Redmine on Debian 10

Install

Instal Requirements

Passenger

Passenger will be the the application server to run Ruby on Rails app.

apt-get install -y dirmngr gnupg
apt-key adv --keyserver hkp://keyserver.ubuntu.com:80 --recv-keys 561F9B9CAC40B2F7
apt-get install -y apt-transport-https ca-certificates
sh -c 'echo deb https://oss-binaries.phusionpassenger.com/apt/passenger buster main > /etc/apt/sources.list.d/passenger.list'
apt update

Packages

apt install ruby-dev mariadb-server libmariadb-dev git imagemagick ghostscript build-essential patch zlib1g-dev liblzma-dev nginx libnginx-mod-http-passenger certbot python3-certbot-nginx -y

Redmine

Download Redmine from here.

wget https://www.redmine.org/releases/redmine-4.1.1.tar.gz

Check the checksum:

sha256sum redmine-4.1.1.tar.gz

Extract the tar file:

tar -xf redmine-4.1.1.tar.gz -C /var/www

Create a link for easier version management:

ln -s /var/www/redmine-4.1.1/ /var/www/redmine

Configure MariaDB

Initialize MariaDB:

mysql_secure_installation

Create the database for Redmine:

mysql -u root -p
create database [REDMINEDB] character set utf8mb4;
grant all on [REDMINEDB].* to [REDMINEUSER]@localhost identified by 'S3cur3P4ssw0rd';
flush privileges;
quit;

Configure Redmine

cd /var/www/redmine/
cp config/database.yml.example config/database.yml
nano config/database.yml
production:
  adapter: mysql2
  database: [REDMINEDB]
  host: localhost
  username: [REDMINEUSER]
  password: "S3cur3P4ssw0rd"
  encoding: utf8mb4
gem install bundler
bundle install --without development test
bundle exec rake generate_secret_token
RAILS_ENV=production bundle exec rake db:migrate
RAILS_ENV=production bundle exec rake redmine:load_default_data
chown -R www-data:www-data /var/www/redmine/

Because of Passenger’s sandboxing system, Redmine will be running as www-data.

Verify it later with ps:

ps aux | grep redmine
...
www-data 19895  0.0  8.7 484136 173532 ?       Sl   Jun20   0:06 Passenger AppPreloader: /var/www/redmine (forking...)

Get a certificate from Let’s Encrypt

certbot certonly --nginx -d example.com --rsa-key-size 4096

Configure Nginx

A basic Nginx config:

# https
server {

        listen [::]:443 ssl http2;
        listen 443 ssl http2;

        ssl_certificate /etc/letsencrypt/live/example.com/fullchain.pem;
        ssl_certificate_key /etc/letsencrypt/live/example.com/privkey.pem;

        root /var/www/redmine/public;
        server_name example.com;

        passenger_enabled on;
        passenger_ruby /usr/bin/ruby;
        passenger_sticky_sessions on;
}

# redirect http to https
server {

        listen 80;
        listen [::]:80;
        server_name  example.com;
 
        return 301 https://$host$request_uri;
}

Append passenger_show_version_in_header off; to the http context to hide Passenger version number.

Configure

SMTP

To use your own SMTP server edit configuration.yml:

nano /var/www/redmine/config/configuration.yml
  email_delivery:
    delivery_method: :smtp
    smtp_settings:
      address: smtp.example.com
      port: 587
      domain: example.com
      enable_starttls_auto: true
      authentication: :login
      user_name: redmine@example.com
      password: SmtpP4ssw0rd

Attachment storage path

For the easier version management, store the attachments outside of the web root. I made a directory in /etc:

mkdir -p /etc/redmine/storage
chown -R www-data:www-data /etc/redmine

Modify configuration.yml:

nano /var/www/redmine/config/configuration.yml
  attachments_storage_path: /etc/redmine/storage