Tag Archive: Apache


CI With Jenkins on Ubuntu 16.04 – Part 1: Installation and Configuration

Filed under: Continuous Integration, Jenkins, PHP, TomcatLeave a comment
March 8, 2017

Introduction

About four years ago I wrote a series of posts covering installing Jenkins on Ubuntu 12.04 with Tomcat 6 and using Jenkins for PHP Continuous Integration.  A lot of the tools for PHP CI where provided via pear, but things have changed since then.  For starters, phpUnit as of version 4.0 was no longer provided by the channel pear.phpunit.de and should be installed by other means.

So in this new set of posts I plan to cover the following:

  • Installing the needed prerequisites
  • Globally installing Composer
  • Installing the PHP CI tools with Composer
  • Installing Tomcat 8.x
    • Installing Tomcat APR
    • Installing TCNative
  • Installing Jenkins
  • Configuring Apache to act as a SSL handler and proxy for Tomcat 8
    • TLSv1.2 and appropriate ciphers
    • HSTS (HTTP Strict Transport Security)
    • Port 80 redirect with 301 response code to 443
    • OCSP Stapling
    • Proxy Setup in Apache

 

Installing the Needed Prerequisites

In this section we are going to install several packages via apt-get, from Oracle-Java-8 to PHP 7.1

Installing Oracle Java 8

  1.  Add the Oracle Java PPA to apt-get 
    add-apt-repository ppa:webupd8team/java
  2. Update apt-get and install Oracle Java 8 
    apt-get update; sudo apt install oracle-java8-installer
  3. Agree to the license agreement.
  4. Edit /etc/environment 
    vim /etc/environment
  5. add the following line 
    JAVA_HOME="/usr/lib/jvm/java-8-oracle"
  6. Save the file and relaunch the terminal to use the updated environment

 

Installing PHP 7.1

  1. Add the PPA for PHP 7.1 
    add-apt-repository ppa:ondrej/php
  2. Update with “apt-get update”
  3. Install the many PHP 7.1 libraries via apt-get
    • php7.1
    • php7.1-cli
    • php7.1-common
    • php7.1-curl
    • php7.1-dev
    • php7.1-fpm
    • php7.1-iconv
    • php7.1-intl
    • php7.1-json
    • php7.1-ldap
    • php7.1-mbstring
    • php7.1-mcrypt
    • php7.1-mysql
    • php7.1-opcache
    • php7.1-pdo
    • php7.1-pgsql
    • php7.1-xdebug
    • php7.1-xsl
    • php7.1-xml
    • php-pear
    apt-get install php7.1 php7.1-cli php7.1-common php7.1-curl php7.1-dev php7.1-fpm php7.1-iconv php7.1-intl php7.1-json php7.1-ldap php7.1-mbstring php7.1-mcrypt php7.1-mysql php7.1-opcache php7.1-pdo php7.1-pgsql php7.1-xdebug php7.1-xsl php7.1-xml php-pear

 

Install Subversion 1.9

  1. Add the WanDisco Repository 
    sh -c 'echo "deb http://opensource.wandisco.com/ubuntu `lsb_release -cs` svn19" >> /etc/apt/sources.list.d/subversion19.list'

wget -q http://opensource.wandisco.com/wandisco-debian.gpg -O- | sudo apt-key add -

apt-get update
  2. Install subversion 1.9 
    apt-get install subversion

 

Install Other Needed Libraries

There are a few more needed packages/libraries we need to install before we can move on

apt-get install graphviz python-software-properties build-essential git ant libxml2-utils libcrypt-openssl-dsa-perl maven libapache2-mod-proxy-html libxml2-dev

 

 

Globally Installing Composer

Since PHPUnit is now no longer on pear.phpunit.de, the new method of installing these tools uses Composer.  Which after a little setup, isn’t all the bad to use.

Setting up Composer globally is pretty easy with just a few commands

  1. Download composer 
    curl -sS https://getcomposer.org/installer | php
  2. Move composer.phar into place 
    mv composer.phar /usr/local/bin/composer
  3. Make sure composer is executable 
    chmod +x /usr/local/bin/composer

 

 

Installing the PHP CI Tools With Composer

For this section, we will create a centrally accessible location for our PHP CI tools to reside and then use a simple composer.json file for the installation.  I could go with several composer commands instead, but this is far easier.

  1. Create a central location for the tools to be installed to 
    mkdir -p /opt/composer/vendor
  2. Create the composer.json file 
    {
    "config": {
         "vendor-dir": "/opt/composer/vendor"
    },

    "require-dev": {
         "phpunit/phpunit": "^6.0",
         "doctrine/annotations": "^1.3"
    },

    "require": {
         "phpunit/dbunit": "^3.0",
         "symfony/console": "2.8.9",
         "phing/phing": "^2.16",
         "sebastian/phpcpd": "2.0.4",
         "phploc/phploc": "^3.0",
         "phpmd/phpmd": "^2.6",
         "squizlabs/php_codesniffer": "^2.8",
         "phpdocumentor/reflection-docblock": "~2.0",
         "symfony/config": "~2.8",
         "symfony/filesystem": "~2.8",
         "symfony/finder": "~2.8",
        "phpdocumentor/phpdocumentor": "2.9"
    }
}

    Alternatively, you can download the file here

     

  3.  Install the libraries/bundles (In the directory that you made composer.json or where ever you places it). 
    composer install
  4. Add the following to the PATH variable line in /etc/environment to update the path for  all of the users 
    :/opt/composer/vendor/bin/
  5. Close and re-open your terminal to have the new environment take effect

 

 

Installing Tomcat 8.x

This part will be pretty easy to do as I’m going to use the apt-get version and not the source version.  Apache will be handling our front end SSL and other things, so we just need Tomcat to serve the application.

  1. Install tomcat8 
    apt-get install tomcat8

 

For the next two sections, if you do not want to do an install from source for APR or TC-Native, you can just install the libraries from apt-get, if you are happy with the versions in the repository for your ubuntu version.

apt-get install libapr1 libtcnative-1

 

Installing Tomcat APR

  1. Download the APR source from the Apache Portable Runtime Project 
    wget http://mirrors.advancedhosters.com/apache/apr/apr-1.5.2.tar.gz
  2. Move the and extract the tar file to /opt 
    mv apr-1.5.2.tar.gz /opt
cd /opt
tar xvf apr-1.5.2.tar.gz
  3.  Change to the directory and run the following 
    cd apr-1.5.2
./configure
make
make install

Installing TC Native

  1. Download the source from Apache’s Site or use wget to download it. 
    wget http://mirrors.ocf.berkeley.edu/apache/tomcat/tomcat-connectors/native/1.2.12/source/tomcat-native-1.2.12-src.tar.gz
  2. Extract the tar file and move into the new directories native directory 
    tar xvf tomcat-native-1.2.12-src.tar.gz
cd tomcat-native-1.2.12/native
  3. Configure TC-Native 
     ./configure --with-apr=/usr/local/apr/bin/apr-1-config --with-java-home=/usr/lib/jvm/java-8-oracle --with-ssl=yes --prefix=/usr/share/tomcat8
  4. Make and install 
    make
make install
  5. Create or edit setenv.sh
    Under /usr/share/tomcat8/bin there should be a file called setenv.sh, if there is not, created it with your favorite editor and set its contents to the following

    LD_LIBRARY_PATH=$LD_LIBRARY_PATH:$CATALINA_HOME/lib
export LD_LIBRARY_PATH
  6. Restart Tomcat 8 and check or watch with “tail -f”, /var/log/tomcat/catalina.out for the line where APR and TC Native is loaded, to make sure all went as expected.
  7. Open a browser and navigate to http://<your ip or server here>:8080 to see if tomcat is up and running
  8. Edit /etc/tomcat/server.xml with your favorite editor and uncomment the apr line in the file, while setting it’s ssl attribute to false so it looks like 
    <Listener className="org.apache.catalina.core.AprLifecycleListener" SSLEngine="off" />
  9. Change the connector for port 8080 to look like the following:
    note: remove the address= part if you want to test the page without apache first as it restricts access to only that address.

    <Connector port="8080" protocol="org.apache.coyote.http11.Http11AprProtocol"
               connectionTimeout="20000"
               URIEncoding="UTF-8"
               server="Apache"
               maxThreads="150"
               address="127.0.0.1"/>
  10. Save server.xml and restart tomcat

 

 

Installing Jenkins

The installation of Jenkins is pretty easy and doesn’t have a lot of configuration

  1. Make the home directory for jenkins in /opt/jenkins 
    mkdir /opt/jenkins
  2. Add the following home directory environment variable definition to tomcat8 in /etc/init.d/tomcat8 
    #JENKINS HOME
JENKINS_HOME=/opt/jenkins
export JENKINS_HOME
  3. Download the version Jenkins you want (I’m using the LTS version) from the Jenkins-CI site or download it with wget, like so: 
    wget http://mirrors.jenkins.io/war-stable/latest/jenkins.war
  4. Make jenkins.war the root site of tomcat8 (you don’t have to do this, you could just copy it over to webapps, but you will need to append /jenkins to the proxy configuration when you get there) 
    mv jenkins.war /var/lib/tomcat8/webapps/ROOT.war
  5. Restart Jenkins 
    service tomcat8 restart

 

 

Configuring Apache to Act as an SSL Handler and Proxy for Tomcat 8

Since Apache is already installed by installing PHP 7.1, we can move straight on to the configuration and enabling the needed mods.

First, we are going to enable the needed mods: headers, proxy, proxy_connect, proxy_html, proxy_http, rewrite, and ssl.

  1. enable needed mods 
    a2enmod headers
a2enmod rewrite
a2enmod ssl
a2enmod proxy
a2enmod proxy_http
a2enmod proxy_html
  2. Restart Apache to enable the modsservice apache2 restart

 

TLSv1.2 and appropriate ciphers

For this particular install we are going to use TLS 1.2 only and a handful of high security ciphers.  For your users to use your site, they will need to be running the following clients or higher:

  • Android 5.0
  • Chrome 30
  • Edge
  • Firefox 27
  • IE 11 on Windows 7
  • Java 8
  • Opera 17
  • Safari 9

 

The first thing you will need to be able to perform the steps in this section, is to have an SSL cert, either self signed or not.  Once you have that and have placed it (I tend to prefer to put them under /etc/ssl/private), you will need to tell Apache where it is.  After which , we can set what ciphers are allowed and what versions of SSL will be accepted.

  1. Edit /etc/apache2/sites-available/default-ssl.conf
  2. Add the following lines 
    SSLEngine on

SSLCertificateChainFile /etc/ssl/private/<your chain cert>.crt
SSLCertificateFile /etc/ssl/private/<your cert>.crt
SSLCertificateKeyFile /etc/ssl/private/<your cert key>.key

SSLProtocol -all +TLSv1.2

SSLCipherSuite EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:ECDHE-RSA-AES128-SHA:DHE-RSA-AES128-GCM-SHA256:AES256+EDH:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384
  3. Save and then restart apache2

 

If these ciphers are too restrictive for your, please check the following resources for some more cipher and TLS options.

Mozilla- Server Side TLS
OWASP – Securing Tomcat (Although this is for Tomcat, the translation to Apache is pretty easy)

HSTS (HTTP Strict Transport Security)

By enabling HSTS, your browser is instructed to always use HTTPS when communicating with your site, and it is quiet easy to turn on.

  1.  Add the following line to your ssl vhost definition for apache, /etc/apache2/sites-available/default-ssl.conf 
    Header always set Strict-Transport-Security "max-age=86300; includeSubdomains;"


    In the above line max-age should be around a week or less than a day

 

Port 80 Redirect with 301 Response Code to 443

Now that we have HSTS setup and SSL, we should default our site to use SSL.  To do so, we will edit the default VHost for port 80 to redirect to the same URL, but with https and a response of 301.

  1. Edit /etc/apache2/sites-available/000-default.conf and make it look like the following 
    <VirtualHost *:80>
        ServerAdmin webmaster@localhost
        ErrorLog ${APACHE_LOG_DIR}/error.log
        CustomLog ${APACHE_LOG_DIR}/access.log combined

       <IfModule mod_rewrite.c>
               RewriteEngine On
               RewriteCond %{HTTPS} off
               RewriteRule (.*) https://%{SERVER_NAME}$1 [R=301,L]
       </IfModule>
</VirtualHost>

 

OCSP Stapling

OCSP Stapling delivers certificate revocation information during the TLS handshake and can improve performance  of TLS when using HTTPS.  To use this, we simply need to enable it and specify a cache location.

  1.  Specify a cache location by adding the following line to the top of your default-ssl.conf vhost 
    SSLStaplingCache shmcb:/tmp/stapling_cache(128000)
  2. Add the following line somewhere in the <VirtualHost _default_:443> block of the same file 
    SSLUseStapling on
  3.  Restart Apache2 
    service apache2 restart
  4. Check of your cert is using OCSP as you expect 
    openssl.exe s_client -connect [yoursite.com]:443 -status

    You should see a line in the OCSP Response Data section like “OCSP Response Status: successful (0x0)

 

Proxy Setup in Apache

Having Apache act as an SSL handler for Tomcat is not too hard to setup and allows us to use the SSL Ciphers we want to use, without having to deal the capabilities of the Java version we have installed.

To set this up we need to add the following lines to our default-ssl.conf in the VirtualHost definition block.

ProxyRequests Off
ProxyPreserveHost On
AllowEncodedSlashes NoDecode

<Proxy *>
    Order deny,allow
    Allow from all
</Proxy>

ProxyPass        / http://localhost:8080/ nocanon
ProxyPassReverse / http://localhost:8080/
ProxyPassReverse / http://your_server_url.com/

# lets jenkins know SSL is being handled elsewhere
RequestHeader set X-Forwarded-Proto "https"
RequestHeader set X-Forwarded-Port "443"

Tags: , , , , , , , , , , ,
Comment

Installing OCI8 on Ubuntu

Filed under: PHP14 Comments
November 2, 2011

If you are planning on using the oracle functions in PHP, you will need to install OCI8. Before you begin you will need to create an account with oracle or have access to the instant client basic install file and sdk file for your linux architecture.

Prerequisites for installing OCI8

  • sudo (you will be doing the command line parts as sudo).
  • An account on the oracle  website so you can download the instant client files.
  • A working Apache and PHP installation.

Installing the Oracle Instant Client Files

  1. Download the Oracle Instant Client for Linux (Both the Basic and SDK versions) from here.  Make sure you choose the correct architecture for your Ubuntu installation (32bit is x86, 64bit is x86_64).
  2. Copy the files just downloaded to your Ubuntu server using scp or the WinSCP application for windows.
  3. ssh into your ubuntu server using your favorite ssh client
  4. Install PECL, PHP Development files, Build Essential, Unzip, and the AIO Library 
    apt-get install php-pear php5-dev build-essential unzip libaio1
  5. Create the oracle directory 
    mkdir /opt/oracle
  6. Move the downloaded files 
    mv instantclient-* /opt/oracle
  7. Unzip the files using the unzip command (unzip <filename>)
  8. Rename the created directory 
    mv instantclient_11_2 instantclient
  9. cd into the instant client directory and create the following soft links 
    ln -s libclntsh.so.11.2 libclntsh.so
ln -s libocci.so.11.2 libocci.so
  10. cd to  /opt
  11. set the permissions on the directory 
    chown -R root:www-data /opt/oracle
  12. Add the instant client to the the ld config files 
    echo /opt/oracle/instantclient > /etc/ld.so.conf.d/oracle-instantclient
  13. Update the Dynamic Linker Run-Time Bindings 
    ldconfig

Installing OCI 8 and Configuring Apache

  1. Install OCI8 using PECL 
    pecl install 0ci8
  2. When you are pompted for the client location enter the following: 
    instantclient,/opt/oracle/instantclient
  3. Add the extension to the php.ini files 
    echo extension=oci8.so >> /etc/php5/apache2/php.ini
echo extension=oci8.so >> /etc/php5/cli/php.ini
  4. Restart Apache 
    /etc/init.d/apache2 restart
  5. Verify the installation of the OCI8 library by creating a simple phpinfo page. 
    touch info.php; echo "<?php phpinfo(); ?>" > info.php
  6. Navigate to the page using your favorite web browser and confirm the OCI8 section is present.
Tags: , , , ,
Comment

Installing the MSSQL Libraries for PHP on Linux

Filed under: PHP1 Comment
November 1, 2011

Although the libraries to work with Microsoft SQL Server used to be included with PHP, this is no longer the case. If you are using an IIS server, Microsoft has been gracious enough to provide drivers that use the native SQL client called SqlSrv; however, Linux users do not have access to this driver. To work with SQL Server 2008 on linux, you will need to install the FreeTDS libraries.

Installation and Configuration of FreeTDS

Note: You will need sudo access to do this procedure

  1. Install the Sysbase library for PHP (FreeTDS is provided with this) 
    sudo apt-get install php5-sybase
  2.  Configure the freetds.conf file to use version 8.0 (this is necessary to work with MSSQL 2008, if you do not do this you will encounter odd behavior) 
    sudo vim /etc/freetds/freetds.conf
  3. Change this line under the [global] section 
    ;       tds version = 4.2

    to

    tds version = 8.0
  4. Restart Apahce 
    sudo /etc/init.d/apache2 restart
Tags: , , , , ,
Comment

Setting up Redmine on a fresh Ubuntu Install

Filed under: RedmineLeave a comment
April 17, 2011

Redmine is a robust project management solution for software development teams to use.  Some of the features that Redmine offers are SVN integration, Issue tracking, RSS feeds, and LDAP Authentication.  Below I will detail the installation process, and pre-installation requirements for setting up and configuring your own Redmine server.

Before we begin though you should be comfortable with the following:

  • linux command line
  • using sudo
  • using vim or vi (we are not doing much, just editing and saving)

For this tutorial, all commands are done using superuser (sudo su), or you can prefix sudo to each command.

Package Installations

Optional Installs

Since this tutorial is for a completely new install of Ubuntu with no additional packages selected during installation, there are a few packages that need to be installed.

Install Vim

Throughout this tutorial, I will be using vim to edit files.  If you are unfamiliar with vim or vi you may want to use another file editor.

  1. Install Vim 
    apt-get install vim

Install SSH

If SSH has not been installed on the Ubuntu server you are using, it is recommend that you install it.  Although not necessary, it makes the rest of the tutorial easier.

  1. Install SSH 
    apt-get install ssh
  2. Configure SSH to deny root logon. 
    vim /etc/ssh/sshd_config

    Change the line

    PermitRootLogin yes

    to

    PermitRootLogin no
  3. Restart SSH 
    /etc/init.d/sshd restart

Now you will be able to connect to your Ubuntu server using an ssh client like putty.

Required Installs

Since Redmine will be working with subversion, Apache, PostgreSQL (you can use MySQL if you like), ruby, rails, passenger, etc; there are a lot of packages to install.

Apt-get Installs

  1. Install the following packages using apt-get install
    • apache2-threaded-dev
    • build-essential
    • libapache2-mod-passenger
    • libapache2-mod-perl2
    • libapache2-svn
    • libapache-dbi-perl
    • libauthen-simple-ldap-perl
    • libcurl4-openssl-dev
    • libdbd-pg-perl
    • libdbd-pg-ruby1.8
    • libdigest-sha1-perl
    • libgemplugin-ruby1.8
    • libmagick9-dev
    • libruby1.8-extras
    • php5
    • php5-curl
    • php5-dev
    • php5-pgsql
    • postgresql
    • rails
    • rake
    • ruby1.8-dev
    • rubygems1.8
    • sendmail
    • subversion

Gem Installs

Redmine runs with ruby on rails and uses several ruby gems.  To install these gems, run the following commands.

  1. gem install rails -v=2.3.5
  2. gem install rack -v=1.0.1 (should been installed by the previous command)
  3. gem install rmagick
  4. gem install passenger
  5. gem install pg
  6. gem install -v=0.4.2 i18n

Redmine Install

This section details the installation and configuration setups for the command line part the installation.

PostgreSQL database setup

  1. Sudo as the user postgres and connect to the default database 
    sudo –u postgres psql postgres
  2. Create the redmine database user “redmine” 
    CREATE ROLE redmine LOGIN ENCRYPTED PASSWORD 'somePassword' NOINHERIT VALID UNTIL 'infinity';
  3. Create the database for Redmine called redmine 
    CREATE DATABASE redmine WITH ENCODING='UTF8' OWNER=redmine;
  4. Exit out of psql 
    \q

Installing Redmine Files

  1. Create the Redmine install directory 
    mkdir /opt/redmine
  2. Checkout the stable Redmine installation 
    svn co http://redmine.rubyforge.org/svn/branches/1.1-stable /opt/redmine
  3. Enter the Redmine installation directory 
    cd /opt/redmine
  4. Setup permissions for Apache 
    chown -R www-data:www-data files log tmp public/plugin_assets/
chmod -R 755 files log tmp public/plugin_assets/

Configure the Redmine Database Settings

  1. Change directory to the config directory 
    cd /opt/redmine/config
  2. Create the database configuration file 
    cp database.yml.example database.yml
  3. Edit the database configuration file 
    vim database.yml
  4. Make the production setting look like this 
    production:
  adapter: postgresql
  database: redmine
  host: localhost
  username: redmine
  password: your_redmine_database_password
  encoding: utf8
  5. Save the file (press esc, type :wq, press enter)

Configure the Redmine Email Settings

  1. Change directory to the config directory 
    cd /opt/redmine/config
  2. Create the email configuration file 
    cp email.yml.example email.yml
  3. Edit the email configuration file 
    vim email.yml
  4. Make the production setting look like this 
    production:
  delivery_method::sendmail
  #smtp_settings:
  #address: smtp.example.net
  #port: 25
  #domain: example.net
  #authentication::login
  #user_name: "redmine@example.net"
  #password: "redmine"
  5. Save the file

Setup the Redmine Database

  1. Change directory to /opt/redmine 
    cd /opt/redmine
  2. Generate the session store 
    rake generate_session_store
  3. Migrate the database (this is a command to run) 
    RAILS_ENV=production rake db:migrate
  4. Load the default information into the database 
    RAILS_ENV=production rake redmine:load_default_data
  5. You will be prompted for what language you would like to use.  Press enter for English.
  6. Press Enter again

Apache Configuration

Setup passenger

  1. Enable Passenger 
    a2enmod passenger
  2. Edit the Passenger configuration file 
    vim /etc/apache2/mods-available/passenger.conf
  3. Add the line 
    PassengerDefaultUser www-data

Link the Redmine.pm file

  1. Change directory to Apaches perl module directory 
    cd /usr/lib/perl5/Apache
  2. Create a softlink to the Redmine.pm file 
    ln -s /opt/redmine/extra/svn/Redmine.pm Redmine.pm

Link to the Redmine public folder

  1. Change directory to the document root for Apache 
    cd /var/www
  2. Create a softlink to the public folder of redmine 
    ln -s /opt/redmine/public redmine

Create the SVN Repositories Directory and Set Permissions

  1. Create the repository directory 
    mkdir -p /var/svn/repos
  2. Set permissions for Apache 
    chown -R www-data:root /var/svn

Create a SSL Certificate for the Site

If your site already has a signed SSL certificate from a legitimate certificate authority, you can skip this part of the tutorial.

  1. Create a self signed ssl cert 
    openssl req -new -x509 -days 365 -nodes -out /etc/ssl/certs/cert.pem -keyout /etc/ssl/certs/cert.pem
  2. Enter in your information companies’ for each prompt, or accept the defaults

Enable Needed Apache Modules and Create the Redmine Site

  1. Enable the following Apache modules using the a2enmod command
    • dav_svn
    • perl
    • ssl
    • rewrite
  2. Create the Redmine site file
  3. vim /etc/apache2/sites-available/redmine
  4. Set the contents of the redmine site file to
  5. <VirtualHost _default_:443>
     ServerAdmin webmaster@localhost
     DocumentRoot /var/www
     PerlLoadModule Apache::Redmine
     PerlLoadModule Authen::Simple::LDAP
     # PerlLoadModule IO::Socket::SSL
     RailsEnv production
     RailsBaseURI /redmine
    <Directory /opt/redmine/public>
         Options FollowSymLinks
         AllowOverride none
         Order deny,allow
         Allow from all
    </Directory>
    #This holds the configuration for the web accessible svn     
    <Location /svn>
        DAV svn
        SVNParentPath "/var/svn/repos"
        AuthType Basic
        AuthName redmine
        Require valid-user
        PerlAccessHandler Apache::Authn::Redmine::access_handler
        PerlAuthenHandler Apache::Authn::Redmine::authen_handler
        RedmineDSN "DBI:Pg:dbname=redmine;host=localhost"
        RedmineDbUser "redmine"
        RedmineDbPass "your_redmine_password"
        RedmineCacheCredsMax 50
    </Location>
    #Used by reposman.rb to create repos for new Redmine projects 
    <Location /sys>
        Order deny,allow
        Allow from 10.30.100.202, 127.0.0.1
        Deny from all
    </Location>
    SSLEngine on
    SSLCertificateFile /etc/ssl/certs/cert.pem
    SSLCertificateKeyFile /etc/ssl/certs/cert.pem
</VirtualHost>
  6. Save the file
  7. Restart Apache (if all is good, Apache should start without error) 
    /etc/init.d/apache2 restart

Setup Automatic Subversion Repository Creation

  1. Make the Redmine log file location 
    mkdir /var/log/redmine
  2. Create the log file 
    touch /var/log/redmine/reposman_errors.log
  3. Edit the Crontab (you may want to make a backup first) 
    crontab -e
  4. Select an editor from the presented list (I selected nano, number 2)
  5. Add this line to the bottom of the file (this is one continuous line broken up for readability),  This line tells the cron to run this job every minute. 
    * * * * * ruby /opt/redmine/extra/svn/reposman.rb -r https://your_server_ip/redmine -s
/var/svn/repos -o www-data --url file:///var/svn/repos >>
/var/log/redmine/reposman_errors.log #Add new repos for projects
  6. Press Ctrl + O to save the file
  7. Press Enter to confirm the file name
  8. Press Ctrl + X to exit nano

Optional Configurations

Disable Directory Browsing in Apache

We do not want people to be able to browse the files in our webroot, so let’s block that.

  1. Edit the default site configuration file
  2. vim /etc/apache2/sites-available/default
  3. Under the <Directory /var/www> section add a – infront of the word Indexes so the line looks like this 
    Options -Indexes FollowSymLinks MultiViews
  4. Do the same for /etc/apache2/sites-available/default-ssl
  5. Restart Apache 
    /etc/init.d/apache2 restart

Redirect all HTTP traffic to HTTPS

  1. Edit the default site configuration file 
    vim /etc/apache2/sites-available/default
  2. Add the following lines after the DocumentRoot statement (do not change SERVER_NAME or SERVER_PORT, they are variables) 
    RewriteEngine on
RewriteCond   %{SERVER_PORT} ^80$
RewriteRule   ^(.*)$ https://%{SERVER_NAME}$1 [L,R]
RewriteLogLevel 2
  3. Restart Apache 
    /etc/init.d/apache2 restart

Configuring The Rest of Redmine Via a Web Browser

  1. Open Firefox or you favorite browser and navigate to https://yourIPAddress/redmine.  For example, https://example.page.com/redmineYou should see this page:
    "The Redmine Uconfigured Main Page"

Change the admin account information (defaults are bad!)

  1. Click the “sign in” link in the upper right corner of the page.
  2. Sign in with the following credentials 
    username: admin
password: admin
  3. Click the “Administration” link in the upper left part of the page
  4. Click the “Users” link
  5. Click the username (which is a link) of the admin user
  6. Change the accounts information (especially the password)
  7. Click the save button

Configure the Redmine Server Settings

  1. After signing in as a user with administrator rights, click the “Administration” link in the upper left part of the screen
  2. Click the Settings link
  3. Under the General tab
    1. Change Host Name and Path from localhost:3000 to your.server.com/redmine (ex. example.demo.com/redmine)
    2. Change Protocol from HTTP to HTTPS
    3.  Click the Save button
  4. Under the Authentication tab
    1. Check “Authentication Required”
    2. Check “Enable REST Web Service”
    3. Change Minimum Password Length from 4 to 8
    4. Click the Save button
  5. Under the Projects tab
    1. Change the “Role given to non-admin users who creates a project” from “–Please Select–” to Manager
    2. Click the Save button
  6. Under the Email Notifications tab
    1. Change the “http://hostname/my/account&#8221; part in the “Emails footer” field to https://yourSeverAddress/redmine/my/account (for example: https://demo.example.com/redmine/my/account)
    2. Click the Save button
  7. Under the Repositories tab
    1. Check “Enable WS for repository management”
    2. Check “Filesystem”
    3. Click the Save button

Add LDAP Authentication (Optional)

  1. Click the Administration link in the upper left corner of the page
  2. Click the LDAP Authentication link
  3. Click the New Authentication Mode link
  4. Fill out the form as shown below, substituting in your own Active Directory domain information.  Do not alter the values for the Attributes section, these are domain type specific.
  5. If you want to manually create users who authenticate against AD, then uncheck “On-the-fly  user Creation”, else their account will be created on the first login attempt.
  6. Click the Create button.  If all went well, you should be able to authenticate against Active Directory.
  7. When creating new accounts, you will now have to select what authentication source you want to use.

Creating Your First Redmine Project

  1. Click the Projects link in the upper left corner of the page
  2. Click the New Project link
  3. Enter a Name for the project
  4. Enter a Identifier for the project
  5. The identifier is user to access your svn repository, so if you have an identifier of tstprj your
  6. repository will be available at https://yourServer/svn/tstprj
  7. If you want a private project, only accessible by the members of the project, uncheck Public
  8. Click the Save button
  9. Click the Projects link in the upper left corner of the page
  10. Click the link to the project you just made
  11. Click the Settings link
  12. Click the Members tab
  13. Select the members you would like to add and their role for the project form the list on the left
  14. Click the Add button
  15. Ignore repository tab as the cronjob we created earlier should create an svn reposity and link it to the project for you.

If you have made it this far and everything is working as expected, then Congratulations!!! You have setup your very own Redmine server with Subversion integration.  If things are not working, I recommend looking at the HowTo’s other documentation at redmine.org

Tags: , , , , , ,
Comment