Installing Redmine on Debian 7.5

Redmine is a flexible project management web application with issue and time tracking ability. The development server caters for the hosting of the project management system and also allows for access to it over the HTTPS protocol.

Installing Redmine

To install Redmine, we execute the following command in a “root” shell.

apt-get install redmine redmine-mysql

When we are prompted to configure the Redmine database making use of dbconfig-common, we select yes.

Setting up the Redmine database

When prompted to select the database type to be used, select the mysql option. Next, enter the password for the “root” database user of the MySQL database server. Finally, enter a password for the “redmine_default” database user.

Installing Redmine dependencies

To manage the gems dependencies, Redmine uses Bundler, which is installed by executing the following command in a “root” shell.

gem install bundler

Once the installation of Bundler is complete, we can install all the gems required by executing the following command in a “root” shell.

bundle install --without development test

If you receive an error message stating Could not locate Gemfile, ensure that you are in the directory where Redmine is installed; the default for the debian package of Redmine is /usr/share/redmine

Installing the Apache Module

Redmine uses the Passenger Apache Module, which is installed by executing the following command in a “root” shell.

apt-get install libapache2-mod-passenger

Setting up the Redmine virtual host

To use the Redmine application in our virtual host, some permissions and ownership needs to be set on the web application by executing the following command in a “root” shell.

chown -R www-data:www-data /usr/share/redmine/public/

Virtual Host settings

The virtual host will use the IP address 192.168.100.16, using the certificate in /etc/ssl/CA/certs/sitename.cert and the private key in /etc/ssl/CA/private/sitename.key.nopass. Authentication and authorization is handled inside of the Redmine application.

Virtual Host Configuration

<VirtualHost 192.168.100.16:80>
    RewriteEngine on
    ReWriteCond %{SERVER_PORT} !^443$
    RewriteRule ^/(.*) https://%{HTTP_HOST}/$1 [NC,R,L]
</VirtualHost>

<VirtualHost 192.168.100.16:443>
    ServerName sitename
    ServerAdmin webmaster@domain

    SSLEngine On
    SSLCertificateFile /etc/ssl/CA/certs/sitename.cert
    SSLCertificateKeyFile /etc/ssl/CA/private/sitename.key.nopass

    BrowserMatch "MSIE [2-6]" \
        nokeepalive ssl-unclean-shutdown \
        downgrade-1.0 force-response-1.0
    BrowserMatch "MSIE [17-9]" ssl-unclean-shutdown

    ErrorDocument 404 /404.html
    ErrorDocument 500 /500.html

    DocumentRoot /usr/share/redmine/public
    <Directory /usr/share/redmine/public>
        RailsBaseURI /
        PassengerResolveSymlinksInDocumentRoot on
        AllowOverride None
    </Directory>

    ErrorLog ${APACHE_LOG_DIR}/sitename/error.log
    CustomLog ${APACHE_LOG_DIR}/sitename/access.log combined
</VirtualHost>

Enabling the Virtual Host

To enable the virtual host, we execute the following command in a “root” shell.

a2ensite sitename

To reload the configuration, we execute the following command in a “root” shell.

service apache2 reload

Installing RockMongo on Debian 7.5

To be able to administer a MongoDB Server, a connection needs to be established to it. Several options are available, with the most frequently used being the command-line utilities in a shell. We can also make use of RockMongo, allowing us access to the database server through a web interface.

Downloading RockMongo

To download the latest release of RockMongo, we access it at http://rockmongo.com/downloads.

Installing RockMongo

Once downloaded, we can extract the archive and setup the virtual host to publish the extracted directory.

Configuring RockMongo

To configure RockMongo, we will host it on a secure virtual host on Apache.

Virtual Host settings

The virtual host will use the IP address 192.168.100.14, using the certificate in /etc/ssl/CA/certs/sitename.cert and the private key in /etc/ssl/CA/private/sitename.key.nopass. Authentication will also be required using a htpasswd file in /etc/apache2/security/htpasswd.sitename.

To create this htpasswd file, we execute the following command in a “root” shell.

htpasswd -c /etc/apache2/security/htpasswd.sitename admin

We will then be prompted to enter a password for the user admin, and using these credentials we will be able to access the RockMongo web interface.

Virtual Host Configuration

<VirtualHost 192.168.100.14:80>
    RewriteEngine on
    ReWriteCond %{SERVER_PORT} !^443$
    RewriteRule ^/(.*) https://%{HTTP_HOST}/$1 [NC,R,L]
</VirtualHost>

<VirtualHost 192.168.100.14:443>
    ServerName sitename
    ServerAdmin webmaster@domain

    SSLEngine On
    SSLCertificateFile /etc/ssl/CA/certs/sitename.cert
    SSLCertificateKeyFile /etc/ssl/CA/private/sitename.key.nopass

    DocumentRoot /var/www/rockmongo
    <Directory /var/www/rockmongo>
        Options FollowSymLinks
        DirectoryIndex index.php
        <IfModule mod_php5.c>
            AddType application/x-httpd-php .php
            php_flag magic_quotes_gpc Off
            php_flag track_vars On
            php_flag register_globals Off
            php_admin_flag allow_url_fopen Off
            php_value include_path .
        </IfModule>
        <IfModule mod_authn_file.c>
            AuthType Basic
            AuthName "MongoDB Administration"
            AuthUserFile /etc/apache2/security/htpasswd.sitename
        </IfModule>
        Require valid-user
    </Directory>

    ErrorLog ${APACHE_LOG_DIR}/sitename/error.log
    CustomLog ${APACHE_LOG_DIR}/sitename/access.log combined
</VirtualHost>

Enabling the Virtual Host

To enable the virtual host, we execute the following command in a “root” shell.

a2ensite sitename

To reload the configuration, we execute the following command in a “root” shell.

service apache2 reload

Installing phpMyAdmin on Debian 7.5

To be able to administer a MySQL Server, a connection needs to be established to it. Several options are available, with the most frequently used being the command-line utilities in a shell. Another option is to make use of MySQL Workbench. However, this isn’t the preferred solution, since this would require firewall rules to be defined to allow only certain remote connections to our database server. We can also make use of phpMyAdmin, allowing us access to the database server through a web interface.

Installing phpMyAdmin

To install phpMyAdmin, we execute the following command in a “root” shell.

apt-get install phpmyadmin

During the installation, we are prompted whether a web server should be configured and if the database should be configured making use of dbconfig-common.

If we selected to configure apache2, a virtual path /phpmyadmin will be added to the primary web site.

Configuring phpMyAdmin

To configure phpMyAdmin, we will host it on a secure virtual host on Apache.

Virtual Host settings

The virtual host will use the IP address 192.168.100.14, using the certificate in /etc/ssl/CA/certs/sitename.cert and the private key in /etc/ssl/CA/private/sitename.key.nopass. Authentication will also be required using a htpasswd file in /etc/apache2/security/htpasswd.sitename.

To create this htpasswd file, we execute the following command in a “root” shell.

htpasswd -c /etc/apache2/security/htpasswd.sitename admin

We will then be prompted to enter a password for the user admin, and using these credentials we will be able to access the phpMyAdmin web interface.

Virtual Host Configuration

<VirtualHost 192.168.100.14:80>
    RewriteEngine on
    ReWriteCond %{SERVER_PORT} !^443$
    RewriteRule ^/(.*) https://%{HTTP_HOST}/$1 [NC,R,L]
</VirtualHost>

<VirtualHost 192.168.100.14:443>
    ServerName sitename
    ServerAdmin webmaster@domain

    SSLEngine On
    SSLCertificateFile /etc/ssl/CA/certs/sitename.cert
    SSLCertificateKeyFile /etc/ssl/CA/private/sitename.key.nopass

    DocumentRoot /usr/share/phpmyadmin
    <Directory /usr/share/phpmyadmin>
        Options FollowSymLinks
        DirectoryIndex index.php
        <IfModule mod_php5.c>
            AddType application/x-httpd-php .php
            php_flag magic_quotes_gpc Off
            php_flag track_vars On
            php_flag register_globals Off
            php_admin_flag allow_url_fopen Off
            php_value include_path .
            php_admin_value upload_tmp_dir /var/lib/phpmyadmin/tmp
            php_admin_value open_basedir /usr/share/phpmyadmin/:/etc/phpmyadmin/:/var/lib/phpmyadmin/
        </IfModule>
        <IfModule mod_authn_file.c>
            AuthType Basic
            AuthName "MySQL Administration"
            AuthUserFile /etc/apache2/security/htpasswd.sitename
        </IfModule>
        Require valid-user
    </Directory>
    <Directory /usr/share/phpmyadmin/setup>
        Order Deny,Allow
        Deny from All
    </Directory>
    <Directory /usr/share/phpmyadmin/libraries>
        Order Deny,Allow
        Deny from All
    </Directory>

    ErrorLog ${APACHE_LOG_DIR}/sitename/error.log
    CustomLog ${APACHE_LOG_DIR}/sitename/access.log combined
</VirtualHost>

Enabling the Virtual Host

To enable the virtual host, we execute the following command in a “root” shell.

a2ensite sitename

To reload the configuration, we execute the following command in a “root” shell.

service apache2 reload

Installing a Certificate on a Virtual Host

To enable the use of multiple secure virtual hosts, we use name-based as well as ip-based virtual hosts. To setup the secure virtual host, we use the following template.

NameVirtualHost 192.168.100.xxx
<VirtualHost 192.168.100.xxx:443>
    ServerName sitename
    ServerAdmin webmaster@sitename

    SSLEngine On
    SSLCertificateFile /etc/ssl/CA/certs/sitename.cert
    SSLCertificateKeyFile /etc/ssl/CA/private/sitename.key.nopass

    BrowserMatch "MSIE [2-6]" \
        nokeepalive ssl-unclean-shutdown \
        downgrade-1.0 force-response-1.0
    BrowserMatch "MSIE [17-9]" ssl-unclean-shutdown

    DocumentRoot /home/www-data/sitename
    <Directory /home/www-data/sitename>
        Options SymLinksIfOwnerMatch
        AllowOverride AuthConfig
        Order allow,deny
        Allow from all
    </Directory>

    DirectoryIndex index.html
    ErrorDocument 404 /404.html

    ErrorLog ${APACHE_LOG_DIR}/sitename/error.log
    CustomLog ${APACHE_LOG_DIR}/sitename/access.log combined
</VirtualHost>

From the above, it is clear that we can setup a secure as well as a non-secure virtual host, whereby the non-secure virtual host would host general information and the secure virtual host the information exchange that requires encryption, e.g. the non-secure hosting a product catalogue and the secure hosting the payment component.

To ensure that the user always access the secure virtual host, we use the following template.

NameVirtualHost 192.168.100.xxx
<VirtualHost 192.168.100.xxx:80>
    RewriteEngine on
    ReWriteCond %{SERVER_PORT} !^443$
    RewriteRule ^/(.*) https://%{HTTP_HOST}/$1 [NC,R,L]
</VirtualHost>

<VirtualHost 192.168.100.xxx:443>
    ServerName sitename
    ServerAdmin webmaster@sitename

    SSLEngine On
    SSLCertificateFile /etc/ssl/CA/certs/sitename.cert
    SSLCertificateKeyFile /etc/ssl/CA/private/sitename.key.nopass

    BrowserMatch "MSIE [2-6]" \
        nokeepalive ssl-unclean-shutdown \
        downgrade-1.0 force-response-1.0
    BrowserMatch "MSIE [17-9]" ssl-unclean-shutdown

    DocumentRoot /home/www-data/sitename
    <Directory /home/www-data/sitename>
        Options SymLinksIfOwnerMatch
        AllowOverride AuthConfig
        Order allow,deny
        Allow from all
    </Directory>

    DirectoryIndex index.html
    ErrorDocument 404 /404.html

    ErrorLog ${APACHE_LOG_DIR}/sitename/error.log
    CustomLog ${APACHE_LOG_DIR}/sitename/access.log combined
</VirtualHost>

Setting up Apache Virtual Hosts

To enable the use of multiple virtual hosts, we use name-based as well as ip-based virtual hosts. To setup the virtual host, we use the following template.

NameVirtualHost 192.168.100.xxx
<VirtualHost 192.168.100.xxx>
    ServerName sitename
    ServerAdmin webmaster@sitename

    AccessFileName .htaccess
    DocumentRoot /home/www-data/sitename
    <Directory /home/www-data/sitename>
        Options SymLinksIfOwnerMatch
        AllowOverride AuthConfig
        Order allow,deny
        Allow from all
    </Directory>

    DirectoryIndex index.html
    ErrorDocument 404 /404.html

    ErrorLog ${APACHE_LOG_DIR}/sitename/error.log
    CustomLog ${APACHE_LOG_DIR}/sitename/access.log combined
</VirtualHost>

From the above template, we set sitename to the URL of the virtual host and create a directory for it, setting the ownership of it to www-data:www-data as well as granting the owner and group full access to it. We also create a directory under the main apache log files for the virtual host’s log files.

We create a phpinfo.php file in the root directory of the virtual host to ensure the availability and configuration of PHP on it. The content of the phpinfo.php file is the following.

<?php
phpinfo();
?>

To enable the virtual host, we execute the following command in a “root” shell.

a2ensite sitename

To reload the configuration, we reload the apache2 service by executing the following command in a “root” shell.

service apache2 reload

Installing Apache with PHP5 and SSL support on Debian 7.5

The web server component of our development server has multiple purposes in our environment and is used for

  • the development of client solutions;
  • the development of software products;
  • the hosting of version control software, namely Subversion and Mercurial; and
  • the hosting of project management software, including time and issue tracking, namely Redmine.

Installing Apache

We install the required packages by executing the following command in a “root” shell.

apt-get install apache2 apache2-doc

Installing PHP

To enable the processing of PHP scripts, we install PHP and the PHP Apache Module by executing the following command in a “root” shell.

apt-get install php5 libapache2-mod-php5 php-doc

Installing PHP Modules

To enable the use of some additional functionality in PHP, we install the PHP modules by executing the following command in a “root” shell.

Retrieving files

To enable the retrieval of files, we install the php5-curl package by executing the following command in a “root” shell.

apt-get install php5-curl

Handling graphics

To enable the handling of graphics, we install the php5-gd package by executing the following command in a “root” shell.

apt-get install php5-gd

The module supports the PNG, JPEG, XPM formats as well as Freetype/Truetype fonts.

Finding a Location

To enable the determination of the geographical location of an IP address, we install the php5-geoip package by executing the following command in a “root” shell.

apt-get install php5-geoip

Internationalisation

To enable internationalisation in PHP scripts, we install the php5-intl package by executing the following command in a “root” shell.

apt-get install php5-intl

Encryption

To enable encryption in PHP scripts, we install the php5-mcrypt package by executing the following command in a “root” shell.

apt-get install php5-mcrypt

Memcached

To enable memcached functionality in PHP scripts, we install the php5-memcache package by executing the following command in a “root” shell.

apt-get install php5-memcache

MySQL

To enable MySQL functionality in PHP scripts, we install the php5-mysql package by executing the following command in a “root” shell.

apt-get install php5-mysql

PostScript

To enable PostScript functionality in PHP scripts, we install the php5-ps package by executing the following command in a “root” shell.

apt-get install php5-ps

XML-RPC

To enable XML-RPC functionality in PHP scripts, we install the php5-xmlrpc package by executing the following command in a “root” shell.

apt-get install php5-xmlrpc

XSL parser

To enable the XSL parser functionality in PHP scripts, we install the php5-xsl package by executing the following command in a “root” shell.

apt-get install php5-xsl

PHP Extension and Application Repository

To enable the PHP Extension and Application Repository (PEAR), we install the php-pear package by executing the following command in a “root” shell.

apt-get install php-pear php5-dev
MongoDB

To add the MongoDB extension to the repository, we install the mongo extension by executing the following command in a “root” shell.

pecl install mongo

Once the extension has been compiled and installed, we need to register the extension by executing the following command in a “root” shell.

echo 'extension=mongo.so' > /etc/php5/conf.d/mongo.ini

Enabling SSL support

To enable SSL support for our web server, we execute the following command in a “root” shell.

a2enmod ssl

Once all configuration has been done, we need to restart the web server by executing the following command in a “root” shell.

service apache2 restart

Installing MySQL Server on Debian 7.5

The development server caters for the hosting of relational databases during the development of web-based applications.

Installing MySQL Server

We install the required packages by executing the following command in a “root” shell.

apt-get install mysql-server mysql-client

During installation, we will be prompted for a password for the MySQL “root” user – this password is valid for the user root@localhost and root@hostname.

Configuring MySQL Server

The configuration of MySQL Server is defined in the /etc/mysql/my.cnf file under the section [mysqld]. It is recommended to stop the daemon before making any configuration changes.

To stop the daemon, we stop the mysql service by executing the following command in a “root” shell.

service mysql stop

datadir

datadir         = /var/lib/mysql

By default, MySQL Server stores its databases under /var/lib/mysql. To store the databases under /home/mysql, we would move the current databases by executing the following command in a “root” shell.

mv /var/lib/mysql /home

To update the location, we set the value of datadir to /home/mysql in the /etc/mysql/my.cnf file.

datadir         = /home/mysql

port

port            = 3306

By default, MySQL Server listens on port 3306 for connections. By setting the value of port, MySQL Server can listen on a different port for connections.

bind-address

bind-address            = 127.0.0.1

By default, MySQL Server binds to the localhost IP address. By specifying an IP address for bind-address, MySQL Server will bind to that specific address.

bind-address            = 192.168.100.14

From the example above, MySQL Server will only bind to the IP address specified, namely 192.168.100.14.

To start the daemon, we start the mysql service by executing the following command in a “root” shell.

service mysql start