How to Install Redmine Project Management Software on Rocky Linux 8

Redmine is a free and open-source project management software and issue tracking tool. It is written using the Ruby on Rails framework and can be integrated with various version control systems. It includes a repository browser and diff viewer. It can be used to manage projects features per project wikis and forums, time tracking and role-based access control. It is cross-platform, cross-database and supports 49 languages.

In this tutorial, you will learn how to install Redmine on a Rocky Linux 8 based server.

Prerequisites

  • A Server running Rocky Linux.

  • A non-sudo user with root privileges.

  • Disable SELinux.

  • Everything is updated.

    $ sudo dnf update
    

Step 1 - Configure Firewall

The first step is to configure the firewall. Rocky Linux uses Firewalld Firewall. Check the firewall's status.

$ sudo firewall-cmd --state
running

Open port 3000, which we can use to check Redmine.

$ sudo firewall-cmd --permanent --add-port=3000

Allow HTTP and HTTPS ports.

$ sudo firewall-cmd --permanent --add-service=http
$ sudo firewall-cmd --permanent --add-service=https

Reload the firewall to enable the changes.

$ sudo firewall-cmd --reload

Step 2 - Install Apache Server

We will use the Apache webserver to deploy Redmine. Install Apache using the following command.

$ sudo dnf install httpd

Enable and start Apache service.

$ sudo systemctl enable --now httpd.service

Grant your current logged in user to the apache user so that it has the necessary access to the /var/www/redmine directory.

$ sudo usermod -aG $USER apache

Step 3 - Install and Configure MySQL Server

We will use MySQL database to store the data. Rocky Linux's Appstream repository ships with the latest version of MySQL.

Install MySQL.

$ sudo dnf install mysql-server

Enable and start the MySQL service.

$ sudo systemctl enable mysqld --now

Secure MySQL installation.

$ sudo mysql_secure_installation

For the first step, you will be asked if you want to set up the Validate Password Plugin, which you can use to test the strength of your MySQL password. Choose Y to proceed. You will be asked to choose the password validation level in the next step. Choose 2 which is the strongest level and will require your password to be at least eight characters long and include a mix of uppercase, lowercase, numeric and special characters.

Securing the MySQL server deployment.

Connecting to MySQL using a blank password.

VALIDATE PASSWORD COMPONENT can be used to test passwords
and improve security. It checks the strength of password
and allows the users to set only those passwords which are
secure enough. Would you like to setup VALIDATE PASSWORD component?

Press y|Y for Yes, any other key for No: Y

There are three levels of password validation policy:

LOW    Length >= 8
MEDIUM Length >= 8, numeric, mixed case, and special characters
STRONG Length >= 8, numeric, mixed case, special characters and dictionary                  file

Please enter 0 = LOW, 1 = MEDIUM and 2 = STRONG: 2

You will be asked to choose a root password in the next step. Choose a strong password that fulfills the requirements of the password validation plugin. In the next step, you will be asked whether to continue with the chosen password. Press y to continue.

Please set the password for root here.

New password:

Re-enter new password:

Estimated strength of the password: 100
Do you wish to continue with the password provided?(Press y|Y for Yes, any other key for No) : Y

Press Y and then ENTER key for all the following prompts to remove anonymous users and the test database, disable root logins and load the newly set rules.

...
Remove anonymous users? (Press y|Y for Yes, any other key for No) : Y
Success.
...
Disallow root login remotely? (Press y|Y for Yes, any other key for No) : Y
Success.
...
Remove test database and access to it? (Press y|Y for Yes, any other key for No) : Y
 - Dropping test database...
Success.
 - Removing privileges on test database...
Success.
Reloading the privilege tables will ensure that all changes
made so far will take effect immediately.
...
Reload privilege tables now? (Press y|Y for Yes, any other key for No) : Y
Success.
All done!

Enter the MySQL shell. Enter your root password to continue.

$ mysql -u root -p

Create redmine user. Make sure the password meets the requirements set before.

mysql> CREATE USER 'redmine'@'localhost' IDENTIFIED BY 'Your_password2';

Create redmine database.

mysql> CREATE DATABASE redmine CHARACTER SET utf8mb4;

Grant the user privileges on the redmine database.

mysql> GRANT ALL PRIVILEGES ON redmine.* TO 'redmine'@'localhost';

Exit the Shell.

mysql> exit

Step 4 - Install EPEL Repository

Some of the packages required for Redmine are available in the EPEL repository. Run the following command to install the EPEL repository.

$ sudo dnf install epel-release

Enable the PowerTools repository.

$ sudo dnf config-manager --set-enabled powertools

Step 5 - Install Ruby and other requisites

Rocky Linux 8 ships with four different versions of Ruby - 2.5, 2.6, 2.7 and 3.0.

List all the available Ruby modules.

$ dnf module list ruby
Last metadata expiration check: 0:18:58 ago on Mon 03 Jan 2022 11:50:10 AM UTC.
Rocky Linux 8 - AppStream
Name            Stream             Profiles              Summary
ruby            2.5 [d]            common [d]            An interpreter of object-oriented scripting language
ruby            2.6                common [d]            An interpreter of object-oriented scripting language
ruby            2.7                common [d]            An interpreter of object-oriented scripting language
ruby            3.0                common [d]            An interpreter of object-oriented scripting language

Hint: [d]efault, [e]nabled, [x]disabled, [i]nstalled

Redmine's latest version is compatible with every version except 3.0. We will install Ruby 2.7 for our tutorial.

Reset other versions and enable the 2.7 version of Ruby.

$ sudo dnf module reset ruby
$ sudo dnf module enable ruby:2.7

Install Ruby.

$ sudo dnf install ruby ruby-devel

Verify the installation.

$ ruby -v
ruby 2.7.4p191 (2021-07-07 revision a21a3b7d23) [x86_64-linux]

Install all the remaining packages required by Redmine.

$ sudo dnf install rpm-build wget libxml2-devel make automake libtool ImageMagick ImageMagick-devel mariadb-devel httpd-devel openssl-devel libcurl-devel gcc gcc-c++

Step 6 - Install Redmine

Visit the Redmine downloads page and check the latest stable version available. At the time of writing this tutorial, the latest available version is 4.2.3.

Use wget to download Redmine.

$ wget https://redmine.org/releases/redmine-4.2.3.tar.gz

Extract and move the files to the /var/www/redmine directory.

$ tar xfz redmine-4.2.3.tar.gz
$ sudo mv redmine-4.2.3 /var/www/redmine

Shift to the /var/www/redmine directory.

$ cd /var/www/redmine

Create Redmine configuration files by using the supplied example files.

$ cp config/configuration.yml.example config/configuration.yml
$ cp config/database.yml.example config/database.yml
$ cp public/dispatch.fcgi.example public/dispatch.fcgi

Open the database.yml file for editing.

$ nano config/database.yml

Find and configure your database settings under the following section.

production:
  adapter: mysql2
  database: redmine
  host: localhost
  username: redmine
  password: "Your_password2"
  # Use "utf8" instead of "utfmb4" for MySQL prior to 5.7.7
  encoding: utf8mb4

Save the file by pressing Ctrl + X and entering Y when prompted.

Install bundler for managing ruby gem dependencies.

$ gem install bundler

Set the environment for installing gem dependencies.

$ bundle config set --local without 'development test'

Install the gem dependencies.

$ bundle install

If you face any issue with gem versions, use the following command to restore.

$ sudo gem pristine --all

Generate a random secret key to prevent tampering with the cookies for storing session data.

$ bundle exec rake generate_secret_token

Create the database structure.

$ RAILS_ENV=production bundle exec rake db:migrate

Insert the data into the MySQL database.

$ RAILS_ENV=production REDMINE_LANG=en bundle exec rake redmine:load_default_data

Create necessary directories and set file permissions.

$ mkdir -p tmp/pdf
$ mkdir -p public/plugin_assets
$ chown -R $USER:$USER files log tmp public/plugin_assets
$ chmod -R 755 /var/www/remine/

Run the following command to start a Rails server instance.

$ bundle exec rails server webrick -e production
=> Booting WEBrick
=> Rails 5.2.6 application starting in production on http://0.0.0.0:3000
=> Run `rails server -h` for more startup options
[2022-01-03 12:58:19] INFO  WEBrick 1.6.1
[2022-01-03 12:58:19] INFO  ruby 2.7.4 (2021-07-07) [x86_64-linux]
[2022-01-03 12:58:19] INFO  WEBrick::HTTPServer#start: pid=117224 port=3000

Open the URL http://<yourserverIP>:3000/login to obtain the Redmine Login screen.

Redmine Login Screen

Enter the default credentials (admin/admin) to log in. You will be asked to change the password.

Redmine Password Expire Screen

Next, you will be redirected to the My Account page.

Redmine My Account

Redmine has been installed successfully.

Next, press CTRL+C on the terminal to stop the server.

Step 7 - Install Phusion Passenger

Phusion Passenger is a ruby application server that allows us to serve Redmine via a 3rd party server. In our case, we will use Apache.

Install Passenger.

$ gem install passenger

Install Passenger module for Apache server.

$ passenger-install-apache2-module

You will be greeted with a welcome message. Press Enter to continue.

Welcome to the Phusion Passenger Apache 2 module installer, v6.0.12.

This installer will guide you through the entire installation process. It
shouldn't take more than 3 minutes in total.

Here's what you can expect from the installation process:

 1. The Apache 2 module will be installed for you.
 2. You'll learn how to configure Apache.
 3. You'll learn how to deploy a Ruby on Rails application.

Don't worry if anything goes wrong. This installer will advise you on how to
solve any problems.

Press Enter to continue, or Ctrl-C to abort.


--------------------------------------------

Next, you will be asked for the language. Ruby is selected by default, so just press Enter to continue.

Which languages are you interested in?

Use <space> to select.
If the menu doesn't display correctly, press '!'

 ? ?  Ruby
   ?  Python
   ?  Node.js
   ?  Meteor

--------------------------------------------

You may get a warning about file permissions. If you have been following our tutorial, just press Enter to continue.

Warning: some directories may be inaccessible by the web server!

The web server typically runs under a separate user account for security
reasons. That user must be able to access the Phusion Passenger(R) files.
However, it appears that some directories have too strict permissions. This
may prevent the web server user from accessing Phusion Passenger(R) files.

It is recommended that you relax permissions as follows:

  sudo chmod o+x "/home/navjot"

Press Ctrl-C to return to the shell. (Recommended)
After relaxing permissions, re-run this installer.
  -OR-
Press Enter to continue anyway.

The whole process will take around 10-15 minutes to finish. If you get an error like the following, it is most likely due to low RAM. You should either increase RAM on your server or install swap space.

c++: fatal error: Killed signal terminated program cc1plus
compilation terminated.
rake aborted!

Once the process is complete, you will get the following message.

--------------------------------------------
Almost there!

Please edit your Apache configuration file, and add these lines:

   LoadModule passenger_module /home/navjot/.gem/ruby/gems/passenger-6.0.12/buildout/apache2/mod_passenger.so
   <IfModule mod_passenger.c>
     PassengerRoot /home/navjot/.gem/ruby/gems/passenger-6.0.12
     PassengerDefaultRuby /usr/bin/ruby
   </IfModule>

After you restart Apache, you are ready to deploy any number of web
applications on Apache, with a minimum amount of configuration!

Press ENTER when you are done editing.

Don't press Enter yet. Open a new session on your server as the current user and perform the following configurations.

Configure Apache Server

Create an Apache module configuration file for Phusion Passenger.

$ sudo nano /etc/httpd/conf.modules.d/00-passenger.conf

Paste the code which you got at the end of the passenger install.

 LoadModule passenger_module /home/navjot/.gem/ruby/gems/passenger-6.0.12/buildout/apache2/mod_passenger.so
   <IfModule mod_passenger.c>
     PassengerRoot /home/username/.gem/ruby/gems/passenger-6.0.12
     PassengerDefaultRuby /usr/bin/ruby
   </IfModule>

Save the file by pressing Ctrl + X and entering Y when prompted.

Create another Apache configuration file for the Redmine site.

$ sudo nano /etc/httpd/conf.d/redmine.conf

Paste the following code in it.

Listen 3000
<IfModule mod_passenger.c>
  PassengerRoot /home/username/.gem/ruby/gems/passenger-6.0.12
  PassengerDefaultRuby /usr/bin/ruby
</IfModule>
<VirtualHost *:3000>
    ServerName redmine.example.com
    DocumentRoot "/var/www/redmine/public" 

    CustomLog logs/redmine_access.log combined
    ErrorLog logs/redmine_error_log
    LogLevel warn

    <Directory "/var/www/redmine/public">
        Options Indexes ExecCGI FollowSymLinks
        Require all granted
        AllowOverride all
    </Directory>
</VirtualHost>

Save the file by pressing Ctrl + X and entering Y when prompted.

Open the main Apache configuration file /etc/httpd/conf/httpd.conf for editing.

$ sudo nano /etc/httpd/conf/httpd.conf

Find the variable ServerName and uncomment by removing the hash (#) in front of it and setting its value as the following.

ServerName localhost

Save the file by pressing Ctrl + X and entering Y when prompted.

Verify your Apache configuration.

$ httpd -t
Syntax OK

Go back and press Enter to continue your Passenger installation. It will perform some checks, and you should see the following message on its successful completion.

Deploying a web application

To learn how to deploy a web app on Passenger, please follow the deployment
guide:

  https://www.phusionpassenger.com/library/deploy/apache/deploy/

Enjoy Phusion Passenger, a product of Phusion® (www.phusion.nl) :-)
https://www.phusionpassenger.com

Passenger® is a registered trademark of Phusion Holding B.V.

Restart your Apache server.

$ sudo systemctl restart httpd

Your website should be available at http://redmine.example.com:3000.

This is not the perfect way to access Redmine. It is still being served via the insecure HTTP protocol and uses a port number. We will install Nginx to act as a reverse proxy and serve Redmine using HTTPS protocol to improve this. Before moving to the Nginx installation and configuration, we need to set up the SSL certificate.

Step 8 - Install SSL

To install an SSL certificate using Let's Encrypt, we need to install the Certbot tool. Run the following commands to install Certbot.

$ sudo dnf install certbot

Stop Apache server.

$ sudo systemctl stop httpd

Generate the SSL certificate.

$ sudo certbot certonly --standalone --agree-tos --no-eff-email --staple-ocsp --preferred-challenges http -m [email protected] -d redmine.example.com

The above command will download a certificate to the /etc/letsencrypt/live/redmine.example.com directory on your server.

Start Apache server.

$ sudo systemctl start httpd

Generate a Diffie-Hellman group certificate.

$ sudo openssl dhparam -out /etc/ssl/certs/dhparam.pem 2048

Create a challenge webroot directory for Let's Encrypt auto-renewal.

$ sudo mkdir -p /var/lib/letsencrypt

Create a Cron Job to renew the SSL. It will run every day to check the certificate and renew if needed. For that, first, create the file /etc/cron.daily/certbot-renew and open it for editing.

$ sudo nano /etc/cron.daily/certbot-renew

Paste the following code.

#!/bin/sh
certbot renew --cert-name redmine.example.com --webroot -w /var/lib/letsencrypt/ --post-hook "systemctl restart nginx"

Save the file by pressing Ctrl + X and entering Y when prompted.

Change the permissions on the task file to make it executable.

$ sudo chmod +x /etc/cron.daily/certbot-renew

Step 9 - Install and Configure Nginx as Reverse-proxy

Rocky Linux 8 ships with four different versions of Nginx - 1.14, 1.16, 1.18 and 1.20.

List all the available Nginx modules.

$ dnf module list nginx
Last metadata expiration check: 20:23:20 ago on Mon 03 Jan 2022 12:38:07 PM UTC.
Rocky Linux 8 - AppStream
Name                      Stream                       Profiles                      Summary
nginx                     1.14 [d]                     common [d]                    nginx webserver
nginx                     1.16                         common [d]                    nginx webserver
nginx                     1.18                         common [d]                    nginx webserver
nginx                     1.20                         common [d]                    nginx webserver

Extra Packages for Enterprise Linux Modular 8 - x86_64
Name                      Stream                       Profiles                      Summary
nginx                     mainline                     common                        nginx webserver
nginx                     1.20                         common [d]                    nginx webserver

Hint: [d]efault, [e]nabled, [x]disabled, [i]nstalled

Reset other versions and enable the 1.20 version of Nginx.

$ sudo dnf module reset nginx
$ sudo dnf module enable nginx:1.20

Install Nginx. We are temporarily disabling the Epel repository since we want to grab Nginx from the Appstream.

$ sudo dnf install nginx --disablerepo=epel-modular

Verify the installation.

$ nginx -v
nginx version: nginx/1.20.0

To avoid any conflict with Nginx, we need to change the default port Apache is listening to.

Change Apache Listening Port

Open the file /etc/httpd/conf/httpd.conf for editing.

$ sudo nano /etc/httpd/conf/httpd.conf

Change the port from 80 to 8080 as follows.

Listen 8080

Save the file by pressing Ctrl + X and entering Y when prompted.

Restart Apache.

$ sudo systemctl restart httpd

Configure Nginx

Create and open the file /etc/nginx/conf.d/redmine.conf for editing.

$ sudo nano /etc/nginx/conf.d/redmine.conf

Paste the following code in it.

# Redirect all non-encrypted to encrypted
server {
    listen 80;
    server_name redmine.example.com;
    return 301 https://$host$request_uri;
}

server {
    listen 443 ssl http2;

    server_name redmine.example.com;

    ssl_certificate     /etc/letsencrypt/live/redmine.example.com/fullchain.pem;
    ssl_certificate_key /etc/letsencrypt/live/redmine.example.com/privkey.pem;
	ssl_trusted_certificate /etc/letsencrypt/live/redmine.example.com/chain.pem;
	
	ssl_session_timeout  5m;
    ssl_session_cache shared:MozSSL:10m;
    ssl_session_tickets off;

    ssl_protocols TLSv1.2 TLSv1.3;
    ssl_prefer_server_ciphers on;
    ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384;
    ssl_ecdh_curve X25519:prime256v1:secp384r1:secp521r1;
    ssl_stapling on;
    ssl_stapling_verify on;
    ssl_dhparam /etc/ssl/certs/dhparam.pem;
    resolver 8.8.8.8;

    access_log /var/log/nginx/redmine.example.com.access.log main;
    error_log  /var/log/nginx/redmine.example.com.error.log;
	
	location / {
        proxy_pass          http://localhost:3000;
        proxy_redirect      off;
        proxy_buffering     off;
        proxy_set_header    Host $host;
        proxy_set_header    X-Real-IP $remote_addr;
        proxy_set_header    X-Forwarded-For $proxy_add_x_forwarded_for;
    }
}

Save the file by pressing Ctrl + X and entering Y when prompted once finished.

Open the file /etc/nginx/nginx.conf for editing.

$ sudo nano /etc/nginx/nginx.conf

Add the following line before the line include /etc/nginx/conf.d/*.conf;.

server_names_hash_bucket_size  64;

Save the file by pressing Ctrl + X and entering Y when prompted.

Verify the Nginx configuration file syntax.

$ sudo nginx -t
nginx: the configuration file /etc/nginx/nginx.conf syntax is ok
nginx: configuration file /etc/nginx/nginx.conf test is successful

Start the Nginx service to enable the new configuration.

$ sudo systemctl start nginx

Your Redmine application should be accessible at https://redmine.example.com.

Conclusion

This concludes our tutorial where you learned how to install Redmine Project Manager on a Rocky Linux 8 based server. You also learned to serve the Redmine application via Nginx using HTTPS protocol. If you have any questions, post them in the comments below.

Share this page:

2 Comment(s)