

</pre>

h2. Add a systemd service

You can optionally ensure your server starts automatically by creating a systemd service for it in @ /usr/lib/systemd/system/redmine.service@.

<pre>

[Unit]

Description=Redmine server

After=network.target remote-fs.target nss-lookup.target

[Service]

Type=simple

User=redmine

Group=redmine

EnvironmentFile=/etc/sysconfig/httpd

ExecStart=/usr/local/bin/ruby /var/www/redmine/bin/rails server -b 0.0.0.0 -e production

TimeoutSec=300

ExecStop=/bin/kill -WINCH ${MAINPID}

[Install]

WantedBy=multi-user.target

</pre>

h2. Adding https support

h3. Create Apache virtual host

This is assuming you want to connect directly using the server name. Create a file named for example @/etc/httpd/conf.d/redmine.conf@, containing:

<pre>

<VirtualHost *:443>

  ServerName my-server-name@my-domain.com

  ServerAdmin my-admin-name@my-domain.com

  ErrorLog "logs/redmine_error_log"

  SSLEngine on

  SSLCertificateFile /etc/pki/tls/certs/ca.crt

  SSLCertificateKeyFile /etc/pki/tls/private/ca.key

  DocumentRoot /var/www/redmine/public

  <Directory /var/www/redmine/public>

    AllowOverride all

    Options -MultiViews

  </Directory>

</VirtualHost>

</pre>

h3. Create .htaccess with rewrite rules to dispatch.cgi

Note that you need to have created the certificates (plenty of resources on the web on how to do that)

Add the following in @/var/www/redmine/public/.htaccess@:

<pre>

# General Apache options

<IfModule cgi_module>

    AddHandler cgi-script .cgi

</IfModule>

<IfModule mod_fastcgi.c>

    AddHandler fastcgi-script .fcgi

</IfModule>

<IfModule mod_fcgid.c>

    AddHandler fcgid-script .fcgi

</IfModule>

Options +FollowSymLinks +ExecCGI

# If you don't want Rails to look in certain directories,

# use the following rewrite rules so that Apache won't rewrite certain requests

#

# Example:

#   RewriteCond %{REQUEST_URI} ^/notrails.*

#   RewriteRule .* - [L]

# Redirect all requests not available on the filesystem to Rails

# By default the cgi dispatcher is used which is very slow

#

# For better performance replace the dispatcher with the fastcgi one

#

# Example:

#   RewriteRule ^(.*)$ dispatch.fcgi [QSA,L]

RewriteEngine On

# If your Rails application is accessed via an Alias directive,

# then you MUST also set the RewriteBase in this htaccess file.

#

# Example:

#   Alias /myrailsapp /path/to/myrailsapp/public

#   RewriteBase /myrailsapp

RewriteRule ^$ index.html [QSA]

RewriteRule ^([^.]+)$ $1.html [QSA]

RewriteCond %{REQUEST_FILENAME} !-f

<IfModule cgi_module>

    RewriteRule ^(.*)$ dispatch.cgi [QSA,L]

</IfModule>

<IfModule mod_fastcgi.c>

    RewriteRule ^(.*)$ dispatch.fcgi [QSA,L]

</IfModule>

<IfModule mod_fcgid.c>

    RewriteRule ^(.*)$ dispatch.fcgi [QSA,L]

</IfModule>

# In case Rails experiences terminal errors

# Instead of displaying this message you can supply a file here which will be rendered instead

#

# Example:

ErrorDocument 500 /500.html

</pre>

h3. Create the dispatch.cgi file

Finally, you need a @/var/www/redmine/public/dispatch.cgi@ script:

<pre>

#!/usr/local/bin/ruby                                                                                                                                                                                          

require File.dirname(__FILE__) + '/../config/boot'

require File.dirname(__FILE__) + '/../config/environment'

class Rack::PathInfoRewriter

  def initialize(app)

    @app = app

  end

  def call(env)

    env.delete('SCRIPT_NAME')

    parts = env['REQUEST_URI'].split('?')

    env['PATH_INFO'] = parts[0]

    env['QUERY_STRING'] = parts[1].to_s

    @app.call(env)

  end

end

Rack::Handler::CGI.run Rack::PathInfoRewriter.new(RedmineApp::Application)

</pre>

h3. Adjusting the SELinux policy

You also need to make sure that Apache is allowed to execute all that part:

<pre>

% cd /var/www/redmine/public

% sudo chown -R apache:apache .

% sudo chmod +x dispatch.cgi

</pre>

Finally, it's necessary to create an SELinux policy allowing that CGI script to run, otherwise you will get an internal server error:

<pre>

% sudo semanage boolean -m --on httpd_enable_cgi

% sudo semanage fcontext -a -t httpd_sys_script_exec_t /var/www/redmine/public

% sudo restorecon /var/www/redmine/public

% sudo setsebool -P httpd_can_network_connect 1

% sudo setsebool -P httpd_can_network_connect_db 1

% ausearch -c 'dispatch.cgi' --raw | audit2allow -M my-dispatchcgi

% semodule -i my-dispatchcgi.pp

</pre>