Install Redmine 421 on Centos 7 » History » Version 2
Fletcher Johnston, 2021-07-29 17:17
1 | 1 | Fletcher Johnston | h1. Installation of Redmine 4.2.1 on CentOS 7 + SELinux, Apache 2.4, Passenger |
---|---|---|---|
2 | |||
3 | {{>toc}} |
||
4 | |||
5 | This guide will walk you through the installation procedure for Redmine 4.2.1 on CentOS7, including support for SELinux. Much of what follows is based off the excellent guide by Franck Michel which can be found [[Install_Redmine_346_on_Centos_75| here]]. |
||
6 | |||
7 | This guide will not cover installing and configuring a database for Redmine; that's something that is covered in many other guides and is pretty straightforward. This guide will also not cover any SCM repos, or integration with LDAP, but will cover how to go about getting Redmine working with SELinux enabled in CentOS7. Every Redmine HOWTO I've come across makes use of the Passenger GEM, however the GEM doesn't come with any SELinux policies. Though there is an SELinux HOWTO [[RedmineAndSELinuxOnCentOS| here]], following it didn't really help me. This guide represents many hours of painfully reading Redmine, Passenger, and SELinux error logs. I hope you find it useful! |
||
8 | |||
9 | The full configuration used in this guide is: |
||
10 | |||
11 | * CentOS Linux release 7.9.2009 (Core) |
||
12 | * Apache 2.4.6 |
||
13 | * Redmine 4.2.1 |
||
14 | * Ruby 2.7.3 |
||
15 | * Apache Passenger 6.0.8 |
||
16 | * SELinux tweaks |
||
17 | |||
18 | h2. Initial Configuration |
||
19 | |||
20 | To begin, I'd recommend a fresh CentOS install. You will, of course, have to install an RDBMS of your choice, either on the same server or on a dedicated server. |
||
21 | |||
22 | h2. Install necessary packages |
||
23 | |||
24 | We'll install all the packages necessary to install Ruby. Additionally, we're installing Apache and mod_ssl, which we'll need to serve Redmine. |
||
25 | |||
26 | <pre> |
||
27 | [As root/sudo]: |
||
28 | yum install -y gcc-c++ patch readline readline-devel zlib zlib-devel libyaml-devel libffi-devel openssl-devel make bzip2 autoconf automake libtool bison iconv-devel sqlite-devel wget mysql-devel httpd mod_ssl |
||
29 | </pre> |
||
30 | |||
31 | h2. Install Ruby 2.7.3 |
||
32 | |||
33 | Adapted directly from Franck's guide [[Install_Redmine_346_on_Centos_75 | here]]. |
||
34 | |||
35 | <pre> |
||
36 | [As root/sudo]: |
||
37 | gpg2 --keyserver hkp://pool.sks-keyservers.net --recv-keys 409B6B1796C275462A1703113804BB82D39DC0E3 7D2BAF1CF37B13E2069D6956105BD0E739499BDB |
||
38 | curl -L get.rvm.io | bash -s stable |
||
39 | source /etc/profile.d/rvm.sh |
||
40 | rvm reload |
||
41 | rvm requirements run |
||
42 | rvm install 2.7 |
||
43 | rvm list |
||
44 | ruby --version |
||
45 | </pre> |
||
46 | |||
47 | h2. Install Redmine 4.2.1 |
||
48 | |||
49 | Adapted from Frank's guide[[Install_Redmine_346_on_Centos_75| here]]. |
||
50 | I like to install Redmine in /var/www/ |
||
51 | |||
52 | h3. Download and untar Redmine |
||
53 | |||
54 | <pre> |
||
55 | wget https://redmine.org/releases/redmine-4.2.1.tar.gz |
||
56 | tar xvfz redmine-4.2.1.tar.gz |
||
57 | mv redmine-4.2.1 /var/www/ |
||
58 | export REDMINE=/var/www/redmine-4.2.1 |
||
59 | cd $REDMINE |
||
60 | cp config/database.yml.example config/database.yml |
||
61 | </pre> |
||
62 | |||
63 | This will install Redmine into the /var/www directory. This works well with Apache and SELinux. |
||
64 | |||
65 | Customize your `database.yml` file. You can refer to [[RedmineInstall#Step-3-Database-connection-configuration | guide]] for additional help. |
||
66 | |||
67 | <pre> |
||
68 | vi config/database.yml |
||
69 | </pre> |
||
70 | |||
71 | h3. Install Gems and Create Database Schema |
||
72 | |||
73 | <pre> |
||
74 | cd $REDMINE |
||
75 | gem install bundler |
||
76 | bundle install --without development test |
||
77 | bundle exec rake generate_secret_token |
||
78 | RAILS_ENV=production REDMINE_LANG=en bundle exec rake db:migrate |
||
79 | RAILS_ENV=production REDMINE_LANG=en bundle exec rake redmine:load_default_data |
||
80 | </pre> |
||
81 | |||
82 | h3. Install Passenger 6.0.8 |
||
83 | |||
84 | Here is where this guide will diverge considerably from Franck's guide. That guide, and all others I could find for Apache, make use of the Passenger Gem, which you'd install by doing something like this: |
||
85 | |||
86 | <pre> |
||
87 | gem install passenger |
||
88 | </pre> |
||
89 | |||
90 | However, as you work through that installation process, the installer actually warns you that the recommended method for installing Passenger on RHEL type systems is using a package manager, as that will include the SELinux policies necessary for Passenger to function properly. That's what we're going to do here. These steps are adapted from the excellent Passenger installation guide which can be found "here":https://www.phusionpassenger.com/library/install/apache/install/oss/el7/. |
||
91 | |||
92 | <pre> |
||
93 | yum install -y epel-release yum-utils |
||
94 | yum-config-manager --enable epel |
||
95 | yum clean all && sudo yum update -y |
||
96 | yum install -y pygpgme curl |
||
97 | curl --fail -sSLo /etc/yum.repos.d/passenger.repo https://oss-binaries.phusionpassenger.com/yum/definitions/el-passenger.repo |
||
98 | yum install -y mod_passenger |
||
99 | </pre> |
||
100 | |||
101 | Once Passenger is installed you can verify the installation using: |
||
102 | |||
103 | <pre> |
||
104 | /usr/bin/passenger-config validate-install |
||
105 | </pre> |
||
106 | |||
107 | Which should give you an output like this: |
||
108 | |||
109 | <pre> |
||
110 | * Checking whether this Passenger install is in PATH... ✓ |
||
111 | * Checking whether there are no other Passenger installations... ✓ |
||
112 | </pre> |
||
113 | |||
114 | Now, this is where things get a little tricky. As part of its' installation process `RVM` installs whichever version of Ruby you ask it to, but also installs the System version of Ruby (at the time of writing, this is 2.0.0.648-36.el7 for CentOS7, which is woefully out of date). When Passenger is installed, the System Ruby package is a requirement, and Passenger is "pointed" at the System version of Ruby. This will cause all sorts of problems for us as Redmine needs at least Ruby 2.4, but we'd like to use something that isn't EOL. Luckily, Passenger's documentation covers "this":https://www.phusionpassenger.com/library/indepth/ruby/multiple_rubies.html: |
||
115 | "Once installed, you can run Passenger's Ruby parts under any Ruby interpreter you want, even if that Ruby interpreter was not the one you originally installed Passenger with." |
||
116 | |||
117 | Excellent! Let's go about doing that. Before we leave this section, we need to determine where the RVM Ruby interpreter was installed. Use this command for that: |
||
118 | |||
119 | <pre> |
||
120 | /usr/bin/passenger-config --ruby-command |
||
121 | </pre> |
||
122 | |||
123 | This should return something like: |
||
124 | |||
125 | <pre> |
||
126 | passenger-config was invoked through the following Ruby interpreter: |
||
127 | Command: /usr/local/rvm/gems/ruby-2.7.2/wrappers/ruby |
||
128 | Version: ruby 2.7.2p137 (2020-10-01 revision 5445e04352) [x86_64-linux] |
||
129 | To use in Apache: PassengerRuby /usr/local/rvm/gems/ruby-2.7.2/wrappers/ruby |
||
130 | To use in Nginx : passenger_ruby /usr/local/rvm/gems/ruby-2.7.2/wrappers/ruby |
||
131 | To use with Standalone: /usr/local/rvm/gems/ruby-2.7.2/wrappers/ruby /usr/bin/passenger start |
||
132 | |||
133 | |||
134 | ## Notes for RVM users |
||
135 | Do you want to know which command to use for a different Ruby interpreter? 'rvm use' that Ruby interpreter, then re-run 'passenger-config about ruby-command'. |
||
136 | </pre> |
||
137 | |||
138 | h3. Configure Apache |
||
139 | |||
140 | Create a new virtual host config file in apache: /etc/httpd/conf.d/redmine.conf. Again, the majority of this section comes from Franck's guide, but with one key addition. This first line, comes from the output of the command in the previous section, tells Passenger which Ruby interpreter to use. |
||
141 | |||
142 | <pre> |
||
143 | PassengerRuby /usr/local/rvm/gems/ruby-2.7.2/wrappers/ruby |
||
144 | |||
145 | <VirtualHost *:80> |
||
146 | ServerName yourserver.domain.org |
||
147 | DocumentRoot "/var/www/redmine-4.2.1/public" |
||
148 | |||
149 | ErrorLog logs/redmine_error_log |
||
150 | LogLevel warn |
||
151 | |||
152 | <Directory "/var/www/redmine-4.2.1/public"> |
||
153 | Options Indexes ExecCGI FollowSymLinks |
||
154 | Require all granted |
||
155 | AllowOverride all |
||
156 | </Directory> |
||
157 | </VirtualHost> |
||
158 | </pre> |
||
159 | |||
160 | h2. Permissions and SELinux Policies |
||
161 | |||
162 | Now the time has come to set permissions and SELinux policies. We'll begin by setting the normal Linux permissions on the entire Redmine folder. Some other guides only apply this to some sub folders, but I found that with SELinux enabled it was necessary to chown everything as apache:apache. |
||
163 | |||
164 | <pre> |
||
165 | cd $REDMINE |
||
166 | cd .. |
||
167 | chown -R apache:apache redmine-4.2.1 |
||
168 | </pre> |
||
169 | |||
170 | 2 | Fletcher Johnston | Next, we will set the SELinux policies. These were taken from this [[RedmineAndSELinuxOnCentOS| guide]]. |
171 | 1 | Fletcher Johnston | |
172 | <pre> |
||
173 | # Set SELinux permissions |
||
174 | chcon -R -t httpd_log_t redmine-4.2.1/log/ |
||
175 | chcon -R -t httpd_tmpfs_t redmine-4.2.1/tmp/ |
||
176 | chcon -R -t httpd_sys_script_rw_t redmine-4.2.1/files/ |
||
177 | chcon -R -t httpd_sys_script_rw_t redmine-4.2.1/public/plugin_assets/ |
||
178 | restorecon -Rv redmine-4.2.1/ |
||
179 | </pre> |
||
180 | |||
181 | h2. Environment Variables |
||
182 | |||
183 | Passenger might complain that it isn't able to install a native support .so file. We can suppress this warning by adding the following lines to: |
||
184 | <pre> |
||
185 | vi /etc/sysconfig/httpd |
||
186 | </pre> |
||
187 | |||
188 | <pre> |
||
189 | PASSENGER_COMPILE_NATIVE_SUPPORT_BINARY=0 |
||
190 | PASSENGER_DOWNLOAD_NATIVE_SUPPORT_BINARY=0 |
||
191 | </pre> |
||
192 | |||
193 | |||
194 | That's it! |
||
195 | |||
196 | At this point, restart Apache. |
||
197 | |||
198 | <pre> |
||
199 | systemctl restart httpd |
||
200 | </pre> |
||
201 | |||
202 | You should be able to access Redmine at the domain you entered in step X above. |
||
203 | |||
204 | h2. Additional Considerations |
||
205 | |||
206 | A few additional considerations: |
||
207 | |||
208 | 2 | Fletcher Johnston | * It would be wise to install some kind of firewall (iptables or firewalld) to protect your server. |
209 | 1 | Fletcher Johnston | * If you install themes or plugins to Redmine you will have to repeat the chown procedure above. |