Valkertown Home

2009-04-14-setting up redmine with archlinux part 2

On the previous part we downloaded the source and setup the system so can being setting up everything.

To be honest Apache is not really required at all on this setup, it was required for me since I run other stuff on the same server, so let's begin with it.

All that we need is to setup a reverse proxy on apache like this:

 <VirtualHost *:80 >
    ServerName redmine.somewhere.net
    <location /sys>
        Order allow,deny
        Allow from 127.0.0.1
    </location>
    ProxyPass / http://localhost:3000/
    ProxyPassReverse / http://localhost:3000/
</VirtualHost>

One important thing is to deny access to /sys to everywhere but from localhost, we use it to query redmine from localhost but restrict the outside.

Now, redmine is a project management but not a frontend so our users can access the repositories so we do this also on apache, hgweb.cgi and hgwebdir.cgi whose are written in python.

 <VirtualHost *:80>
    DocumentRoot "/path/to/hgweb/"
    ServerAlias hg.somewhere.net
    RewriteEngine On
    RewriteRule ^/static/(.*)$ /static/$1
    RewriteRule ^/(.*)$ /cgi-bin/hgwebdir.cgi/$1
    RewriteRule ^/$ /cgi-bin/hgwebdir.cgi
    <location />
    Authtype basic
    Authname "Somewhere"
    AuthUserFile /path/to/somewherepasswd
    Require valid-user
    SetEnv SCRIPT_NAME "hg.somewhere.net"
    AddHandler cgi-script  .cgi
    Options +ExecCGI
    </location>
</VirtualHost>

I would suggest using ssl for this, I did setup the paswords for this since we use this setup for some private repos, also I like using subdomains for the different parts, but you can move the relevant stuff here inside a location clause.

Hgwebdir.cgi knows how to publish several mercurial repos, we have to configure it with hgweb.config on the same directory where hgwebdir.cgi is:

 [collections]
/path/to/repos/ = /path/to/repos/
[web]
style = monoblue

I have a cronjob on /etc/cron.hourly/repos.sh that creates repos and generate the passwd file for hgweb so users can use the same password on redmine and hgweb. I prefer having write access to the repositories using ssh but this resulted far easier to coordinate and teach to new users than ssh, at least I could setup this withing ssl.

 #!/bin/sh
ruby /path/to/redmine.svn/extra/svn/reposman.rb --redmine redmine.somewhere.net --svn-dir /path/to/hgrepos/ --owner apache --url /path/to/repos --scm mercurial --command "hginit" >> /var/log/repos.log

python /path/to/genhtpasswd.py > /path/to/somewherepasswd 2> /dev/null

I can't remember if I wrote this script from scratch but I remember hacking a lot of it: genhtpasswd.py, note the explorer:somepass since it's required so redmine can access the repos and acquire the data it needs.

 #!/usr/bin/env python
import MySQLdb
from hashlib import sha1
from base64 import b64encode

conn = MySQLdb.connect (host = "",
                        user = "",
                        passwd = "",
                        db = "")
cursor = conn.cursor ()
cursor.execute ("SELECT login,hashed_password from users")
row = cursor.fetchone ()
# Repo explorer password for redmine
print "explorer:somepass"
while row:
    user = row[0]
    password = row[1]
    if user != "" and password != "":
        phash = ""
        while len(password):
            c = int(password[:2],16)
            password = password[2:]
            phash += chr(c)
        password = b64encode(phash)


        print "%s:{SHA}%s" % (user,password)
    row = cursor.fetchone ()
cursor.close ()
conn.close ()

Finally we get into redmine, first email, this requires a patch to redmine, so it can hanlde auth over ssl smtp. (I have to elaborate on this, but I haven't the resources to do it at hand so I'll let it for a future edit. Meanwhile google should suffice I'm really sorry)

email.yml

 production:
  delivery_method: :smtp
  smtp_settings:
    address: "smtp.gmail.com"
    port: 25
    domain: "somewhere.net"
    authentication: :login
    user_name: "redmine@somewhere.net"
    password: "yourpassword"
    tls: true

I'll skip database.yml since it's not relevant, setup as you like but take note that genhtpasswd.py needs to be setup and modified accordingly to this config file.

Finally standing over the svn checkout of redmine, assuming you run Redmine with a user named redmine:

$mkdir tmp
$sudo chown -R redmine:redmine files log tmp
$sudo chmod -R 755 files log tmp

Another note, keep in mind that the environment you configured in the rednime yml files is the one you need to start, so for me it's production.

$rake db:migrate RAILS_ENV="production"
$rake config/initializers/session_store.rb
$mongrel_rails start -e production

I wonder if I left something behing, if you notice something is missing or unclear please nag me and I will correct or elaborate on it.

comments powered by Disqus

© 2008-2012 Carlos A. Perilla deepspawn at valkertown dot org | Based on original design by Andreas Viklund