Installing Redmine 3.4.4 on CentOS 7 with Apache and Phusion Passenger

Redmine is a powerful, free, and open-source tool for project management. Built on the Ruby on Rails framework, it is web-based and capable of using various database servers for data storage. Redmine supports an extensive set of features including multi-project handling, role-based access controls, and an integrated issue tracking system. Additional highlights include support for Gantt charts, calendars, file handling, project-specific wikis and forums, and compatibility with version control systems like Git, SVN, and CVS. The platform is multilingual, offering support for 49 languages.

This guide is tailored for Redmine version 3.4.4, though it may be applicable to more recent releases.

System Requirements

• An active CentOS 7 server
• A user account with sudo privileges
• A domain name directed to your server

In this example, the IP address 192.168.1.1 and the domain redmine.example.com are used to demonstrate the setup. Replace these placeholders with your actual IP and domain where applicable.

Before beginning, ensure your CentOS 7 system is up-to-date. Refer to the guide titled How to Update CentOS 7 for instructions. After updating, proceed with the installation of required components.

Installing Apache

Redmine relies on Ruby on Rails, and to serve it efficiently through Apache, Phusion Passenger is required. Start by installing Apache:

sudo yum -y install httpd httpd-devel libcurl-devel

To compile and build Redmine, additional development packages are necessary. Install them using the command below:

sudo yum -y install ImageMagick ImageMagick-devel git libxml2-devel libxslt-devel gcc bzip2 openssl-devel zlib-devel gdbm-devel ncurses-devel autoconf automake bison gcc-c++ libffi-devel libtool patch readline-devel sqlite-devel glibc-headers glibc-devel libyaml-devel libicu-devel libidn-devel

Setting Up PostgreSQL for Redmine on CentOS 7

Redmine works with several database servers, including MySQL, MSSQL, and PostgreSQL. This guide uses PostgreSQL to host the Redmine database.

PostgreSQL is an advanced object-relational database system. Since the default CentOS repository contains an outdated version, start by adding the official PostgreSQL repository to your system:

sudo yum -y install https://download.postgresql.org/pub/repos/yum/10/redhat/rhel-7-x86_64/pgdg-centos10-10-1.noarch.rpm

Install the PostgreSQL 10 database server along with additional utilities:

sudo yum -y install postgresql10-server postgresql10-contrib postgresql10

Initialize the PostgreSQL data directory:

sudo /usr/pgsql-10/bin/postgresql-10-setup initdb

Enable the PostgreSQL service to start at boot and launch it now:

sudo systemctl start postgresql-10
sudo systemctl enable postgresql-10

Next, set a password for the default postgres user account:

sudo passwd postgres

Switch to the PostgreSQL user shell:

sudo su - postgres

Create a new PostgreSQL user specifically for Redmine (you can choose any username):

createuser redmine

Access the PostgreSQL shell using psql:

psql

Assign a secure password to the new Redmine user:

ALTER USER redmine WITH ENCRYPTED password 'DBPassword';

Replace DBPassword with a strong password of your choice. Now, create the Redmine database and assign ownership to the Redmine user:

CREATE DATABASE redmine WITH ENCODING='UTF8' OWNER=redmine;

Exit the PostgreSQL shell:

\q

Return to your sudo-enabled user account:

exit

To enable MD5-based password authentication, edit the PostgreSQL configuration file pg_hba.conf:

sudo nano /var/lib/pgsql/10/data/pg_hba.conf

Update the following lines by changing the authentication methods:

# TYPE  DATABASE        USER            ADDRESS                 METHOD

# "local" is for Unix domain socket connections only
local   all             all                                     trust
# IPv4 local connections:
host    all             all             127.0.0.1/32            md5
# IPv6 local connections:
host    all             all             ::1/128                 md5

Restart PostgreSQL to apply the configuration changes:

sudo systemctl restart postgresql-10

Finally, install additional PostgreSQL dependencies that are required by Redmine:

sudo yum -y install libpqxx-devel protobuf-devel

Installing Ruby and Phusion Passenger for Redmine

It’s best practice to run Redmine under a non-root user for better isolation. Begin by creating a dedicated system user and switching to it:

sudo adduser redmine
sudo su - redmine

We’ll use Ruby Version Manager (RVM) to install and manage Ruby versions. Start by importing the RVM GPG keys:

gpg --keyserver hkp://keys.gnupg.net --recv-keys 409B6B1796C275462A1703113804BB82D39DC0E3 7D2BAF1CF37B13E2069D6956105BD0E739499BDB

Install RVM and activate it:

curl -sSL https://get.rvm.io | bash -s stable
source ~/.rvm/scripts/rvm

Check available Ruby versions:

rvm list known

From the list, choose and install the latest Ruby version:

rvm install 2.4
rvm use 2.4

Verify the installed Ruby version:

ruby -v

Example output:

[redmine@centron ~]$ ruby -v
ruby 2.4.1p111 (2017-03-22 revision 58053) [x86_64-linux]

Install Bundler, the Ruby dependency manager:

gem install bundler

Installing Phusion Passenger

Next, install Phusion Passenger to integrate Ruby with Apache:

gem install passenger

Grant execute permissions to the Redmine user’s home directory so Passenger can access binaries:

chmod o+x "/home/redmine"

Install the Apache module for Passenger:

passenger-install-apache2-module

The script will display an installation guide and ask you to choose a language. Select Ruby and press Enter.

Passenger will verify system requirements, then compile and install the Apache module automatically if everything is in order.

Once done, it will provide a configuration snippet to add to Apache:

LoadModule passenger_module /home/redmine/.rvm/gems/ruby-2.4.1/gems/passenger-5.1.12/buildout/apache2/mod_passenger.so

  PassengerRoot /home/redmine/.rvm/gems/ruby-2.4.1/gems/passenger-5.1.12
  PassengerDefaultRuby /home/redmine/.rvm/gems/ruby-2.4.1/wrappers/ruby

Press Enter to skip this step for now, since the current user lacks sudo rights. You’ll add the configuration later in the tutorial.

At the end, Passenger will validate the setup and might show this warning:

Validating installation...

 * Checking whether this Passenger install is in PATH... ✓
 * Checking whether there are no other Passenger installations... ✓
 * Checking whether Apache is installed... ✓
 * Checking whether the Passenger module is correctly configured in Apache... (!)

   You did not specify 'LoadModule passenger_module' in any of your Apache
   configuration files. Please paste the configuration snippet that this
   installer printed earlier, into one of your Apache configuration files, such
   as /etc/httpd/conf/httpd.conf.

Detected 0 error(s), 1 warning(s).
Press ENTER to continue.

Now that Phusion Passenger is installed, you are ready to download and configure Redmine itself.

Downloading and Installing Redmine on CentOS 7

Begin by downloading the latest Redmine release from the official website:

cd ~
wget http://www.redmine.org/releases/redmine-3.4.4.tar.gz

Extract the downloaded archive and rename the folder for easier management:

tar -xf redmine-*.tar.gz
mv redmine-*/ redmine/

Copy the sample configuration files into their working locations:

cd redmine
cp config/configuration.yml.example config/configuration.yml
cp config/database.yml.example config/database.yml

Edit the database configuration file to specify your PostgreSQL settings:

nano config/database.yml

Comment out the MySQL settings under production, development, and test like so:

#production:
#  adapter: mysql2
#  database: redmine
#  host: localhost
#  username: root
#  password: ""
#  encoding: utf8

#development:
#  adapter: mysql2
#  database: redmine_development
#  host: localhost
#  username: root
#  password: ""
#  encoding: utf8

#test:
#  adapter: mysql2
#  database: redmine_test
#  host: localhost
#  username: root
#  password: ""
#  encoding: utf8

Next, uncomment and update the PostgreSQL configuration, ensuring two-space indentation:

production:
  adapter: postgresql
  database: redmine
  host: localhost
  username: redmine
  password: "DBPassword"

Set the PostgreSQL configuration path for the build process:

bundle config build.pg --with-pg-config=/usr/pgsql-10/bin/pg_config

Install the required Ruby gems, excluding development and test groups:

bundle install --without development test

At the end of the installation, you will see a message like:

Installing roadie-rails 1.1.1
Bundle complete! 31 Gemfile dependencies, 55 gems now installed.
Gems in the groups development and test were not installed.
Use `bundle info [gemname]` to see where a bundled gem is installed.

Generate secret tokens for session encryption:

bundle exec rake generate_secret_token

Migrate the PostgreSQL database for production use:

RAILS_ENV=production bundle exec rake db:migrate

Import the default configuration and language data:

RAILS_ENV=production bundle exec rake redmine:load_default_data

During execution, you will be prompted to select the default language. Choose your preferred language from the list. Default is English.

[redmine@centron redmine]$ RAILS_ENV=production bundle exec rake redmine:load_default_data

Select language: ar, az, bg, bs, ca, cs, da, de, el, en, en-GB, es, es-PA, et, eu, fa, fi, fr, gl, he, hr, hu, id, it, ja, ko, lt, lv, mk, mn, nl, no, pl, pt, pt-BR, ro, ru, sk, sl, sq, sr, sr-YU, sv, th, tr, uk, vi, zh, zh-TW [en]
====================================
Default configuration data loaded.

Set the correct permissions and directory structure for Redmine:

mkdir -p tmp tmp/pdf public/plugin_assets
chown -R redmine:redmine files log tmp public/plugin_assets
chmod -R 755 files log tmp public/plugin_assets

With this, all tasks under the unprivileged user are done. Return to your main sudo user by executing:

su - <username>

Apache Configuration for Redmine with SSL on CentOS 7

Begin by enabling the Passenger module in Apache’s configuration. This ensures that the module is automatically loaded at startup:

echo "LoadModule passenger_module /home/redmine/.rvm/gems/ruby-2.4.1/gems/passenger-5.1.12/buildout/apache2/mod_passenger.so" | sudo tee -a /etc/httpd/conf.modules.d/00-base.conf

Create a new virtual host configuration file for Redmine:

sudo nano /etc/httpd/conf.d/redmine.conf

Insert the following configuration, replacing redmine.example.com with your actual domain:

<VirtualHost *:80>
    ServerName redmine.example.com

    DocumentRoot /home/redmine/redmine/public
    
    PassengerRoot /home/redmine/.rvm/gems/ruby-2.4.1/gems/passenger-5.1.12
    PassengerRuby /home/redmine/.rvm/gems/ruby-2.4.1/wrappers/ruby
    PassengerUser redmine

    <Directory /home/redmine/redmine/public>
      Allow from all
      Options -MultiViews
      Require all granted
    </Directory>
</VirtualHost>

To confirm the correct Passenger paths, execute the following:

sudo su redmine -c "passenger-config about ruby-command"

Restart Apache to load the new virtual host:

sudo systemctl restart httpd

Open firewall port 80 for HTTP access:

sudo firewall-cmd --zone=public --add-service=http --permanent
sudo firewall-cmd --reload

You can now reach your Redmine interface via http://redmine.example.com. Default login credentials are admin / admin.

Enable HTTPS with Let’s Encrypt SSL

To encrypt traffic, secure the Apache server with SSL using Let’s Encrypt and Certbot.

Install the necessary tools:

sudo yum -y install epel-release
sudo yum -y install certbot mod_ssl

Allow HTTPS traffic through the firewall:

sudo firewall-cmd --zone=public --add-service=https --permanent
sudo firewall-cmd --reload

Note: Ensure your domain points to the server before proceeding.

Request and generate the SSL certificate:

sudo certbot certonly --webroot -w /home/redmine/redmine/public -d redmine.example.com

Certificates are stored under /etc/letsencrypt/live/redmine.example.com/.

Automate SSL renewal with a cron job. Open the root crontab:

sudo crontab -e

Add this line to schedule daily certificate renewal at 5:30 AM:

30 5 * * * /usr/bin/certbot renew --quiet

Edit the Redmine Apache virtual host configuration:

sudo nano /etc/httpd/conf.d/redmine.conf

Update the configuration to redirect HTTP to HTTPS and enable secure SSL settings:

<VirtualHost *:80>
    Redirect permanent / https://www.example.com/
    ServerName redmine.example.com
</VirtualHost>

<VirtualHost *:443>
    ServerAdmin admin@example.com
    ServerName redmine.example.com
    DocumentRoot "/home/redmine/redmine/public"
    <Directory "/home/redmine/redmine/public">
        Options None
        Require all granted
    </Directory>
    PassengerAppEnv production
    PassengerRoot /home/redmine/.rvm/gems/ruby-2.4.1/gems/passenger-5.1.12
    PassengerRuby /home/redmine/.rvm/gems/ruby-2.4.1/wrappers/ruby
    PassengerUser redmine
    PassengerHighPerformance on

    SSLEngine on
    SSLCertificateFile      /etc/letsencrypt/live/redmine.example.com/cert.pem
    SSLCertificateKeyFile   /etc/letsencrypt/live/redmine.example.com/privkey.pem
    SSLCertificateChainFile /etc/letsencrypt/live/redmine.example.com/chain.pem

    SSLProtocol             all -SSLv2 -SSLv3
    SSLHonorCipherOrder     on
    SSLCipherSuite          ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES256-SHA:ECDHE-ECDSA-DES-CBC3-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:DES-CBC3-SHA:!DSS

    <IfModule headers_module>
        Header always edit Set-Cookie ^(.*)$ $1;HttpOnly;Secure
        Header always set Strict-Transport-Security "max-age=15768000; includeSubDomains"
    </IfModule>
</VirtualHost>

Save the file and restart Apache to activate the changes:

sudo systemctl restart httpd

Your Redmine application is now securely accessible at https://redmine.example.com.

Congratulations! Redmine is fully installed and protected with SSL. You can now begin creating or importing your projects.

Conclusion

You’ve successfully completed the installation and configuration of Redmine 3.4.4 on a CentOS 7 server using Apache, PostgreSQL, and Phusion Passenger. The platform is now live and secured with an SSL certificate from Let’s Encrypt, ensuring encrypted communication over HTTPS. By following best practices, such as isolating the Redmine process under a non-privileged user and automating SSL renewal, your system is both functional and secure.

With Redmine ready to go, you can start managing tasks, tracking issues, collaborating with your team, and overseeing project timelines using its integrated tools. Whether you’re importing existing data or setting up your first project, Redmine offers a powerful and flexible project management environment tailored to your needs.

Feel free to customize and expand your Redmine instance by enabling plugins, setting up email notifications, or adjusting user permissions as your team grows. Happy project tracking!