sameersbn/redmine
Dockerfile to build a Redmine container image.
Current Version: sameersbn/redmine:4.2.1-1
P.S.: If your installation depends on various third party plugins, please stick with 2.6.xx series to avoid breakage.
If you find this image useful here's how you can help:
Docker is a relatively new project and is active being developed and tested by a thriving community of developers and testers and every release of docker features many enhancements and bugfixes.
Given the nature of the development and release cycle it is very important that you have the latest version of docker installed because any issue that you encounter might have already been fixed with a newer docker release.
Install the most recent version of the Docker Engine for your platform using the official Docker releases, which can also be installed using:
wget -qO- https://get.docker.com/ | sh
Fedora and RHEL/CentOS users should try disabling selinux with setenforce 0
and check if resolves the issue. If it does than there is not much that I can help you with. You can either stick with selinux disabled (not recommended by redhat) or switch to using ubuntu.
If using the latest docker version and/or disabling selinux does not fix the issue then please file a issue request on the issues page.
In your issue report please make sure you provide the following information:
docker version
command.docker info
command.docker run
command you used to run the image (mask out the sensitive bits).Automated builds of the image are available on Dockerhub and is the recommended method of installation.
Note: Builds are also available on Quay.io
docker pull sameersbn/redmine:latest
Since version 2.4.2
, the image builds are being tagged. You can now pull a particular version of redmine by specifying the version number. For example,
docker pull sameersbn/redmine:4.2.1-1
Alternately you can build the image yourself.
docker build -t sameersbn/redmine github.com/sameersbn/docker-redmine
The quickest way to get started is using docker-compose.
wget https://raw.githubusercontent.com/sameersbn/docker-redmine/master/docker-compose.yml
docker-compose up
Alternately, you can manually launch the redmine
container and the supporting postgresql
container by following this two step guide.
Step 1. Launch a postgresql container
docker run --name=postgresql-redmine -d \
--env='DB_NAME=redmine_production' \
--env='DB_USER=redmine' --env='DB_PASS=password' \
--volume=/srv/docker/redmine/postgresql:/var/lib/postgresql \
sameersbn/postgresql:9.6-4
Step 2. Launch the redmine container
docker run --name=redmine -d \
--link=postgresql-redmine:postgresql --publish=10083:80 \
--env='REDMINE_PORT=10083' \
--volume=/srv/docker/redmine/redmine:/home/redmine/data \
--volume=/srv/docker/redmine/redmine-logs:/var/log/redmine/ \
sameersbn/redmine:4.2.1-1
NOTE: Please allow a minute or two for the Redmine application to start.
Point your browser to http://localhost:10083
and login using the default username and password:
Make sure you visit the Administration
link and Load the default configuration
before creating any projects.
You now have the Redmine application up and ready for testing. If you want to use this image in production the please read on.
The rest of the document will use the docker command line. You can quite simply adapt your configuration into a docker-compose.yml
file if you wish to do so.
For the file storage we need to mount a volume at the following location.
/home/redmine/data
/var/log/redmine
for server logsNOTE
Existing users need to move the existing files directory inside
/srv/docker/redmine/redmine/
.
mkdir -p /srv/docker/redmine/redmine mv /opt/redmine/files /srv/docker/redmine/redmine
SELinux users are also required to change the security context of the mount point so that it plays nicely with selinux.
mkdir -p /srv/docker/redmine/redmine
sudo chcon -Rt svirt_sandbox_file_t /srv/docker/redmine/redmine
Volumes can be mounted in docker by specifying the '-v' option in the docker run command.
docker run --name=redmine -it --rm \
--volume=/srv/docker/redmine/redmine:/home/redmine/data \
--volume=/srv/docker/redmine/redmine-logs:/var/log/redmine/ \
sameersbn/redmine:4.2.1-1
Redmine uses a database backend to store its data.
Internal MySQL Server
The internal mysql server has been removed from the image. Please use a linked mysql or postgresql container instead or connect with an external mysql or postgresql server.
If you have been using the internal mysql server follow these instructions to migrate to a linked mysql container:
Assuming that your mysql data is available at /srv/docker/redmine/mysql
docker run --name=mysql-redmine -d \
--volume=/srv/docker/redmine/mysql:/var/lib/mysql \
sameersbn/mysql:5.7.22-1
This will start a mysql container with your existing mysql data. Now login to the mysql container and create a user for the existing redmine_production
database.
All you need to do now is link this mysql container to the redmine container using the --link=mysql-redmine:mysql
option and provide the DB_NAME
, DB_USER
and DB_PASS
parameters.
Refer to Linking to MySQL Container for more information.
External MySQL Server
The image can be configured to use an external MySQL database instead of starting a MySQL server internally. The database configuration should be specified using environment variables while starting the Redmine image.
Before you start the Redmine image create user and database for redmine.
mysql -uroot -p
CREATE USER 'redmine'@'%.%.%.%' IDENTIFIED BY 'password';
CREATE DATABASE IF NOT EXISTS `redmine_production` DEFAULT CHARACTER SET `utf8` COLLATE `utf8_unicode_ci`;
GRANT SELECT, LOCK TABLES, INSERT, UPDATE, DELETE, CREATE, DROP, INDEX, ALTER ON `redmine_production`.* TO 'redmine'@'%.%.%.%';
We are now ready to start the redmine application.
docker run --name=redmine -it --rm \
--env='DB_ADAPTER=mysql2' \
--env='DB_HOST=192.168.1.100' --env='DB_NAME=redmine_production' \
--env='DB_USER=redmine' --env='DB_PASS=password' \
--volume=/srv/docker/redmine/redmine:/home/redmine/data \
--volume=/srv/docker/redmine/redmine-logs:/var/log/redmine/ \
sameersbn/redmine:4.2.1-1
This will initialize the redmine database and after a couple of minutes your redmine instance should be ready to use.
Linking to MySQL Container
You can link this image with a mysql container for the database requirements. The alias of the mysql server container should be set to mysql while linking with the redmine image.
If a mysql container is linked, only the DB_ADAPTER
, DB_HOST
and DB_PORT
settings are automatically retrieved using the linkage. You may still need to set other database connection parameters such as the DB_NAME
, DB_USER
, DB_PASS
and so on.
To illustrate linking with a mysql container, we will use the sameersbn/mysql image. When using docker-mysql in production you should mount a volume for the mysql data store. Please refer the README of docker-mysql for details.
First, lets pull the mysql image from the docker index.
docker pull sameersbn/mysql:5.7.22-1
For data persistence lets create a store for the mysql and start the container.
SELinux users are also required to change the security context of the mount point so that it plays nicely with selinux.
mkdir -p /srv/docker/redmine/mysql
sudo chcon -Rt svirt_sandbox_file_t /srv/docker/redmine/mysql
The run command looks like this.
docker run --name=mysql-redmine -d \
--env='DB_NAME=redmine_production' \
--env='DB_USER=redmine' --env='DB_PASS=password' \
--volume=/srv/docker/redmine/mysql:/var/lib/mysql \
sameersbn/mysql:5.7.22-1
The above command will create a database named redmine_production
and also create a user named redmine
with the password password
with full/remote access to the redmine_production
database.
We are now ready to start the redmine application.
docker run --name=redmine -it --rm --link=mysql-redmine:mysql \
--volume=/srv/docker/redmine/redmine:/home/redmine/data \
--volume=/srv/docker/redmine/redmine-logs:/var/log/redmine/ \
sameersbn/redmine:4.2.1-1
Here the image will also automatically fetch the DB_NAME
, DB_USER
and DB_PASS
variables from the mysql container as they are specified in the docker run
command for the mysql container. This is made possible using the magic of docker links and works with the following images:
External PostgreSQL Server
The image also supports using an external PostgreSQL Server. This is also controlled via environment variables.
CREATE ROLE redmine with LOGIN CREATEDB PASSWORD 'password';
CREATE DATABASE redmine_production;
GRANT ALL PRIVILEGES ON DATABASE redmine_production to redmine;
We are now ready to start the redmine application.
docker run --name=redmine -it --rm \
--env='DB_ADAPTER=postgresql' \
--env='DB_HOST=192.168.1.100' --env='DB_NAME=redmine_production' \
--env='DB_USER=redmine' --env='DB_PASS=password' \
--volume=/srv/docker/redmine/redmine:/home/redmine/data \
--volume=/srv/docker/redmine/redmine-logs:/var/log/redmine/ \
sameersbn/redmine:4.2.1-1
This will initialize the redmine database and after a couple of minutes your redmine instance should be ready to use.
Linking to PostgreSQL Container
You can link this image with a postgresql container for the database requirements. The alias of the postgresql server container should be set to postgresql while linking with the redmine image.
If a postgresql container is linked, only the DB_ADAPTER
, DB_HOST
and DB_PORT
settings are automatically retrieved using the linkage. You may still need to set other database connection parameters such as the DB_NAME
, DB_USER
, DB_PASS
and so on.
To illustrate linking with a postgresql container, we will use the sameersbn/postgresql image. When using postgresql image in production you should mount a volume for the postgresql data store. Please refer the README of docker-postgresql for details.
First, lets pull the postgresql image from the docker index.
docker pull sameersbn/postgresql:9.6-4
For data persistence lets create a store for the postgresql and start the container.
SELinux users are also required to change the security context of the mount point so that it plays nicely with selinux.
mkdir -p /srv/docker/redmine/postgresql
sudo chcon -Rt svirt_sandbox_file_t /srv/docker/redmine/postgresql
The run command looks like this.
docker run --name=postgresql-redmine -d \
--env='DB_NAME=redmine_production' \
--env='DB_USER=redmine' --env='DB_PASS=password' \
--volume=/srv/docker/redmine/postgresql:/var/lib/postgresql \
sameersbn/postgresql:9.6-4
The above command will create a database named redmine_production
and also create a user named redmine
with the password password
with access to the redmine_production
database.
We are now ready to start the redmine application.
docker run --name=redmine -it --rm --link=postgresql-redmine:postgresql \
--volume=/srv/docker/redmine/redmine:/home/redmine/data \
--volume=/srv/docker/redmine/redmine-logs:/var/log/redmine/ \
sameersbn/redmine:4.2.1-1
Here the image will also automatically fetch the DB_NAME
, DB_USER
and DB_PASS
variables from the postgresql container as they are specified in the docker run
command for the postgresql container. This is made possible using the magic of docker links and works with the following images:
This image can (optionally) be configured to use a memcached server to speed up Redmine. This is particularly useful when you have a large number users.
The image can be configured to use an external memcached server. The memcached server host and port configuration should be specified using environment variables MEMCACHE_HOST
and MEMCACHE_PORT
like so:
Assuming that the memcached server host is 192.168.1.100
docker run --name=redmine -it --rm \
--env='MEMCACHE_HOST=192.168.1.100' --env='MEMCACHE_PORT=11211' \
sameersbn/redmine:4.2.1-1
Alternately you can link this image with a memcached container. The alias of the memcached server container should be set to memcached while linking with the redmine image.
To illustrate linking with a memcached container, we will use the sameersbn/memcached image. Please refer the README of docker-memcached for details.
First, lets pull and launch the memcached image from the docker index.
docker run --name=memcached-redmine -d sameersbn/memcached:1.5.6
Now you can link memcached to the redmine image:
docker run --name=redmine -it --rm --link=memcached-redmine:memcached \
sameersbn/redmine:4.2.1-1
The mail configuration should be specified using environment variables while starting the redmine image. The configuration defaults to using gmail to send emails and requires the specification of a valid username and password to login to the gmail servers.
Please refer the Available Configuration Parameters section for the list of SMTP parameters that can be specified.
docker run --name=redmine -it --rm \
--env='SMTP_USER=USER@gmail.com' --env='SMTP_PASS=PASSWORD' \
--volume=/srv/docker/redmine/redmine:/home/redmine/data \
--volume=/srv/docker/redmine/redmine-logs:/var/log/redmine/ \
sameersbn/redmine:4.2.1-1
If you are not using google mail, then please configure the SMTP host and port using the SMTP_HOST
and SMTP_PORT
configuration parameters.
If you are using a google apps account with a custom domain (other than google.com), you need to set the SMTP_DOMAIN
parameters or else you will get internal server error when doing an action that would normally send a mail.
Similary you can configure receiving emails using the IMAP_
configuration options. Please refer Available Configuration Parameters for details. When receiving emails is enabled users can comment on issues by replying to emails.
P.S. The receiving emails feature is only available since versions 2.6.6-2
, 3.0.4-2
and 3.1.0-2
. Refer the Changelog for details.
Access to the redmine application can be secured using SSL so as to prevent unauthorized access. While a CA certified SSL certificate allows for verification of trust via the CA, a self signed certificates can also provide an equal level of trust verification as long as each client takes some additional steps to verify the identity of your website. I will provide instructions on achieving this towards the end of this section.
To secure your application via SSL you basically need two things:
When using CA certified certificates, these files are provided to you by the CA. When using self-signed certificates you need to generate these files yourself. Skip the following section if you are armed with CA certified SSL certificates.
Jump to the Using HTTPS with a load balancer section if you are using a load balancer such as hipache, haproxy or nginx.
Generation of Self Signed Certificates
Generation of self-signed SSL certificates involves a simple 3 step procedure.
STEP 1: Create the server private key
openssl genrsa -out redmine.key 2048
STEP 2: Create the certificate signing request (CSR)
openssl req -new -key redmine.key -out redmine.csr
STEP 3: Sign the certificate using the private key and CSR
openssl x509 -req -days 365 -in redmine.csr -signkey redmine.key -out redmine.crt
Congratulations! you have now generated an SSL certificate thats valid for 365 days.
Strengthening the server security
This section provides you with instructions to strengthen your server security. To achieve this we need to generate stronger DHE parameters.
openssl dhparam -out dhparam.pem 2048
Installation of the SSL Certificates
Out of the four files generated above, we need to install the redmine.key
, redmine.crt
and dhparam.pem
files at the redmine server. The CSR file is not needed, but do make sure you safely backup the file (in case you ever need it again).
The default path that the redmine application is configured to look for the SSL certificates is at /home/redmine/data/certs
, this can however be changed using the SSL_KEY_PATH
, SSL_CERTIFICATE_PATH
and SSL_DHPARAM_PATH
configuration options.
If you remember from above, the /home/redmine/data
path is the path of the data store, which means that we have to create a folder named certs inside /srv/docker/redmine/redmine/
and copy the files into it and as a measure of security we will update the permission on the redmine.key
file to only be readable by the owner.
mkdir -p /srv/docker/redmine/redmine/certs
cp redmine.key /srv/docker/redmine/redmine/certs/
cp redmine.crt /srv/docker/redmine/redmine/certs/
cp dhparam.pem /srv/docker/redmine/redmine/certs/
chmod 400 /srv/docker/redmine/redmine/certs/redmine.key
Great! we are now just one step away from having our application secured.
Enabling HTTPS support
HTTPS support can be enabled by setting the REDMINE_HTTPS
option to true
.
docker run --name=redmine -d \
--publish=10083:80 --publish 10445:443 \
--env='REDMINE_PORT=10445' --env='REDMINE_HTTPS=true' \
--volume=/srv/docker/redmine/redmine:/home/redmine/data \
--volume=/srv/docker/redmine/redmine-logs:/var/log/redmine/ \
sameersbn/redmine:4.2.1-1
In this configuration, any requests made over the plain http protocol will automatically be redirected to use the https protocol. However, this is not optimal when using a load balancer.
Note: If startup prints SSL keys and certificates were not found.
refer to SSL and verify you put the certs in the correct place. Unless your trying to setup for Using HTTPS with a load balancer
Configuring HSTS
HSTS if supported by the browsers makes sure that your users will only reach your server via HTTPS. When the user comes for the first time it sees a header from the server which states for how long from now this site should only be reachable via HTTPS - that's the HSTS max-age value.
With NGINX_HSTS_MAXAGE
you can configure that value. The default value is 31536000
seconds. If you want to disable a already sent HSTS MAXAGE value, set it to 0
.
docker run --name=redmine -d \
--env='REDMINE_HTTPS=true' \
--env='NGINX_HSTS_MAXAGE=2592000'
--volume=/srv/docker/redmine/redmine:/home/redmine/data \
--volume=/srv/docker/redmine/redmine-logs:/var/log/redmine/ \
sameersbn/redmine:4.2.1-1
If you want to completely disable HSTS set NGINX_HSTS_ENABLED
to false
.
Using HTTPS with a load balancer
Load balancers like nginx/haproxy/hipache talk to backend applications over plain http and as such the installation of ssl keys and certificates are not required and should NOT be installed in the container. The SSL configuration has to instead be done at the load balancer. Hoewever, when using a load balancer you MUST set REDMINE_HTTPS
to true
.
With this in place, you should configure the load balancer to support handling of https requests. But that is out of the scope of this document. Please refer to Using SSL/HTTPS with HAProxy for information on the subject.
When using a load balancer, you probably want to make sure the load balancer performs the automatic http to https redirection. Information on this can also be found in the link above.
In summation, when using a load balancer, the docker command would look for the most part something like this:
docker run --name=redmine -d --publish=10083:80 \
--env='REDMINE_HTTPS=true' \
--vol
docker pull sameersbn/redmine