Cài Đặt Redmine Trên CentOS Với Nginx Và Unicorn - Zonmob Labs

5/5/2016
CitRedminetrnCentOSviNginxvUnicornZonmobLabs
Zonmob Labs
Bncthcmc?Hytmkimnhngbivithuch!
Ci t Redmine trn CentOS vi Nginx

v Unicorn
SEARCH
ng nhp
Username
/ Redmine / Ci t Redmine trn CentOS vi Nginx v Unicorn

07/02/2015
Bi c Hiu
Redmine
Password
Vic ci t Redmine hin ti c th thc hin d dng qua Bitnami, nhng ti vn

thch cch ci t th cng hn. Vi mt cht hiu bit v Ruby on Rails v CSS,
HTML chng ta c th chnh sa li vi th m chng ta thch d dng hn nhiu
so vi vic ci t t cc gi ng sn. Bi vit ny s trnh by tng bc ci t
Remember Me
Login
Lost Password
trin khai mt Redmine Server, cc thnh phn no cc bn ci th c th

b qua. Tuy h iu hnh c th nghim l CentOS 7 nhng vic ci t trn
CentOS 6 cng khng khc g c.
Bi vit ph bin
1. Mi trng ci t
vi Nginx v Unicorn
OS: CentOS 7
http://labs.zonmob.com/redmine/caidatredminetrencentosvoinginxvaunicorn.html
Ci t Redmine trn CentOS
Gii thiu v Zimbra
1/16
5/5/2016
Ruby: 2.1.5
n Dog and Chicken
Redmine: 2.6.1
Nginx: 1.6.2
Unicorn: 4.8.3
2. Ci t cc gi ph thuc ca Redmine
Bi vit mi nht
Kinh nghim Git: Branch

early, branch often
1 $ sudo yum -y install mariadb-server mariadb-devel
3. Ci t Ruby
Workow cho developer

team s dng Unity3D v Git
1 $ sudo yum -y install mysql-server mysql-devel
Workow cho developer

team s dng Unity3D v Git
C s d liu c s dng l MariaDB, thay th cho MySQL
Nu cc bn vn mun dng MySQL
Ti sao email ca ti li vo
th mc spam?
Ci t cc gi ph thuc cn thit
1 $ sudo yum -y groupinstall "Development Tools"
2 $ sudo yum -y install openssl-devel readline-devel zlib-devel curl-devel libyaml
3 $ sudo yum -y install ImageMagick ImageMagick-devel ipa-pgothic-fonts
Tng kt rt kinh nghim d
Mt s k thut cn bit khi

lm vic vi Git
Tng kt rt kinh nghim d

n Dog and Chicken
Test Cases cho Games Apps /

Checklist cho Games Apps
Ci t Ruby 2.1.5 trong mi trng rbenv

1 $ sudo yum install gcc make openssl openssl-devel
Ch
Agile
1
2
3
4
$
$
$
$
cd /usr/local/
sudo git clone git://github.com/sstephenson/rbenv.git rbenv
mkdir -p rbenv/shims rbenv/versions
sudo groupadd /usr/local/rbenv
Git
Linux
2/16
5/5/2016
5
6
7
8
$
$
$
$
sudo chgrp -R rbenv rbenv/

Mail
sudo git clone git://github.com/sstephenson/ruby-build.git /usr/local/rbenv/ruby-build
cd /usr/local/rbenv/ruby-build
Nginx
./install.sh
To mt mi trng vi thit lp le/etc/prole.d/rbenv.sh
Redmine
Testing QA
Unity
1 export RBENV_ROOT="/usr/local/rbenv"
2 export PATH="/usr/local/rbenv/bin:$PATH"
3 eval "$(rbenv init -)"
1
2
3
4
5
6
7
8
9
10
11
12
Zimbra
$ source /etc/profile.d/rbenv.sh
$ sudo rbenv install -v 2.1.5
$ rbenv versions
* system (set by /usr/local/rbenv/version)
2.1.3
$ sudo rbenv global 2.1.3
$ rbenv versions
system
* 2.1.5 (set by /usr/local/rbenv/version)
$ ruby --version
ruby 2.1.5p273 (2014-11-13 revision 48405) [x86_64-linux]
$
Ci t Bundler
1 $ sudo gem install bundler --no-rdoc --no-ri
2 $ bundle --version
3 Bundler version 1.7.12
4. Thit lp MariaDB
Thit lp cu hnh cho MariaDB lu ti/etc/my.cnf
1 [mysqld]
2 datadir=/data/mysql # Th mc d liu, bt k
3/16
5/5/2016
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
socket=/var/lib/mysql/mysql.sock
# Disabling symbolic-links is recommended to prevent assorted security risks
symbolic-links=0
# Settings user and group are ignored when systemd is used.
# If you need to run mysqld under a different user or group,
# customize your systemd unit file for mariadb according to the
# instructions in http://fedoraproject.org/wiki/Systemd
character-set-server=utf8
[mysqld_safe]
log-error=/var/log/mariadb/mariadb.log
pid-file=/var/run/mariadb/mariadb.pid
#
# include all files from the config directory
#
!includedir /etc/my.cnf.d
[mysql]
default-character-set=utf8
To th mc cha d liu v ci t.
1
2
3
4
$
$
$
$
sudo
sudo
sudo
sudo
mkdir -p /data/mysql # To mt th mc d liu

chown mysql:mysql /data/mysql
service mariadb start
systemctl enable mariadb
Thit lp mt khu ti khon root bngmysql_secure_installation

1
2
3
4
5
6
7
8
9
10
$ mysql_secure_installation
NOTE: RUNNING ALL PARTS OF THIS SCRIPT IS RECOMMENDED FOR ALL MariaDB
SERVERS IN PRODUCTION USE!PLEASE READ EACH STEP CAREFULLY!
In order to log into MariaDB to secure it, we'll need the current
password for the root user.If you've just installed MariaDB, and
you haven't set the root password yet, the password will be blank,
so you should just press enter here.
Enter current password for root (enter for none):
4/16
5/5/2016
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
OK, successfully used password, moving on...
Setting the root password ensures that nobody can log into the MariaDB
root user without the proper authorisation.
Set root password? [Y/n] y

New password: ${root_passwd}
Re-enter new password: ${root_passwd}
Password updated successfully!
Reloading privilege tables..
... Success!
By default, a MariaDB installation has an anonymous user, allowing anyone

to log into MariaDB without having to have a user account created for
them.This is intended only for testing, and to make the installation
go a bit smoother.You should remove them before moving into a
production environment.
Remove anonymous users? [Y/n] y

... Success!
Normally, root should only be allowed to connect from 'localhost'.This

ensures that someone cannot guess at the root password from the network.
Disallow root login remotely? [Y/n] y

... Success!
By default, MariaDB comes with a database named 'test' that anyone can
access.This is also intended only for testing, and should be removed
before moving into a production environment.
Remove test database and access to it? [Y/n] y

- Dropping test database...
... Success!
- Removing privileges on test database...
... Success!
Reloading the privilege tables will ensure that all changes made so far
will take effect immediately.
Reload privilege tables now? [Y/n] y

... Success!
Cleaning up...
5/16
5/5/2016
57
58
59
60
All done!If you've completed all of the above steps, your MariaDB
installation should now be secure.
Thanks for using MariaDB!
To c s d liu v ti khon trn MariaDB cho Redmine

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
$ mysql -u root -p
Enter password: ${mysql_root_password}
Welcome to the MariaDB monitor.Commands end with ; or \g.
Your MariaDB connection id is 10
Server version: 5.5.40-MariaDB MariaDB Server
Copyright (c) 2000, 2014, Oracle, Monty Program Ab and others.
Type 'help;' or '\h' for help. Type '\c' to clear the current input statement
MariaDB [(none)]>
MariaDB [(none)]>
MariaDB [(none)]> CREATE DATABASE redmine DEFAULT character set utf8;
Query OK, 1 row affected (0.00 sec)
MariaDB [(none)]> grant all on redmine.* TO redmine@localhost identified by

Query OK, 0 rows affected (0.00 sec)
MariaDB [(none)]> flush privileges;

Query OK, 0 rows affected (0.00 sec)
MariaDB [(none)]> exit;
5. Ci t Redmine
Ti v m ngun Redmine t trang ch vto mt lin kt sang /opt.
1
2
3
4
$
$
$
$
cd /usr/local/src
sudo curl -O http://www.redmine.org/releases/redmine-2.6.1.tar.gz
sudo tar zxvf redmine-2.6.1.tar.gz
sudo ln -s ./redmine-2.6.1 /opt/redmine # To mt lin kt tng trng
6/16
5/5/2016
Sau , thit lp c s d liu ca Redmine.

u tin, sao chp le cu hnh v d.
1 $ sudo cp -p /opt/redmine/config/database.yml.example /opt/redmine/config/database
Sau , in cc thng tin to lc trc.

/opt/redmine/cong/database.yml
1
2
3
4
5
6
7
8
9
10
11
12
# Default setup is given for MySQL with ruby1.9. If you're running Redmine
# with MySQL and ruby1.8, replace the adapter name with `mysql`.
# Examples for PostgreSQL, SQLite3 and SQL Server can be found at the end.
# Line indentation must be 2 spaces (no tabs).
production:
adapter: mysql2
database: redmine
host: localhost
username: redmine
password: "${redmine_passwd}"
encoding: utf8
Ci t cc gi ph thuc v nhp c s d liu thng qua bundle

1
2
3
4
$
$
$
$
cd /opt/redmine
bundle install --without development test --path vendor/bundle
bundle exec rake generate_secret_token
RAILS_ENV=production bundle exec rake db:migrate
6. Ci t Unicorn
Ci t Unicorn bng cch chnh saGemle (/opt/redmine) v thm vo on
di y,
7/16
5/5/2016
/opt/redmine/Gemle
1 gem 'unicorn', '4.8.3'
Ri chy bundle.
1 $ bundle install
Sau , thit lp bin mi trng cho Redmine.

/etc/prole.d/redmine.sh
1 RAILS_ROOT=/opt/redmine
2 export RAILS_ROOT
Cp nhtcc bin mi trng.

1 $ source /etc/profile.d/redmine.sh
Tp tin cu hnh ca Unicorn nh sau:

Cc tp tin socket l v, nhng n l mt li khng tm thy trong Nginx khi t
di /tmp/. http://serverfault.com/questions/463993/nginx-unix-domain-socketerror/464025#464025
/opt/redmine/cong/unicorn.rb
1
2
3
4
# -*- coding: utf-8 -*# S lng worker ca nginx

worker_processes 2
8/16
5/5/2016
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
# Sock
listen'/var/run/unicorn.sock'
pid '/var/run/unicorn.pid'
# Log
log = File.expand_path('log/unicorn.log', ENV['RAILS_ROOT'])
stderr_path File.expand_path('log/unicorn.log', ENV['RAILS_ROOT'])
stdout_path File.expand_path('log/unicorn.log', ENV['RAILS_ROOT'])
preload_app true
GC.respond_to?(:copy_on_write_friendly=) and GC.copy_on_write_friendly = true
before_fork do |server, worker|

defined?(ActiveRecord::Base) and ActiveRecord::Base.connection.disconnect!
old_pid = "#{ server.config[:pid] }.oldbin"

unless old_pid == server.pid
begin
sig = (worker.nr + 1) >= server.worker_processes ? :QUIT : :TTOU
Process.kill :QUIT, File.read(old_pid).to_i
rescue Errno::ENOENT, Errno::ESRCH
end
end
end
after_fork do |server, worker|

defined?(ActiveRecord::Base) and ActiveRecord::Base.establish_connection
end
Sau bt u-up script.

/opt/redmine/script/unicorn.sh
1
2
3
4
5
6
7
8
9
10
#!/bin/bash
set -e
TIMEOUT=60
APP_ROOT=${RAILS_ROOT}
PID=/var/run/unicorn.pid
RAILS_ENV=production
CMD="bundle exec unicorn -D -c $APP_ROOT/config/unicorn.rb -E $RAILS_ENV"
action="$1"
9/16
5/5/2016
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
set -u
old_pid="$PID.oldbin"
cd $APP_ROOT || exit 1
sig () {
test -s "$PID" && kill -$1 `cat $PID`
}
oldsig () {
test -s $old_pid && kill -$1 `cat $old_pid`
}
case $action in
start)
sig 0 && echo >&2 "Already running" && exit 0
$CMD
;;
stop)
sig QUIT && rm -f ${PID} && exit 0
echo >&2 "Not running"
;;
force-stop)
sig TERM && exit 0
echo >&2 "Not running"
;;
restart|reload)
sig HUP && echo reloaded OK && exit 0
echo >&2 "Couldn't reload, starting '$CMD' instead"
$CMD
;;
upgrade)
if sig USR2 && sleep 2 && sig 0 && oldsig QUIT
then
n=$TIMEOUT
while test -s $old_pid && test $n -ge 0
do
printf '.' && sleep 1 && n=$(( $n - 1 ))
done
echo
if test $n -lt 0 && test -s $old_pid

then
echo >&2 "$old_pid still exists after $TIMEOUT seconds"
exit 1
10/16
5/5/2016
57
58
59
60
61
62
63
64
65
66
67
68
69
70
fi
exit 0
fi
echo >&2 "Couldn't upgrade, starting '$CMD' instead"
$CMD
;;
reopen-logs)
sig USR1
;;
*)
echo >&2 "Usage: $0 <start|stop|restart|upgrade|force-stop|reopen-logs>"
exit 1
;;
esac
Cc redmine http://localhost/redmine/ bn cn phi chnh sa cong.ru nh sau

nu gi l th mc con nh.
/opt/redmine/cong.ru
1
2
3
4
5
6
7
8
9
10
# This file is used by Rack-based servers to start the application.

RAILS_RELATIVE_URL_ROOT="/redmine"
require ::File.expand_path('../config/environment',__FILE__)
if RAILS_RELATIVE_URL_ROOT then
map RAILS_RELATIVE_URL_ROOT do
run Rails.application
end
else
run Rails.application
end
/ Redmine phn ca, hy thay th n vi mi trng ca bn.

7. Ci t Nginx
Lp t trn gi.
11/16
5/5/2016
1 $ sudo rpm -Uvh http://nginx.org/packages/centos/7/noarch/RPMS/nginx-release-centos-7-0.el7.ngx.noarch.rpm # Ti gi ca Ngin

2 $ sudo yum -y install nginx
Cc bn gc nu /etc/nginx/conf.d/redmine.conf Lm th no c th nh vy nn
vit nh, cc trang web c sn thi gian ny trong cng mt cch nh Ubuntu, bn
c th to v cu hnh cc trang web cho php.
1 $ sudo mkdir -p /etc/nginx/sites-avaliable/ /etc/nginx/sites-enabled/
Sau tp tin cu hnh Nginx.

/etc/nginx/nginx.conf
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
usernginx;
worker_processes1;
error_log/var/log/nginx/error.log warn;
pid/var/run/nginx.pid;
events {
worker_connections1024;
}
http {
include /etc/nginx/mime.types;
default_typeapplication/octet-stream;
log_formatmain'$remote_addr - $remote_user [$time_local] "$request" '

'$status $body_bytes_sent "$http_referer" '
'"$http_user_agent" "$http_x_forwarded_for"';
access_log/var/log/nginx/access.logmain;
sendfileon;
#tcp_nopush on;
keepalive_timeout65;
12/16
5/5/2016
27
28
29
30
31
32
#gzipon;
#include /etc/nginx/conf.d/*.conf;
include /etc/nginx/sites-enabled/*;
}
Sau , cc tp tin cu hnh cho Redmine. / Redmine ti gn cho redmine. Cng h

tr SSL Chng ti mun SSL truyn thng.
/etc/nginx/sites-available/redmine
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
upstream rails-unicorn {
server unix:/var/run/unicorn.sock fail_timeout=0;
}
server {
listen 80;
server_name localhost;
return 301 https://$host$request_uri;
}
server {
listen 443;
ssl on;
ssl_certificate /etc/nginx/ssl/redmine.crt;
ssl_certificate_key /etc/nginx/ssl/redmine.key;
ssl_session_timeout 5m;
ssl_protocols SSLv3 TLSv1;

ssl_ciphers ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv3:+EXP;
ssl_prefer_server_ciphers on;
#listen 80; ## listen for ipv4; this line is default and implied
#listen [::]:80 default ipv6only=on; ## listen for ipv6
root /usr/share/nginx/html/public;
index index.php index.html index.htm;
13/16
5/5/2016
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
# Make site accessible from http://localhost/

location /redmine/ {
try_files $uri $uri.html $uri/index.html @rails-unicorn;
}
location ~ ^/assets/(.*) {
alias /opt/redmine/public/assets/$1;
}
location @rails-unicorn {
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded_For $proxy_add_x_forwarded_for;
proxy_set_header Host $http_host;
proxy_pass http://rails-unicorn;
}
# Only for nginx-naxsi : process denied requests

#location /RequestDenied {
# For example, return an error code
#return 418;
#}
error_page 404 /404.html;
# redirect server error pages to the static page /50x.html

#
error_page 500 502 503 504 /50x.html;
location = /50x.html {
root /usr/share/nginx/html;
}
Vic kch hot tp tin cu hnh /etc/nginx/sites-enabled/ to ra mt lin kt tng

trng.
1 $ sudo ln -s /etc/nginx/sites-available/redmine /etc/nginx/sites-enabled/
Sau , cc tp tin v CSS HTML, vv c lu tr trong cc Redmine

14/16
5/5/2016
/opt/redmine/public v to ra mt lin kt tng trng ca trc thuc gc ti liu

1 $ sudo ln -s /opt/redmine/public/ /usr/share/nginx/html/
Khi ng Unicorn v Nginx.

1 $ cd /opt/redmine
2 $ sudo ./script/unicorn.sh start
3 $ sudo service nginx start
About LatestPosts
Bi c Hiu
Lp trnh vin at Zonmob Tech., JSC
Yu thch tm hiu nhng cng ngh mi
No related posts.
Leave a Reply
Your email address will not be published. Required elds are marked *
15/16
5/5/2016
Name *
Email *
Website
You may use these HTML tags and attributes:

<ahref=""title=""><abbrtitle=""><acronymtitle=""><b><blockquotecite="">
<cite><codeclass=""title=""dataurl=""><deldatetime=""><em><i><qcite
=""><s><strike><strong><preclass=""title=""dataurl=""><spanclass=""tit
le=""dataurl="">
PostComment
Copyright 2014, Zonmob Tech., JSC
16/16

Cài Đặt Redmine Trên CentOS Với Nginx Và Unicorn - Zonmob Labs

Uploaded by

Document Information

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

Cài Đặt Redmine Trên CentOS Với Nginx Và Unicorn - Zonmob Labs

Uploaded by

Copyright:

Available Formats

5/5/2016

Ci t Redmine trn CentOS vi Nginx

/ Redmine / Ci t Redmine trn CentOS vi Nginx v Unicorn

Vic ci t Redmine hin ti c th thc hin d dng qua Bitnami, nhng ti vn

trin khai mt Redmine Server, cc thnh phn no cc bn ci th c th

Ci t Redmine trn CentOS

Gii thiu v Zimbra

n Dog and Chicken

Kinh nghim Git: Branch

1 $ sudo yum -y install mariadb-server mariadb-devel

Workow cho developer

1 $ sudo yum -y install mysql-server mysql-devel

Workow cho developer

C s d liu c s dng l MariaDB, thay th cho MySQL

Nu cc bn vn mun dng MySQL

Tng kt rt kinh nghim d

Mt s k thut cn bit khi

Tng kt rt kinh nghim d

Test Cases cho Games Apps /

Ci t Ruby 2.1.5 trong mi trng rbenv

sudo chgrp -R rbenv rbenv/

To mt mi trng vi thit lp le/etc/prole.d/rbenv.sh

mkdir -p /data/mysql # To mt th mc d liu

Thit lp mt khu ti khon root bngmysql_secure_installation

Enter current password for root (enter for none):

OK, successfully used password, moving on...

Set root password? [Y/n] y

By default, a MariaDB installation has an anonymous user, allowing anyone

Remove anonymous users? [Y/n] y

Normally, root should only be allowed to connect from 'localhost'.This

Disallow root login remotely? [Y/n] y

Remove test database and access to it? [Y/n] y

Reload privilege tables now? [Y/n] y

Thanks for using MariaDB!

To c s d liu v ti khon trn MariaDB cho Redmine

Copyright (c) 2000, 2014, Oracle, Monty Program Ab and others.

MariaDB [(none)]> grant all on redmine.* TO redmine@localhost identified by

MariaDB [(none)]> flush privileges;

MariaDB [(none)]> exit;

Sau , thit lp c s d liu ca Redmine.

Sau , in cc thng tin to lc trc.

Ci t cc gi ph thuc v nhp c s d liu thng qua bundle

Sau , thit lp bin mi trng cho Redmine.

Cp nhtcc bin mi trng.

Tp tin cu hnh ca Unicorn nh sau:

# -*- coding: utf-8 -*# S lng worker ca nginx

before_fork do |server, worker|

old_pid = "#{ server.config[:pid] }.oldbin"

after_fork do |server, worker|

Sau bt u-up script.

if test $n -lt 0 && test -s $old_pid

Cc redmine http://localhost/redmine/ bn cn phi chnh sa cong.ru nh sau

# This file is used by Rack-based servers to start the application.

/ Redmine phn ca, hy thay th n vi mi trng ca bn.

1 $ sudo rpm -Uvh http://nginx.org/packages/centos/7/noarch/RPMS/nginx-release-centos-7-0.el7.ngx.noarch.rpm # Ti gi ca Ngin

Sau tp tin cu hnh Nginx.

log_formatmain'$remote_addr - $remote_user [$time_local] "$request" '

Sau , cc tp tin cu hnh cho Redmine. / Redmine ti gn cho redmine. Cng h

ssl_protocols SSLv3 TLSv1;

# Make site accessible from http://localhost/

# Only for nginx-naxsi : process denied requests

error_page 404 /404.html;

# redirect server error pages to the static page /50x.html

Vic kch hot tp tin cu hnh /etc/nginx/sites-enabled/ to ra mt lin kt tng

# -- coding: utf-8 -# S lng worker ca nginx