From Evernote: |
全Linux生活:第34天 - BitNami Redmine Stack設定篇 |
BitNami Redmine Stack不是說很簡單,還要設定嗎?其實要看每個人的雞歪程度來決定!一般狀況下的確是不用設定就可以用了,到底多簡單看就知道,首先下載安裝檔:
http://bitnami.org/files/stacks/redmine/1.2.0-0/bitnami-redmine-1.2.0-0-linux-installer.bin
執行安裝檔:
$ chmod +x bitnami-redmine-1.2.0-0-linux-installer.bin
$ ./bitnami-redmine-1.2.0-0-linux-installer.bin
設定基本資訊:
設定安裝目錄
預設:/opt/redmine-1.2.0-0
設定Redmine管理員使用者代號
範例:admin
設定Redmine管理員使用者密碼
設定Redmine管理員使用者名稱
範例:Redmine Administrator
設定Redmine管理員email帳號
範例:projectname.iisi.com.tw@gmail.com
設定Redmine管理員使用語言
預設:[4] English
設定Redmine SMTP
設定Redmine SMTP伺服器位址
範例:smtp.gmail.com
設定Redmine SMTP Domain
範例:smtp.gmail.com
設定Redmine SMTP埠號
範例:587
設定Redmine SMTP帳號
範例:projectname.iisi.com.tw@gmail.com
設定Redmine SMTP密碼
接下來就是等待安裝﹍
安裝完成後會問我們要不要啟動Redmine,如果你已經迫不期待想知道Redmine到底是圓的還是方的,可以回答Y立即啟動。
瀏覽器開啟網址:http://<redmine_server_ip>/ ,當然,BitNami還是要宣告一下主權,不然我們可能會忘了它的存在!
主角上場,點上圖中的"Access BitNami Redmine Stack"或是直接開啟網址:http://<redmine_server_ip>/redmine/,登入在右上角,用剛剛設定的管理員帳號與密碼登入﹍好了,這就是傳說中的Redmine!比自己搞半天還裝得五五六六實在快太多了,重點是如果不說也許你還沒發現其實Redmine是用Rudy on Rail寫的,而且還省掉搞那些Rudy和MySQL還有Apache加起來有三卡車的亂七八糟設定了。
咦,結束了嗎?廢話,當然沒有!又不是第一天搞電腦,當然知道事情怎麽可能那麼順利,有這種程度已經是佛心來的了!其實裝到這裡,是真的已經可以用了,但雞歪一點的人會發現幾件事:
1. 只有HTTP,沒有HTTPS,資料被人看光光,Oh my god!
2. Email永遠通知不到要通知的人﹍Holy shit!
3. Subversion根本還沒設定!不過這不能怪BitNami啦,我們又沒跟他說我們要用Subversion!搞不好有人想用Git不行嗎?
4. Subversion就算照README.txt設定好,媽的!怎麽只支援svn://﹍連source code也被看光光﹍給我https啦!
BitNami會將所有的東西放在安裝目錄中,也就是/opt/redmine-1.2.0-0目錄下,啟動與停止系統可以這樣做:
啟動所有servers
$ sudo ./ctlscript.sh start
只啟動特定server
$ sudo ./ctlscript.sh start apache
$ sudo ./ctlscript.sh start mysql
$ sudo ./ctlscript.sh start subversion
$ sudo ./ctlscript.sh start redmine
停止所有servers
$ sudo ./ctlscript.sh stop
只停止特定server
$ sudo ./ctlscript.sh stop apache
$ sudo ./ctlscript.sh stop mysql
$ sudo ./ctlscript.sh stop subversion
$ sudo ./ctlscript.sh stop redmine
如何啟用HTTPS
1. 修改/opt/redmine-1.2.0-0/apache2/conf/httpd.conf
$ sudo vi /opt/redmine-1.2.0-0/apache2/conf/httpd.conf
載入SSL設定檔,找出這行:
#Include conf/extra/httpd-ssl.conf
註解拿掉:
Include conf/extra/httpd-ssl.conf
避免Redmine的資料被HTTP存取,找到這行:
Include "/opt/redmine-1.1.3-1/apps/redmine/conf/redmine.conf"
加上註解:
#Include "/opt/redmine-1.1.3-1/apps/redmine/conf/redmine.conf"
2. 產生SSL憑證
$ sudo /opt/redmine-1.2.0-0/common/bin/openssl genrsa -des3 -passout pass:密碼 -out /opt/redmine-1.2.0-0/apache2/conf/privatekey.pem 1024
$ sudo /opt/redmine-1.2.0-0/common/bin/openssl req -new -key /opt/redmine-1.2.0-0/apache2/conf/privatekey.pem -out /opt/redmine-1.2.0-0/apache2/conf/cert.csr
設定憑證資訊,這些資訊知道的話就輸入,但大部分如果不知道要打什麼就直接按Enter留白,但記得輪到Common Name(CN)時一定要回答,不可以空白。
$ sudo /opt/redmine-1.2.0-0/common/bin/openssl rsa -in /opt/redmine-1.2.0-0/apache2/conf/privatekey.pem -out /opt/redmine-1.2.0-0/apache2/conf/server.key
$ sudo /opt/redmine-1.2.0-0/common/bin/openssl x509 -in /opt/redmine-1.2.0-0/apache2/conf/cert.csr -out /opt/redmine-1.2.0-0/apache2/conf/server.crt -req -signkey /opt/redmine-1.2.0-0/apache/conf/server.key -days 36500
$ sudo /opt/redmine-1.2.0-0/common/bin/openssl rsa -in /opt/redmine-1.2.0-0/apache2/conf/privatekey.pem -out /opt/redmine-1.2.0-0/apache2/conf/server.key
$ sudo /opt/redmine-1.2.0-0/common/bin/openssl x509 -in /opt/redmine-1.2.0-0/apache2/conf/cert.csr -out /opt/redmine-1.2.0-0/apache2/conf/server.crt -req -signkey /opt/redmine-1.2.0-0/apache/conf/server.key -days 36500
36500指憑證有效期100年,夠久了吧。
3. 修改/opt/redmine-1.2.0-0/apache2/conf/extra/httpd-ssl.conf
$ sudo vi /opt/redmine-1.2.0-0/apache2/conf/extra/httpd-ssl.conf
確保所有Request都會使用HTTPS。找出以下區段:
# General setup for the virtual host
DocumentRoot "/opt/redmine-1.2.0-0/apache2/htdocs"
ServerName www.example.com:443
ServerAdmin you@example.com
ErrorLog "/opt/redmine-1.2.0-0/apache2/logs/error_log"
TransferLog "/opt/redmine-1.2.0-0/apache2/logs/access_log"
DocumentRoot "/opt/redmine-1.2.0-0/apache2/htdocs"
ServerName www.example.com:443
ServerAdmin you@example.com
ErrorLog "/opt/redmine-1.2.0-0/apache2/logs/error_log"
TransferLog "/opt/redmine-1.2.0-0/apache2/logs/access_log"
後面加上一行設定如下:
# General setup for the virtual host
DocumentRoot "/opt/redmine-1.2.0-0/apache2/htdocs"
ServerName you@example.com:443
ServerAdmin you@example.com
ErrorLog "/opt/redmine-1.2.0-0/apache2/logs/error_log"
TransferLog "/opt/redmine-1.2.0-0/apache2/logs/access_log"
RequestHeader set X_FORWARDED_PROTO 'https'
DocumentRoot "/opt/redmine-1.2.0-0/apache2/htdocs"
ServerName you@example.com:443
ServerAdmin you@example.com
ErrorLog "/opt/redmine-1.2.0-0/apache2/logs/error_log"
TransferLog "/opt/redmine-1.2.0-0/apache2/logs/access_log"
RequestHeader set X_FORWARDED_PROTO 'https'
設定server.csr與server.key,不過剛好我們產生憑證時已故意將憑證與金鑰產生在與設定檔裡的設定相同,所以就不用再改了。
加上Redmine相關設定,讓Redmine的網頁可以使用HTTPS連入。找出以下區段:
CustomLog "/opt/redmine-1.2.0-0/apache2/logs/ssl_request_log" \
"%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b"
</VirtualHost>
"%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b"
</VirtualHost>
加上一行如下:
CustomLog "/opt/redmine-1.2.0-0/apache2/logs/ssl_request_log" \
"%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b"
Include "/opt/redmine-1.2.0-0/apps/redmine/conf/redmine.conf"
</VirtualHost>
"%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b"
Include "/opt/redmine-1.2.0-0/apps/redmine/conf/redmine.conf"
</VirtualHost>
4. 重新啟動Apache
$ sudo /opt/redmine-1.2.0-0/ctlscript.sh restart apache
5. 以後改用https://<redmine_server_ip>/redmine/取代http://<redmine_server_ip>/redmine/,而且HTTP不能再用來連Redmine了。
如何設定真的可以用的EMAIL通知
安裝時候可以設定SMTP參數,但那僅限走不加密的SMTP Server可以在設定好直接使用,而且一般是走25埠。因為我們這次打算使用gmail來送信, Gmail使用TLS加密,埠號是587,不幸的是,BitNami安裝Redmine時並沒有把TLS相關的程式加進來,所以有些事還是要自己來。
1. 安裝TLS Plugin
$ cd /opt/redmine-1.2.0-0
$ sudo ./use_redmine
# cd apps/redmine
# ruby script/plugin install git://github.com/collectiveidea/action_mailer_optional_tls.git
Initialized empty Git repository in /opt/redmine-1.2.0-0/apps/redmine/vendor/plugins/action_mailer_optional_tls/.git/
remote: Counting objects: 14, done.
remote: Compressing objects: 100% (10/10), done.
remote: Total 14 (delta 2), reused 10 (delta 2)
Unpacking objects: 100% (14/14), done.
From git://github.com/collectiveidea/action_mailer_optional_tls
* branch HEAD -> FETCH_HEAD
remote: Counting objects: 14, done.
remote: Compressing objects: 100% (10/10), done.
remote: Total 14 (delta 2), reused 10 (delta 2)
Unpacking objects: 100% (14/14), done.
From git://github.com/collectiveidea/action_mailer_optional_tls
* branch HEAD -> FETCH_HEAD
2. 編輯/opt/redmine-1.2.0-0/apps/redmine/config/email.yml,修改如下:
production:
delivery_method: :smtp
smtp_settings:
tls: true
address: "smtp.gmail.com"
port: '587'
domain: "smtp.gmail.com"
authentication: :plain
user_name: "projectname.iisi.com.tw@gmail.com"
password: "密碼"
development:
delivery_method: :smtp
smtp_settings:
tls: true
address: "smtp.gmail.com"
port: '587'
domain: "smtp.gmail.com"
authentication: :plain
user_name: "projectname.iisi.com.tw@gmail.com"
password: "密碼"
delivery_method: :smtp
smtp_settings:
tls: true
address: "smtp.gmail.com"
port: '587'
domain: "smtp.gmail.com"
authentication: :plain
user_name: "projectname.iisi.com.tw@gmail.com"
password: "密碼"
development:
delivery_method: :smtp
smtp_settings:
tls: true
address: "smtp.gmail.com"
port: '587'
domain: "smtp.gmail.com"
authentication: :plain
user_name: "projectname.iisi.com.tw@gmail.com"
password: "密碼"
3. 重新啟動
$ sudo /opt/redmine-1.2.0-0/ctlscript.sh stop
$ sudo /opt/redmine-1.2.0-0/ctlscript.sh start
如何設定Subversion
Subversion支援四種Protocols: http://,https://,svn://,svn+ssh://,因為我們只要用https://所以其他類型就先省略了。
1. 編輯/opt/redmine-1.2.0-0/apache2/conf/httpd.conf,加入Subversion模組
$ sudo vi /opt/redmine-1.2.0-0/apache2/conf/httpd.conf
跟apache說要載入svn相關模組,找出這兩行:
#LoadModule dav_svn_module modules/mod_dav_svn.so
#LoadModule authz_svn_module modules/mod_authz_svn.so
把註解拿掉
LoadModule dav_svn_module modules/mod_dav_svn.so
LoadModule authz_svn_module modules/mod_authz_svn.so
2. 建立Subversion Repository
因為BitNami使用的Subversion Apache Module需要特定版本的SQLite檔案,但安裝時沒有放進去,會造成新版的Subversion資料庫檔案寫入失敗,因此建立儲存庫時必須註明相容1.6以前的版本:
$ sudo /opt/redmine-1.2.0-0/subversion/bin/svnadmin create --fs-type fsfs --pre-1.6-compatible /var/svn/repos/儲存庫名稱
由於BitNami啟動Apache時使用daemon使用者,所以必須把儲存庫下所有檔案與目錄的擁有者改為daemon,否則會有無法開啟或寫入檔案的問題:
$ sudo chown -R daemon.daemon /var/svn/repos/儲存庫名稱
$ sudo chown -R g+w /var/svn/repos/儲存庫名稱/db
備註:如果想要從舊得儲存庫把資料搬過來,還是要先以上面的步驟建立一個相容1.6版以前的新儲存庫,接著進行匯出跟匯入:
於舊得儲存庫執行匯出:
$ sudo svnadmin dump 舊儲存庫路徑 > repo.backup
在新的儲存庫進行匯入:
$ sudo svnadmin load /var/svn/repos/儲存庫名稱 < repo.backup
2. 編輯/opt/redmine-1.2.0-0/apache2/conf/extra/httpd-ssl.conf
$ sudo vi /opt/redmine-1.2.0-0/apache2/conf/extra/httpd-ssl.conf
在<VirtualHost>的最後 部份再加上一行,如下:
Include "/opt/redmine-1.2.0-0/apps/redmine/conf/redmine.conf"
Include "conf/extra/httpd-svn.conf"
</VirtualHost>
</VirtualHost>
3. 建立新檔/opt/redmine-1.2.0-0/apache2/conf/extra/httpd-svn.conf
$ sudo vi /opt/redmine-1.2.0-0/apache2/conf/extra/httpd-svn.conf
新增內容如下:
<Location "/svn">
DAV svn
AuthType Basic
SVNParentPath /var/svn/repos
AuthName "Subversion Repository"
AuthUserFile /var/svn/repos/auth.conf
AuthzSVNAccessFile /var/svn/repos/access.conf
require valid-user
</Location>
AuthType Basic
SVNParentPath /var/svn/repos
AuthName "Subversion Repository"
AuthUserFile /var/svn/repos/auth.conf
AuthzSVNAccessFile /var/svn/repos/access.conf
require valid-user
</Location>
4. 建立/var/svn/repos/auth.conf
為每一位使用者建立密碼檔:
$ sudo /opt/redmine-1.2.0-0/apache2/bin/htpasswd -m -n 使用者名稱 >> /var/svn/repos/auth.conf
$ sudo chown -R daemon.daemon /var/svn/repos/auth.conf
5. 建立/var/svn/repos/access.conf
$ sudo vi /var/svn/repos/access.conf
新增如下內容:
[儲存庫名稱:/]
使用者名稱 = rw
﹍﹍
$ sudo chown -R daemon.daemon /var/svn/repos/access.conf
6. 重新啟動Apache
$ sudo /opt/redmine-1.2.0-0/ctlscript.sh restart apache
好了,就醬!
No comments:
Post a Comment