HowTo Install Redmine 30x on Ubuntu 1404 with Apache2 Phusion Passenger MySQL Subversion and Git (Gitolite) » History » Version 6

« Previous - Version 6/12 (diff) - Next » - Current version
Antoine Rodriguez, 2015-09-22 17:24
removed phpmyadmin from the first apt-get install as it is not needed and is potential security risk


HowTo Install Redmine 3.0.x on Ubuntu 14.04 with Apache2, Phusion Passenger, MySQL, Subversion and Git (Gitolite)

Based on Debian HowTo from André Domarques

Installing dependencies

sudo apt-get update && sudo apt-get upgrade -y

sudo apt-get install apache2 php5 libapache2-mod-php5 mysql-server php5-mysql libapache2-mod-perl2 libcurl4-openssl-dev libssl-dev apache2-prefork-dev libapr1-dev libaprutil1-dev libmysqlclient-dev libmagickcore-dev libmagickwand-dev curl git-core gitolite patch build-essential bison zlib1g-dev libssl-dev libxml2-dev libxml2-dev sqlite3 libsqlite3-dev autotools-dev libxslt1-dev libyaml-0-2 autoconf automake libreadline6-dev libyaml-dev libtool imagemagick apache2-utils ssh zip libicu-dev libssh2-1 libssh2-1-dev cmake libgpg-error-dev subversion libapache2-svn

I don't know if every package needed, but it works.

Configure Subversion

sudo mkdir -p /var/lib/svn
sudo chown -R www-data:www-data /var/lib/svn
sudo a2enmod dav_svn

Open config file

sudo nano /etc/apache2/mods-enabled/dav_svn.conf

Uncomment following lines

<Location /svn>
    DAV svn
    SVNParentPath /var/lib/svn
    AuthType Basic
    AuthName "My repository" 
    AuthUserFile /etc/apache2/dav_svn.passwd
    AuthzSVNAccessFile /etc/apache2/dav_svn.authz
    <LimitExcept GET PROFIND OPTIONS REPORT>
    Require valid-user
    </LimitExcept>
</Location>
sudo a2enmod authz_svn

Add the redmine user for reading from repository

sudo htpasswd -c /etc/apache2/dav_svn.passwd redmine

sudo service apache2 restart

Create the repository

sudo svnadmin create --fs-type fsfs /var/lib/svn/my_repository
sudo chown -R www-data:www-data /var/lib/svn

Open file for configuration of repository access

sudo nano /etc/apache2/dav_svn.authz

Add access rights for redmine to the repository in the config file

[my_repository:/]
redmine = r

Installing Ruby

sudo apt-get install software-properties-common
sudo add-apt-repository ppa:brightbox/ruby-ng
sudo apt-get update
sudo apt-get -y install ruby2.1 ruby-switch ruby2.1-dev ri2.1 libruby2.1 libssl-dev zlib1g-dev
sudo ruby-switch --set ruby2.1
sudo ruby-switch --set ruby2.1

Users and SSH keys

Users

Create an user for Redmine (redmine) and another for Gitolite (git):

sudo adduser --system --shell /bin/bash --gecos 'Git Administrator' --group --disabled-password --home /opt/gitolite git
sudo adduser --system --shell /bin/bash --gecos 'Redmine Administrator' --group --disabled-password --home /opt/redmine redmine

Generate a ssh-key for redmine user. This user will be used as admin of Gitolite. The name of key should be redmine_gitolite_admin_id_rsa.

sudo su - redmine
ssh-keygen -t rsa -N '' -f ~/.ssh/redmine_gitolite_admin_id_rsa
exit

Configuring Gitolite

sudo dpkg-reconfigure gitolite
Type data bellow:
  • user: git
  • repos path: /opt/gitolite
  • admin ssh-key: /opt/redmine/.ssh/redmine_gitolite_admin_id_rsa.pub

Visudo configuration

sudo visudo

Add the following lines:

# temp - *REMOVE* after installation
redmine    ALL=(ALL)      NOPASSWD:ALL

# redmine gitolite integration
redmine    ALL=(git)      NOPASSWD:ALL
git        ALL=(redmine)  NOPASSWD:ALL

Note that redmine user will be able to run root commands, but this is just to simplify the next steps. REMOVE this line after installation.

Installing of Redmine

Prerequist

sudo su - redmine
gpg --keyserver hkp://keys.gnupg.net --recv-keys 409B6B1796C275462A1703113804BB82D39DC0E3
curl -sSL https://get.rvm.io | bash -s stable
exit

Its necessary to logout and login again

sudo su - redmine
rvm install 2.1.4
exit

Redmine

Exampe for version 3.0.4, change the version number for other releases

sudo su - redmine
wget http://www.redmine.org/releases/redmine-3.0.4.tar.gz
tar zxf redmine-3.0.4.tar.gz
rm redmine-3.0.4.tar.gz
ln -s /opt/redmine/redmine-3.0.4 redmine
exit

MySQL

sudo mysql -u root -p

Execute following lines to MySQL

CREATE DATABASE redmine character SET utf8;
CREATE user 'redmine'@'localhost' IDENTIFIED BY 'my_password';
GRANT ALL privileges ON redmine.* TO 'redmine'@'localhost';
exit

Configure Redmine database connection

sudo su - redmine
sudo cp redmine/config/database.yml.example redmine/config/database.yml

Open database config file

sudo nano redmine/config/database.yml

Change the username and the password in the config file

database.yml:
production:
 adapter: mysql2
 database: redmine
 host: localhost
 username: redmine
 password: my_password
 encoding: utf8

Configuration

gem install bundler
cd redmine/
bundle install --without development test postgresql sqlite
rake generate_secret_token
RAILS_ENV=production rake db:migrate 
RAILS_ENV=production rake redmine:load_default_data
exit

Redmine Git Hosting

Download

Exampe for version 1.1.1, change the version number for other releases

sudo su - redmine
cd /opt/redmine/redmine/plugins
git clone https://github.com/jbox-web/redmine_bootstrap_kit.git
git clone https://github.com/jbox-web/redmine_git_hosting.git
cd redmine_git_hosting
git checkout 1.1.1

Configure

ln -s /opt/redmine/.ssh/redmine_gitolite_admin_id_rsa /opt/redmine/redmine/plugins/redmine_git_hosting/ssh_keys/redmine_gitolite_admin_id_rsa
ln -s /opt/redmine/.ssh/redmine_gitolite_admin_id_rsa.pub /opt/redmine/redmine/plugins/redmine_git_hosting/ssh_keys/redmine_gitolite_admin_id_rsa.pub
ln -s /opt/redmine/.ssh/redmine_gitolite_admin_id_rsa /opt/redmine/.ssh/id_rsa
ln -s /opt/redmine/.ssh/redmine_gitolite_admin_id_rsa.pub /opt/redmine/.ssh/id_rsa.pub

Configure GL_GITCONFIG_KEYS

This version now use some hooks that, by default on gitolite v2, will be blocked by the var GL_GITCONFIG_KEYS. On gitolite v3, this var is named GIT_CONFIG_KEYS.

sudo su - git
sed -i 's/$GL_GITCONFIG_KEYS = ""/$GL_GITCONFIG_KEYS = ".*"/g' /opt/gitolite/.gitolite.rc
exit

Configure Automatic Repository Initialization

To configure the new feature "Automatic Repository Initialization" (optional), is necessary to customize the gitolite.conf file.

cd ~
git clone git@localhost:gitolite-admin.git
cd gitolite-admin

Open gitolite config file

nano conf/gitolite.conf

Add following config

repo    @all
    RW+    = admin
git config --global user.email "you@example.com" 
git config --global user.name "Your Name" 
git commit -m 'Automatic Repository Initialization' conf/gitolite.conf
git push
cd ~
rm -rf gitolite-admin

Remember that this repository will be managed by redmine and their plugin.

Installation

cd redmine
bundle install --without development test postgresql sqlite
RAILS_ENV=production rake redmine:plugins:migrate
RAILS_ENV=production rake redmine_git_hosting:update_repositories
RAILS_ENV=production rake redmine_git_hosting:fetch_changesets
RAILS_ENV=production rake redmine_git_hosting:restore_default_settings
RAILS_ENV=production rake redmine_git_hosting:install_hook_files
RAILS_ENV=production rake redmine_git_hosting:install_hook_parameters
RAILS_ENV=production rake redmine_git_hosting:install_gitolite_hooks
exit

Remove redmine root access

sudo visudo

REMOVE following entry

# temp - *REMOVE* after installation
redmine    ALL=(ALL)      NOPASSWD:ALL

Installing Phusion Passenger

Add repository

Add repository for Phusion Passenger

sudo apt-key adv --keyserver keyserver.ubuntu.com --recv-keys 561F9B9CAC40B2F7
sudo apt-get install apt-transport-https ca-certificates

Open repository config file

sudo nano /etc/apt/sources.list.d/passenger.list

Add following repository source

deb https://oss-binaries.phusionpassenger.com/apt/passenger trusty main
sudo chown root: /etc/apt/sources.list.d/passenger.list
sudo chmod 600 /etc/apt/sources.list.d/passenger.list

Installing

sudo apt-get update
sudo apt-get install libapache2-mod-passenger

Configuration

Open passenger config file

sudo nano /etc/apache2/mods-available/passenger.conf

Add following line to passenger config file

PassengerUserSwitching on
PassengerUser redmine
PassengerGroup redmine

Open apache2 config file

sudo nano /etc/apache2/sites-available/000-default.conf

Add following part to apache2 config file

<Directory /var/www/html/redmine>
    RailsBaseURI /redmine
    PassengerResolveSymlinksInDocumentRoot on
</Directory>

sudo a2enmod passenger
sudo ln -s /opt/redmine/redmine/public/ /var/www/html/redmine
sudo service apache2 restart

Start Redmine

Remine should now available at your host

http://your_ip_or_fqdn/redmine

Login data:
Username: admin
Password: admin

Redmine configuration

Configure the Redmine default URL (important):

Administration > Settings > General
http://your_ip_or_fqdn/redmine/settings?tab=general

This is set, by default, to localhost:3000, change it to your IP or FQDN. your_ip_or_fqdn/redmine/

Set the available repositories

Administration > Settings > Repositories
http://your_ip_or_fqdn/redmine/settings?tab=repositories

Uncheck what you don't have installed on your system. Just to avoid unnecessary log message.

Enable xitolite for using the Redmine Git Hosting plugin

Redmine Git Hosting Plugin

First of all, check the configuration

Administration > Redmine Git Hosting Plugin > Config Test
http://your_ip_or_fqdn/redmine/settings/plugin/redmine_git_hosting?tab=gitolite_config_test

Ensure if all settings are correct (users, paths, versions etc.).

Set your IP or FQDN to SSH, HTTP and/or HTTPS

Administration > Redmine Git Hosting Plugin > Access
http://your_ip_or_fqdn/redmine/settings/plugin/redmine_git_hosting?tab=gitolite_config_access

Administration > Redmine Git Hosting Plugin > Hooks
http://your_ip_or_fqdn/redmine/settings/plugin/redmine_git_hosting?tab=gitolite_config_hooks

Hooks: http://your_ip_or_fqdn/redmine

Those settings will be also used on git operations (clone, pull, push etc.).

e-Mail configuration

Example for smtp and encryption

Open redmine config file

sudo nano /usr/share/redmine/config/configuration.yml

Add following to redmine config file

# Outgoing email settings

production:
  email_delivery:
    delivery_method: :smtp
    smtp_settings:
      enable_starttls_auto: true
      address: smtp.host.com
      port: 587
      domain: host.com
      authentication: :login
      user_name: myname
      password: mypassword

You can check the e-Mail config in web interface with testmail function

Autoupdate Subversion repository view

In the project archive settings over web interface its needed to enable the web service for project archives and generate a api key

The following cronjob updates redmine to current subversion changesets every 15 minutes

sudo crontab -e

Add the cronjob

*/15 *    * * * curl "http://yourhost/redmine/sys/fetch_changesets?key=APIKEY" > /dev/null

If your hosting does not offer cron job configuration then you can use external services like these:
https://www.easycron.com.

SSL, HTTPS and Smart-HTTPS (Git)

Own certificate

Create Private Key

sudo mkdir /etc/apache2/ssl
cd /etc/apache2/ssl
sudo openssl genrsa -des3 -out server.key 1024

Create CSR (Certificate Signing Request)

cd /etc/apache2/ssl
sudo openssl req -new -key server.key -out server.csr

Remove of the passphrase vom private key

cd /etc/apache2/ssl
sudo cp server.key server.key.org
sudo openssl rsa -in server.key.org -out server.key

Generate selfsigned certificate

cd /etc/apache2/ssl
sudo openssl x509 -req -days 365 -in server.csr -signkey server.key -out server.crt

Configuration of apache2

Enable SSL module

sudo a2enmod ssl

Modification of apache2 configuration

sudo nano /etc/apache2/sites-available/default-ssl.conf

Following config is needed:

<IfModule mod_ssl.c>
        ...
        <VirtualHost _default_:443>
                ServerAdmin webmaster@localhost
                DocumentRoot /var/www/html
                ErrorLog ${APACHE_LOG_DIR}/error.log
                CustomLog ${APACHE_LOG_DIR}/access.log combined
                SSLEngine on
                SSLCertificateFile      /etc/apache2/ssl/server.crt
                SSLCertificateKeyFile /etc/apache2/ssl/server.key
                <Directory /var/www/html/redmine>
                        RailsBaseURI /redmine
                        PassengerResolveSymlinksInDocumentRoot on
                </Directory>
        </VirtualHost>
        ...
    </IfModule>

Activate the new configuration

sudo a2ensite default-ssl

Smart-HTTPS client (Git)

For the client is needed to disable certificate verification. With Git bash:

git config --global http.sslverify false

Caution: This can be a security risk at access to foreign repositorys!

Troubleshooting

Logs

If you have some trouble during the installation, you can check the following files:

  • /opt/gitolite/.gitolite/logs/gitolite-`date +%Y\-%m`.log
  • /opt/redmine/log/git_hosting.log
  • /var/log/apache2/error.log

If you use multitail:

multitail /opt/gitolite/.gitolite/logs/gitolite-`date +%Y\-%m`.log /opt/redmine/log/git_hosting.log /var/log/apache2/error.log