Project

General

Profile

Install Redmine 421 on Centos 7 » History » Version 2

Fletcher Johnston, 2021-07-29 17:17

1 1 Fletcher Johnston
h1. Installation of Redmine 4.2.1 on CentOS 7 + SELinux, Apache 2.4, Passenger
2
3
{{>toc}} 
4
5
This guide will walk you through the installation procedure for Redmine 4.2.1 on CentOS7, including support for SELinux.  Much of what follows is based off the excellent guide by Franck Michel which can be found [[Install_Redmine_346_on_Centos_75| here]].
6
7
This guide will not cover installing and configuring a database for Redmine; that's something that is covered in many other guides and is pretty straightforward.  This guide will also not cover any SCM repos, or integration with LDAP, but will cover how to go about getting Redmine working with SELinux enabled in CentOS7.  Every Redmine HOWTO I've come across makes use of the Passenger GEM, however the GEM doesn't come with any SELinux policies.  Though there is an SELinux HOWTO [[RedmineAndSELinuxOnCentOS| here]], following it didn't really help me.  This guide represents many hours of painfully reading Redmine, Passenger, and SELinux error logs.  I hope you find it useful!
8
9
The full configuration used in this guide is:
10
11
*   CentOS Linux release 7.9.2009 (Core)
12
*   Apache 2.4.6
13
*   Redmine 4.2.1
14
*   Ruby 2.7.3
15
*   Apache Passenger 6.0.8
16
*   SELinux tweaks
17
18
h2. Initial Configuration
19
20
To begin, I'd recommend a fresh CentOS install.  You will, of course, have to install an RDBMS of your choice, either on the same server or on a dedicated server.
21
22
h2. Install necessary packages
23
24
We'll install all the packages necessary to install Ruby.  Additionally, we're installing Apache and mod_ssl, which we'll need to serve Redmine.
25
26
<pre>
27
[As root/sudo]:
28
yum install -y gcc-c++ patch readline readline-devel zlib zlib-devel libyaml-devel libffi-devel openssl-devel make bzip2 autoconf automake libtool bison iconv-devel sqlite-devel wget mysql-devel httpd mod_ssl
29
</pre>
30
31
h2. Install Ruby 2.7.3
32
33
Adapted directly from Franck's guide [[Install_Redmine_346_on_Centos_75 | here]].
34
35
<pre>
36
[As root/sudo]:
37
gpg2 --keyserver hkp://pool.sks-keyservers.net --recv-keys 409B6B1796C275462A1703113804BB82D39DC0E3 7D2BAF1CF37B13E2069D6956105BD0E739499BDB
38
curl -L get.rvm.io | bash -s stable
39
source /etc/profile.d/rvm.sh
40
rvm reload
41
rvm requirements run
42
rvm install 2.7
43
rvm list
44
ruby --version 
45
</pre>
46
47
h2. Install Redmine 4.2.1
48
49
Adapted from Frank's guide[[Install_Redmine_346_on_Centos_75| here]].
50
I like to install Redmine in /var/www/
51
52
h3. Download and untar Redmine
53
54
<pre>
55
wget https://redmine.org/releases/redmine-4.2.1.tar.gz
56
tar xvfz redmine-4.2.1.tar.gz
57
mv redmine-4.2.1 /var/www/
58
export REDMINE=/var/www/redmine-4.2.1
59
cd $REDMINE
60
cp config/database.yml.example config/database.yml 
61
</pre>
62
63
This will install Redmine into the /var/www directory.  This works well with Apache and SELinux. 
64
65
Customize your `database.yml` file.  You can refer to [[RedmineInstall#Step-3-Database-connection-configuration | guide]] for additional help.  
66
67
<pre>
68
vi config/database.yml 
69
</pre>
70
71
h3. Install Gems and Create Database Schema
72
73
<pre>
74
cd $REDMINE
75
gem install bundler
76
bundle install --without development test
77
bundle exec rake generate_secret_token
78
RAILS_ENV=production REDMINE_LANG=en bundle exec rake db:migrate
79
RAILS_ENV=production REDMINE_LANG=en bundle exec rake redmine:load_default_data 
80
</pre>
81
82
h3. Install Passenger 6.0.8
83
84
Here is where this guide will diverge considerably from Franck's guide.  That guide, and all others I could find for Apache, make use of the Passenger Gem, which you'd install by doing something like this:
85
86
<pre>
87
gem install passenger
88
</pre>
89
90
However, as you work through that installation process, the installer actually warns you that the recommended method for installing Passenger on RHEL type systems is using a package manager, as that will include the SELinux policies necessary for Passenger to function properly.  That's what we're going to do here.  These steps are adapted from the excellent Passenger installation guide which can be found "here":https://www.phusionpassenger.com/library/install/apache/install/oss/el7/.
91
92
<pre>
93
yum install -y epel-release yum-utils
94
yum-config-manager --enable epel
95
yum clean all && sudo yum update -y
96
yum install -y pygpgme curl
97
curl --fail -sSLo /etc/yum.repos.d/passenger.repo https://oss-binaries.phusionpassenger.com/yum/definitions/el-passenger.repo
98
yum install -y mod_passenger 
99
</pre>
100
101
Once Passenger is installed you can verify the installation using:
102
103
<pre>
104
/usr/bin/passenger-config validate-install
105
</pre>
106
107
Which should give you an output like this:
108
109
<pre>
110
 * Checking whether this Passenger install is in PATH... ✓
111
 * Checking whether there are no other Passenger installations... ✓ 
112
</pre>
113
114
Now, this is where things get a little tricky.  As part of its' installation process `RVM` installs whichever version of Ruby you ask it to, but also installs the System version of Ruby (at the time of writing, this is 2.0.0.648-36.el7 for CentOS7, which is woefully out of date).  When Passenger is installed, the System Ruby package is a requirement, and Passenger is "pointed" at the System version of Ruby.  This will cause all sorts of problems for us as Redmine needs at least Ruby 2.4, but we'd like to use something that isn't EOL.  Luckily, Passenger's documentation covers "this":https://www.phusionpassenger.com/library/indepth/ruby/multiple_rubies.html:
115
"Once installed, you can run Passenger's Ruby parts under any Ruby interpreter you want, even if that Ruby interpreter was not the one you originally installed Passenger with."  
116
117
Excellent!  Let's go about doing that.  Before we leave this section, we need to determine where the RVM Ruby interpreter was installed.  Use this command for that:
118
119
<pre>
120
/usr/bin/passenger-config --ruby-command 
121
</pre>
122
123
This should return something like:
124
125
<pre>
126
passenger-config was invoked through the following Ruby interpreter:
127
  Command: /usr/local/rvm/gems/ruby-2.7.2/wrappers/ruby
128
  Version: ruby 2.7.2p137 (2020-10-01 revision 5445e04352) [x86_64-linux]
129
  To use in Apache: PassengerRuby /usr/local/rvm/gems/ruby-2.7.2/wrappers/ruby
130
  To use in Nginx : passenger_ruby /usr/local/rvm/gems/ruby-2.7.2/wrappers/ruby
131
  To use with Standalone: /usr/local/rvm/gems/ruby-2.7.2/wrappers/ruby /usr/bin/passenger start
132
133
134
## Notes for RVM users
135
Do you want to know which command to use for a different Ruby interpreter? 'rvm use' that Ruby interpreter, then re-run 'passenger-config about ruby-command'. 
136
</pre>
137
138
h3. Configure Apache
139
140
Create a new virtual host config file in apache: /etc/httpd/conf.d/redmine.conf.  Again, the majority of this section comes from Franck's guide, but with one key addition.  This first line, comes from the output of the command in the previous section, tells Passenger which Ruby interpreter to use. 
141
142
<pre>
143
PassengerRuby /usr/local/rvm/gems/ruby-2.7.2/wrappers/ruby
144
145
<VirtualHost *:80>
146
    ServerName yourserver.domain.org
147
    DocumentRoot "/var/www/redmine-4.2.1/public"
148
149
    ErrorLog logs/redmine_error_log
150
    LogLevel warn
151
152
    <Directory "/var/www/redmine-4.2.1/public">
153
        Options Indexes ExecCGI FollowSymLinks
154
        Require all granted
155
        AllowOverride all
156
    </Directory>
157
</VirtualHost> 
158
</pre>
159
160
h2. Permissions and SELinux Policies
161
162
Now the time has come to set permissions and SELinux policies.  We'll begin by setting the normal Linux permissions on the entire Redmine folder.  Some other guides only apply this to some sub folders, but I found that with SELinux enabled it was necessary to chown everything as apache:apache.
163
164
<pre>
165
cd $REDMINE
166
cd ..
167
chown -R apache:apache redmine-4.2.1 
168
</pre>
169
170 2 Fletcher Johnston
Next, we will set the SELinux policies.  These were taken from this [[RedmineAndSELinuxOnCentOS| guide]].
171 1 Fletcher Johnston
172
<pre>
173
# Set SELinux permissions
174
chcon -R -t httpd_log_t redmine-4.2.1/log/
175
chcon -R -t httpd_tmpfs_t redmine-4.2.1/tmp/
176
chcon -R -t httpd_sys_script_rw_t redmine-4.2.1/files/
177
chcon -R -t httpd_sys_script_rw_t redmine-4.2.1/public/plugin_assets/
178
restorecon -Rv redmine-4.2.1/ 
179
</pre>
180
181
h2. Environment Variables
182
183
Passenger might complain that it isn't able to install a native support .so file.  We can suppress this warning by adding the following lines to:
184
<pre>
185
vi /etc/sysconfig/httpd
186
</pre>
187
188
<pre>
189
PASSENGER_COMPILE_NATIVE_SUPPORT_BINARY=0
190
PASSENGER_DOWNLOAD_NATIVE_SUPPORT_BINARY=0 
191
</pre>
192
193
194
That's it!
195
196
At this point, restart Apache.
197
198
<pre>
199
systemctl restart httpd 
200
</pre>
201
202
You should be able to access Redmine at the domain you entered in step X above. 
203
204
h2. Additional Considerations
205
206
A few additional considerations:
207
208 2 Fletcher Johnston
*   It would be wise to install some kind of firewall (iptables or firewalld) to protect your server.
209 1 Fletcher Johnston
*   If you install themes or plugins to Redmine you will have to repeat the chown procedure above.