Project

General

Profile

Actions

Install Redmine 3.4 on RHEL7.4

Here is a procedure that worked for me to install Redmine 3.5 on RHEL 7.4. These instructions work as for Feb 1st, 2018.
I also chose to install with Postgres 10 to migrate an existing instance, although I believe it works with the default Postgres 9.2.

Dependencies

Install the required packages.

% sudo yum -y install zlib-devel curl-devel openssl-devel httpd-devel apr-devel apr-util-devel mysql-devel postgresql-devel ImageMagick-devel libffi-devel

If you plan to use Postgres 10, install the following required packages:

% sudo yum -y install libpqxx libpqxx-devel postgresql10.x86_64 postgresql10-server postgresql10-contrib postgresql10-libs postgresql10-tcl

Choice of database

Install your database of choice. I've mostly tested with Postgres 10.

Postgres 10

You can upgrade to Postgres 10 if you need for example to transfer an existing database.

# More recent Postgres 10
% sudo yum -y install https://download.postgresql.org/pub/repos/yum/10/redhat/rhel-7-x86_64/pgdg-redhat10-10-1.noarch.rpm
% sudo yum install -y postgresql10-server postgresql10 postgres-devel
% export PATH=/usr/pgsql-10/bin/:$PATH
% postgresql-10-setup initdb

Note that the postgres-devel package is still required for the bundle install step below, and I am not sure if that step works with Postgres 10.

Like for Postgres 9, you need to add trust for local IPv6 connexions in /var/lib/pgsql/10/data/pg_hba.conf:

# TYPE  DATABASE        USER            ADDRESS                 METHOD

# "local" is for Unix domain socket connections only
local   all             all                                     peer
# IPv4 local connections:
host    all             all             127.0.0.1/32            trust
# IPv6 local connections:
host    all             all             ::1/128                 trust

You can then start the database server:

% sudo systemctl start postgresql-10
% sudo systemctl enable postgresql-10

Check that you can connect to the database, then create the redmine user and a redmine database:

% sudo su - postgres
% export PATH=/usr/pgsql-10/bin/:$PATH
% psql
postgres=# alter role postgres with encrypted password 'insert-your-postgres-password-here';
postgres=# create user redmine with encrypted password 'insert-your-redmine-password-here';
postgres=# create database redmine with encoding 'UTF-8' owner redmine;

If you get an error related to the encoding (I only had that on Postgres 9):

ERROR:  new encoding (UTF8) is incompatible with the encoding of the template database (SQL_ASCII)
HINT:  Use the same encoding as in the template database, or use template0 as template.

then you should explicitly use template0:

postgres=# create database redmine with template=template0 encoding 'UTF-8' owner redmine;

Postgres 9.2.23

Postgres 9.2.23 is what you get directly when installing with yum in RHEL 7.4:

# Default Postgres 9.2.23
% sudo yum -y install postgresql postgresql-server postgresql-devel
% postgresql-setup initdb
% sudo systemctl start postgresql
% sudo systemctl enable postgresql

I have not been able to have Redmine connect to the database without altering /var/lib/pgsql/data/pg_hba.conf to have trust for local IPv6 connnexions:

# TYPE  DATABASE        USER            ADDRESS                 METHOD

# "local" is for Unix domain socket connections only
local   all             all                                     peer
# IPv4 local connections:
host    all             all             127.0.0.1/32            trust
# IPv6 local connections:
host    all             all             ::1/128                 trust

I suspect this is wrong, but I don't know how to do it "right", and that's also how it's configured in the Redmine docker containers I looked at.

Create user and database like in the previous section.

For MySQL / MariaDB

Installing and starting the database server

# MariaDB (formerly MySQL)
% sudo yum -y install mariadb mariadb-devel
% sudo systemctl start mariadb
% sudo systemctl enable mariadb

Then you can setup the original database:

% mysql -u root -p
MariaDB [(none)]> set password for 'root'@'localhost' = password('insert-your-password-here');
MariaDB [(none)]> create database redmine character set utf8;
MariaDB [(none)]> create user 'redmine'@'localhost' identified by 'somepass';
MariaDB [(none)]> grant all privileges on redmine.* to 'redmine'@'localhost';

Note: The rest of this setup assumes Postgres, will need to be updated with MariaDB instructions as well.

Upgrade Ruby

The default ruby is 2.0.0p648. If you keep that version, gem install passenger fails.

% sudo yum install -y gcc
% cd /usr/local/src
% wget https://cache.ruby-lang.org/pub/ruby/2.5/ruby-2.5.0.tar.gz
% tar xvfz ruby-2.5.0.tar.gz
% cd ruby-2.5.0/
% ./configure
% make
% sudo make install

Verify that you have Ruby 2.5 installed after that:

% export PATH=/usr/local/bin:$PATH
% ruby -v
ruby 2.5.0p0 (2017-12-25 revision 61468) [x86_64-linux]

Install passenger and Gem bundler:

With Ruby 2.5, we can install Passenger:

% gem install passenger
gem install passenger
Fetching: rack-2.0.3.gem (100%)
Successfully installed rack-2.0.3
Fetching: passenger-5.2.0.gem (100%)
Building native extensions. This could take a while...
Successfully installed passenger-5.2.0
Parsing documentation for rack-2.0.3
Installing ri documentation for rack-2.0.3
Parsing documentation for passenger-5.2.0
Installing ri documentation for passenger-5.2.0
Done installing documentation for rack, passenger after 53 seconds
2 gems installed

Install Gem bundler:

% gem install bundler
Fetching: bundler-1.16.1.gem (100%)
Successfully installed bundler-1.16.1
Parsing documentation for bundler-1.16.1
Installing ri documentation for bundler-1.16.1
Done installing documentation for bundler after 5 seconds
1 gem installed

Check out Redmine

Add a redmine user

% sudo useradd redmine

Install svn to be able to checkout Redmine:

% sudo yum -y install svn

Check out the version of Redmine you want, here with version 3.4:

% su redmine
% cd /var/www
% svn co http://svn.redmine.org/redmine/branches/3.4-stable redmine

Database configuration

The database configuration for Redmine is in /var/www/redmine/config/database.yml. There is a template in that directory which you can edit.

% cd /var/www/redmine/config/
% cp database.yml.example database.yml

Edit database.yml to contain the correct information regarding your installation. For Postgres:

production:
  adapter: postgresql
  database: redmine
  host: localhost
  username: redmine
  password: insert-your-password-here

(Note that you always have the choice of running the database in some other host than localhost)

Install dependencies using the Gem bundler

This step will look at the dependencies specified in the Gemfile:

% cd /var/www/redmine
% bundle install

You may have a message about YARD recommending you use the following command:

% yard config --gem-install-yri
Updated ~/.gemrc: 'gem: --document=yri'

Setup the production environment

Update /var/www/redmine/config/environment.rb, adding the following statement:

ENV['RAILS_ENV'] ||= 'production'

Generate a secret token:

% RAILS_ENV=production bundle exec rake generate_secret_token

Run the database migration step:

% RAILS_ENV=production bundle exec rake db:migrate

Start the server

Note that you may want to open the firewall for that port using firewall-config or firewall-cmd, e.g.

% sudo firewall-cmd  --zone=public --add-port=3000/tcp --permanent

You can now attempt to run the application:

% sudo su - redmine
% cd /var/www/redmine
% /usr/local/bin/ruby bin/rails server -b 0.0.0.0 -e production
=> Booting WEBrick
=> Rails 4.2.8 application starting in production on http://0.0.0.0:3000
=> Run `rails server -h` for more startup options
=> Ctrl-C to shutdown server
[2018-02-01 12:49:02] INFO  WEBrick 1.4.2
[2018-02-01 12:49:02] INFO  ruby 2.5.0 (2017-12-25) [x86_64-linux]
[2018-02-01 12:49:02] INFO  WEBrick::HTTPServer#start: pid=21470 port=3000

Optional installations

If you are using a revision control system, you may want something like (pick which ones apply):

% yum -y install darcs hg cvs bzr git

Add a systemd service

You can optionally ensure your server starts automatically by creating a systemd service for it in /usr/lib/systemd/system/redmine.service.

[Unit]
Description=Redmine server
After=network.target remote-fs.target nss-lookup.target

[Service]
Type=simple
User=redmine
Group=redmine
EnvironmentFile=/etc/sysconfig/httpd
ExecStart=/usr/local/bin/ruby /var/www/redmine/bin/rails server -b 0.0.0.0 -e production
TimeoutSec=300
ExecStop=/bin/kill -WINCH ${MAINPID}

[Install]
WantedBy=multi-user.target

Adding https support

Create Apache virtual host

This is assuming you want to connect directly using the server name. Create a file named for example /etc/httpd/conf.d/redmine.conf, containing:

<VirtualHost *:443>
  ServerName my-server-name@my-domain.com
  ServerAdmin my-admin-name@my-domain.com
  ErrorLog "logs/redmine_error_log" 

  SSLEngine on
  SSLCertificateFile /etc/pki/tls/certs/ca.crt
  SSLCertificateKeyFile /etc/pki/tls/private/ca.key

  DocumentRoot /var/www/redmine/public

  <Directory /var/www/redmine/public>
    AllowOverride all
    Options -MultiViews
  </Directory>

</VirtualHost>

Create .htaccess with rewrite rules to dispatch.cgi

Note that you need to have created the certificates (plenty of resources on the web on how to do that)

Add the following in /var/www/redmine/public/.htaccess:

# General Apache options
<IfModule cgi_module>
    AddHandler cgi-script .cgi
</IfModule>
<IfModule mod_fastcgi.c>
    AddHandler fastcgi-script .fcgi
</IfModule>
<IfModule mod_fcgid.c>
    AddHandler fcgid-script .fcgi
</IfModule>
Options +FollowSymLinks +ExecCGI

# If you don't want Rails to look in certain directories,
# use the following rewrite rules so that Apache won't rewrite certain requests
#
# Example:
#   RewriteCond %{REQUEST_URI} ^/notrails.*
#   RewriteRule .* - [L]

# Redirect all requests not available on the filesystem to Rails
# By default the cgi dispatcher is used which is very slow
#
# For better performance replace the dispatcher with the fastcgi one
#
# Example:
#   RewriteRule ^(.*)$ dispatch.fcgi [QSA,L]
RewriteEngine On

# If your Rails application is accessed via an Alias directive,
# then you MUST also set the RewriteBase in this htaccess file.
#
# Example:
#   Alias /myrailsapp /path/to/myrailsapp/public
#   RewriteBase /myrailsapp

RewriteRule ^$ index.html [QSA]
RewriteRule ^([^.]+)$ $1.html [QSA]
RewriteCond %{REQUEST_FILENAME} !-f
<IfModule cgi_module>
    RewriteRule ^(.*)$ dispatch.cgi [QSA,L]
</IfModule>
<IfModule mod_fastcgi.c>
    RewriteRule ^(.*)$ dispatch.fcgi [QSA,L]
</IfModule>
<IfModule mod_fcgid.c>
    RewriteRule ^(.*)$ dispatch.fcgi [QSA,L]
</IfModule>

# In case Rails experiences terminal errors
# Instead of displaying this message you can supply a file here which will be rendered instead
#
# Example:
ErrorDocument 500 /500.html

Create the dispatch.cgi file

Finally, you need a /var/www/redmine/public/dispatch.cgi script:

#!/usr/local/bin/ruby                                                                                                                                                                                          

require File.dirname(__FILE__) + '/../config/boot'
require File.dirname(__FILE__) + '/../config/environment'

class Rack::PathInfoRewriter
  def initialize(app)
    @app = app
  end

  def call(env)
    env.delete('SCRIPT_NAME')
    parts = env['REQUEST_URI'].split('?')
    env['PATH_INFO'] = parts[0]
    env['QUERY_STRING'] = parts[1].to_s
    @app.call(env)
  end
end

Rack::Handler::CGI.run Rack::PathInfoRewriter.new(RedmineApp::Application)

Adjusting the SELinux policy

You also need to make sure that Apache is allowed to execute all that part:

% cd /var/www/redmine/public
% sudo chown -R apache:apache .
% sudo chmod +x dispatch.cgi

Finally, it's necessary to create an SELinux policy allowing that CGI script to run, otherwise you will get an internal server error:

% sudo semanage boolean -m --on httpd_enable_cgi
% sudo semanage fcontext -a -t httpd_sys_script_exec_t /var/www/redmine/public
% sudo restorecon /var/www/redmine/public
% sudo setsebool -P httpd_can_network_connect 1
% sudo setsebool -P httpd_can_network_connect_db 1
% ausearch -c 'dispatch.cgi' --raw | audit2allow -M my-dispatchcgi
% semodule -i my-dispatchcgi.pp

Updated by Gil Cesar Faria over 6 years ago · 24 revisions