Skip to content

Deployment Overview of Redmine on Server

Prerequisites and Basic Requirements

The deployment of Redmine on the server requires the following environment conditions:

  • Operating System: Linux distribution compatible with Docker Engine.
  • Privileges: Root access or sudo privileges are required to manage Docker services and configure system-level network settings.
  • Domain Configuration: A valid domain name configured with DNS records pointing to the server's IP address. The domain follows the pattern {{ prefix }}{{ server_id }}.{{ zone }}.
  • Network Ports:
  • Port 80 (HTTP) for initial SSL certificate validation.
  • Port 443 (HTTPS) for secure application access.
  • Port 3000 is used internally by the Redmine container but is not exposed directly to the public network.

File and Directory Structure

The application utilizes specific directories for configuration, data storage, and certificate management:

  • /opt/redmine: The primary directory containing the Docker Compose configuration file (docker-compose.yml).
  • /data/nginx/user_conf.d: The directory storing the custom Nginx server configuration files, named according to the pattern {{ prefix }}{{ server_id }}.{{ zone }}.conf.
  • /data/nginx/nginx-certbot.env: The environment file containing variables required by the Nginx-Certbot container.
  • /etc/letsencrypt: The mount point for SSL certificates and keys managed by Certbot, accessed via the nginx_secrets volume.

Docker Containers and Their Deployment

The application is deployed using Docker Compose, orchestrating three primary services: a database, the Redmine application, and a reverse proxy with SSL termination.

The deployment is initiated by executing the following command within the /opt/redmine directory:

docker compose up -d

The docker-compose.yml file defines the following services:

  • Database Service (db):
  • Image: mysql:8.0
  • Container Name: redmine-mysql
  • Restart Policy: always
  • Environment Variables:
    • MYSQL_ROOT_PASSWORD: Set via the {{ REDMINE_MYSQL_PASSWORD }} variable.
    • MYSQL_DATABASE: Set to redmine.

  • Health Check: Verifies connectivity using mysqladmin ping.

  • Redmine Service (redmine):

  • Image: redmine
  • Container Name: redmine
  • Restart Policy: always
  • Environment Variables:
    • REDMINE_DB_MYSQL: Set to db (the service name of the database).
    • REDMINE_DB_PASSWORD: Set via the {{ REDMINE_MYSQL_PASSWORD }} variable.
    • REDMINE_SECRET_KEY_BASE: Set via the {{ REDMINE_SECRET_KEY }} variable.
  • Dependencies: Starts only after the db service is healthy.

  • Health Check: Verifies the application is responding on http://localhost:3000.

  • Nginx Service (nginx):

  • Image: jonasal/nginx-certbot:latest
  • Container Name: redmine-nginx
  • Restart Policy: unless-stopped
  • Ports: Exposes 80 and 443 to the host.
  • Environment Variables:
  • Volumes:
    • nginx_secrets mounted to /etc/letsencrypt.
    • Host directory /data/nginx/user_conf.d mounted to /etc/nginx/user_conf.d.
  • Dependencies: Starts only after the redmine service is healthy.

Proxy Servers

The Nginx container acts as a reverse proxy and handles SSL certificate management via Certbot.

  • SSL Configuration: The server loads SSL certificates from /etc/letsencrypt/live/{{ prefix }}{{ server_id }}.{{ zone }}/.
  • Certificate File: fullchain.pem
  • Private Key File: privkey.pem
  • Chain File: chain.pem
  • Diffie-Hellman Parameters: Loaded from /etc/letsencrypt/dhparams/dhparam.pem.
  • Server Name: Configured to respond to {{ prefix }}{{ server_id }}.{{ zone }}.
  • Proxy Settings:
  • The Nginx configuration forwards requests from the location {{ external_path }} to the Redmine container at http://redmine:3000.
  • Headers X-Forwarded-Host, X-Forwarded-Server, X-Real-IP, and X-Forwarded-For are set to preserve client information.
  • WebSocket support is enabled with proxy_http_version 1.1 and appropriate upgrade headers.
  • Proxy buffering is disabled (proxy_buffering off).

Databases

The application uses a MySQL database for data storage.

  • Connection Method: The Redmine container connects to the database service named db using the internal Docker network.
  • Database Name: redmine.
  • Authentication: The root password is provided via the MYSQL_ROOT_PASSWORD environment variable.
  • Storage: Database data is stored within the Docker container's writable layer or associated volumes managed by Docker, as no external volume is explicitly defined for the database in the provided configuration.

Starting, Stopping, and Updating

Service management is handled through Docker Compose commands executed in the /opt/redmine directory.

  • Start Services: 
    cd /opt/redmine
docker compose up -d
  • Stop Services: 
    cd /opt/redmine
docker compose down
  • Update Services: To apply changes to the configuration or pull new images, stop the services, pull the latest images, and restart: 
    cd /opt/redmine
docker compose down
docker compose pull
docker compose up -d

Permission Settings

The configuration files and directories are set with specific ownership and permissions to ensure security and proper access:

  • /opt/redmine: Owned by root:root with mode 0644.
  • /opt/redmine/docker-compose.yml: Owned by root:root with mode 0644.
  • /data/nginx/user_conf.d/{{ prefix }}{{ server_id }}.{{ zone }}.conf: Owned by root:root with mode 0644.
  • /data/nginx/nginx-certbot.env: Accessible by the Nginx container via volume mount.
question_mark
Is there anything I can help you with?
question_mark
AI Assistant ×