sameersbn/redmine

By sameersbn

Updated 6 days ago

Image

10M+

Docker Repository on Quay.ioJoin the chat at https://gitter.im/direktspeed/docker-redmine

Table of Contents

Introduction

Dockerfile to build a Redmine container image.

Version

Current Version: sameersbn/redmine:4.2.1-1

P.S.: If your installation depends on various third party plugins, please stick with 2.6.xx series to avoid breakage.

Contributing

If you find this image useful here's how you can help:

  • Send a Pull Request with your awesome new features and bug fixes
  • Help new users with Issues they may encounter
  • Support the development of this image with a donation

Issues

Docker is a relatively new project and is active being developed and tested by a thriving community of developers and testers and every release of docker features many enhancements and bugfixes.

Given the nature of the development and release cycle it is very important that you have the latest version of docker installed because any issue that you encounter might have already been fixed with a newer docker release.

Install the most recent version of the Docker Engine for your platform using the official Docker releases, which can also be installed using:

wget -qO- https://get.docker.com/ | sh

Fedora and RHEL/CentOS users should try disabling selinux with setenforce 0 and check if resolves the issue. If it does than there is not much that I can help you with. You can either stick with selinux disabled (not recommended by redhat) or switch to using ubuntu.

If using the latest docker version and/or disabling selinux does not fix the issue then please file a issue request on the issues page.

In your issue report please make sure you provide the following information:

  • The host distribution and release version.
  • Output of the docker version command.
  • Output of the docker info command.
  • The docker run command you used to run the image (mask out the sensitive bits).

Installation

Automated builds of the image are available on Dockerhub and is the recommended method of installation.

Note: Builds are also available on Quay.io

docker pull sameersbn/redmine:latest

Since version 2.4.2, the image builds are being tagged. You can now pull a particular version of redmine by specifying the version number. For example,

docker pull sameersbn/redmine:4.2.1-1

Alternately you can build the image yourself.

docker build -t sameersbn/redmine github.com/sameersbn/docker-redmine

Quick Start

The quickest way to get started is using docker-compose.

wget https://raw.githubusercontent.com/sameersbn/docker-redmine/master/docker-compose.yml
docker-compose up

Alternately, you can manually launch the redmine container and the supporting postgresql container by following this two step guide.

Step 1. Launch a postgresql container

docker run --name=postgresql-redmine -d \
  --env='DB_NAME=redmine_production' \
  --env='DB_USER=redmine' --env='DB_PASS=password' \
  --volume=/srv/docker/redmine/postgresql:/var/lib/postgresql \
  sameersbn/postgresql:9.6-4

Step 2. Launch the redmine container

docker run --name=redmine -d \
  --link=postgresql-redmine:postgresql --publish=10083:80 \
  --env='REDMINE_PORT=10083' \
  --volume=/srv/docker/redmine/redmine:/home/redmine/data \
  --volume=/srv/docker/redmine/redmine-logs:/var/log/redmine/ \
  sameersbn/redmine:4.2.1-1

NOTE: Please allow a minute or two for the Redmine application to start.

Point your browser to http://localhost:10083 and login using the default username and password:

  • username: admin
  • password: admin

Make sure you visit the Administration link and Load the default configuration before creating any projects.

You now have the Redmine application up and ready for testing. If you want to use this image in production the please read on.

The rest of the document will use the docker command line. You can quite simply adapt your configuration into a docker-compose.yml file if you wish to do so.

Configuration

Data Store

For the file storage we need to mount a volume at the following location.

  • /home/redmine/data
  • /var/log/redmine for server logs

NOTE

Existing users need to move the existing files directory inside /srv/docker/redmine/redmine/.

mkdir -p /srv/docker/redmine/redmine
mv /opt/redmine/files /srv/docker/redmine/redmine

SELinux users are also required to change the security context of the mount point so that it plays nicely with selinux.

mkdir -p /srv/docker/redmine/redmine
sudo chcon -Rt svirt_sandbox_file_t /srv/docker/redmine/redmine

Volumes can be mounted in docker by specifying the '-v' option in the docker run command.

docker run --name=redmine -it --rm \
  --volume=/srv/docker/redmine/redmine:/home/redmine/data \
  --volume=/srv/docker/redmine/redmine-logs:/var/log/redmine/ \
  sameersbn/redmine:4.2.1-1

Database

Redmine uses a database backend to store its data.

MySQL

Internal MySQL Server

The internal mysql server has been removed from the image. Please use a linked mysql or postgresql container instead or connect with an external mysql or postgresql server.

If you have been using the internal mysql server follow these instructions to migrate to a linked mysql container:

Assuming that your mysql data is available at /srv/docker/redmine/mysql

docker run --name=mysql-redmine -d \
  --volume=/srv/docker/redmine/mysql:/var/lib/mysql \
  sameersbn/mysql:5.7.22-1

This will start a mysql container with your existing mysql data. Now login to the mysql container and create a user for the existing redmine_production database.

All you need to do now is link this mysql container to the redmine container using the --link=mysql-redmine:mysql option and provide the DB_NAME, DB_USER and DB_PASS parameters.

Refer to Linking to MySQL Container for more information.

External MySQL Server

The image can be configured to use an external MySQL database instead of starting a MySQL server internally. The database configuration should be specified using environment variables while starting the Redmine image.

Before you start the Redmine image create user and database for redmine.

mysql -uroot -p
CREATE USER 'redmine'@'%.%.%.%' IDENTIFIED BY 'password';
CREATE DATABASE IF NOT EXISTS `redmine_production` DEFAULT CHARACTER SET `utf8` COLLATE `utf8_unicode_ci`;
GRANT SELECT, LOCK TABLES, INSERT, UPDATE, DELETE, CREATE, DROP, INDEX, ALTER ON `redmine_production`.* TO 'redmine'@'%.%.%.%';

We are now ready to start the redmine application.

docker run --name=redmine -it --rm \
  --env='DB_ADAPTER=mysql2' \
  --env='DB_HOST=192.168.1.100' --env='DB_NAME=redmine_production' \
  --env='DB_USER=redmine' --env='DB_PASS=password' \
  --volume=/srv/docker/redmine/redmine:/home/redmine/data \
  --volume=/srv/docker/redmine/redmine-logs:/var/log/redmine/ \
  sameersbn/redmine:4.2.1-1

This will initialize the redmine database and after a couple of minutes your redmine instance should be ready to use.

Linking to MySQL Container

You can link this image with a mysql container for the database requirements. The alias of the mysql server container should be set to mysql while linking with the redmine image.

If a mysql container is linked, only the DB_ADAPTER, DB_HOST and DB_PORT settings are automatically retrieved using the linkage. You may still need to set other database connection parameters such as the DB_NAME, DB_USER, DB_PASS and so on.

To illustrate linking with a mysql container, we will use the sameersbn/mysql image. When using docker-mysql in production you should mount a volume for the mysql data store. Please refer the README of docker-mysql for details.

First, lets pull the mysql image from the docker index.

docker pull sameersbn/mysql:5.7.22-1

For data persistence lets create a store for the mysql and start the container.

SELinux users are also required to change the security context of the mount point so that it plays nicely with selinux.

mkdir -p /srv/docker/redmine/mysql
sudo chcon -Rt svirt_sandbox_file_t /srv/docker/redmine/mysql

The run command looks like this.

docker run --name=mysql-redmine -d \
  --env='DB_NAME=redmine_production' \
  --env='DB_USER=redmine' --env='DB_PASS=password' \
  --volume=/srv/docker/redmine/mysql:/var/lib/mysql \
  sameersbn/mysql:5.7.22-1

The above command will create a database named redmine_production and also create a user named redmine with the password password with full/remote access to the redmine_production database.

We are now ready to start the redmine application.

docker run --name=redmine -it --rm --link=mysql-redmine:mysql \
  --volume=/srv/docker/redmine/redmine:/home/redmine/data \
  --volume=/srv/docker/redmine/redmine-logs:/var/log/redmine/ \
  sameersbn/redmine:4.2.1-1

Here the image will also automatically fetch the DB_NAME, DB_USER and DB_PASS variables from the mysql container as they are specified in the docker run command for the mysql container. This is made possible using the magic of docker links and works with the following images:

PostgreSQL

External PostgreSQL Server

The image also supports using an external PostgreSQL Server. This is also controlled via environment variables.

CREATE ROLE redmine with LOGIN CREATEDB PASSWORD 'password';
CREATE DATABASE redmine_production;
GRANT ALL PRIVILEGES ON DATABASE redmine_production to redmine;

We are now ready to start the redmine application.

docker run --name=redmine -it --rm \
  --env='DB_ADAPTER=postgresql' \
  --env='DB_HOST=192.168.1.100' --env='DB_NAME=redmine_production' \
  --env='DB_USER=redmine' --env='DB_PASS=password' \
  --volume=/srv/docker/redmine/redmine:/home/redmine/data \
  --volume=/srv/docker/redmine/redmine-logs:/var/log/redmine/ \
  sameersbn/redmine:4.2.1-1

This will initialize the redmine database and after a couple of minutes your redmine instance should be ready to use.

Linking to PostgreSQL Container

You can link this image with a postgresql container for the database requirements. The alias of the postgresql server container should be set to postgresql while linking with the redmine image.

If a postgresql container is linked, only the DB_ADAPTER, DB_HOST and DB_PORT settings are automatically retrieved using the linkage. You may still need to set other database connection parameters such as the DB_NAME, DB_USER, DB_PASS and so on.

To illustrate linking with a postgresql container, we will use the sameersbn/postgresql image. When using postgresql image in production you should mount a volume for the postgresql data store. Please refer the README of docker-postgresql for details.

First, lets pull the postgresql image from the docker index.

docker pull sameersbn/postgresql:9.6-4

For data persistence lets create a store for the postgresql and start the container.

SELinux users are also required to change the security context of the mount point so that it plays nicely with selinux.

mkdir -p /srv/docker/redmine/postgresql
sudo chcon -Rt svirt_sandbox_file_t /srv/docker/redmine/postgresql

The run command looks like this.

docker run --name=postgresql-redmine -d \
  --env='DB_NAME=redmine_production' \
  --env='DB_USER=redmine' --env='DB_PASS=password' \
  --volume=/srv/docker/redmine/postgresql:/var/lib/postgresql \
  sameersbn/postgresql:9.6-4

The above command will create a database named redmine_production and also create a user named redmine with the password password with access to the redmine_production database.

We are now ready to start the redmine application.

docker run --name=redmine -it --rm --link=postgresql-redmine:postgresql \
  --volume=/srv/docker/redmine/redmine:/home/redmine/data \
  --volume=/srv/docker/redmine/redmine-logs:/var/log/redmine/ \
  sameersbn/redmine:4.2.1-1

Here the image will also automatically fetch the DB_NAME, DB_USER and DB_PASS variables from the postgresql container as they are specified in the docker run command for the postgresql container. This is made possible using the magic of docker links and works with the following images:

Memcached (Optional)

This image can (optionally) be configured to use a memcached server to speed up Redmine. This is particularly useful when you have a large number users.

External Memcached Server

The image can be configured to use an external memcached server. The memcached server host and port configuration should be specified using environment variables MEMCACHE_HOST and MEMCACHE_PORT like so:

Assuming that the memcached server host is 192.168.1.100

docker run --name=redmine -it --rm \
  --env='MEMCACHE_HOST=192.168.1.100' --env='MEMCACHE_PORT=11211' \
  sameersbn/redmine:4.2.1-1
Linking to Memcached Container

Alternately you can link this image with a memcached container. The alias of the memcached server container should be set to memcached while linking with the redmine image.

To illustrate linking with a memcached container, we will use the sameersbn/memcached image. Please refer the README of docker-memcached for details.

First, lets pull and launch the memcached image from the docker index.

docker run --name=memcached-redmine -d sameersbn/memcached:1.5.6

Now you can link memcached to the redmine image:

docker run --name=redmine -it --rm --link=memcached-redmine:memcached \
  sameersbn/redmine:4.2.1-1
Mail

The mail configuration should be specified using environment variables while starting the redmine image. The configuration defaults to using gmail to send emails and requires the specification of a valid username and password to login to the gmail servers.

Please refer the Available Configuration Parameters section for the list of SMTP parameters that can be specified.

docker run --name=redmine -it --rm \
  --env='SMTP_USER=USER@gmail.com' --env='SMTP_PASS=PASSWORD' \
  --volume=/srv/docker/redmine/redmine:/home/redmine/data \
  --volume=/srv/docker/redmine/redmine-logs:/var/log/redmine/ \
  sameersbn/redmine:4.2.1-1

If you are not using google mail, then please configure the SMTP host and port using the SMTP_HOST and SMTP_PORT configuration parameters.

If you are using a google apps account with a custom domain (other than google.com), you need to set the SMTP_DOMAIN parameters or else you will get internal server error when doing an action that would normally send a mail.

Similary you can configure receiving emails using the IMAP_ configuration options. Please refer Available Configuration Parameters for details. When receiving emails is enabled users can comment on issues by replying to emails.

P.S. The receiving emails feature is only available since versions 2.6.6-2, 3.0.4-2 and 3.1.0-2. Refer the Changelog for details.

SSL

Access to the redmine application can be secured using SSL so as to prevent unauthorized access. While a CA certified SSL certificate allows for verification of trust via the CA, a self signed certificates can also provide an equal level of trust verification as long as each client takes some additional steps to verify the identity of your website. I will provide instructions on achieving this towards the end of this section.

To secure your application via SSL you basically need two things:

  • Private key (.key)
  • SSL certificate (.crt)

When using CA certified certificates, these files are provided to you by the CA. When using self-signed certificates you need to generate these files yourself. Skip the following section if you are armed with CA certified SSL certificates.

Jump to the Using HTTPS with a load balancer section if you are using a load balancer such as hipache, haproxy or nginx.

Generation of Self Signed Certificates

Generation of self-signed SSL certificates involves a simple 3 step procedure.

STEP 1: Create the server private key

openssl genrsa -out redmine.key 2048

STEP 2: Create the certificate signing request (CSR)

openssl req -new -key redmine.key -out redmine.csr

STEP 3: Sign the certificate using the private key and CSR

openssl x509 -req -days 365 -in redmine.csr -signkey redmine.key -out redmine.crt

Congratulations! you have now generated an SSL certificate thats valid for 365 days.

Strengthening the server security

This section provides you with instructions to strengthen your server security. To achieve this we need to generate stronger DHE parameters.

openssl dhparam -out dhparam.pem 2048

Installation of the SSL Certificates

Out of the four files generated above, we need to install the redmine.key, redmine.crt and dhparam.pem files at the redmine server. The CSR file is not needed, but do make sure you safely backup the file (in case you ever need it again).

The default path that the redmine application is configured to look for the SSL certificates is at /home/redmine/data/certs, this can however be changed using the SSL_KEY_PATH, SSL_CERTIFICATE_PATH and SSL_DHPARAM_PATH configuration options.

If you remember from above, the /home/redmine/data path is the path of the data store, which means that we have to create a folder named certs inside /srv/docker/redmine/redmine/ and copy the files into it and as a measure of security we will update the permission on the redmine.key file to only be readable by the owner.

mkdir -p /srv/docker/redmine/redmine/certs
cp redmine.key /srv/docker/redmine/redmine/certs/
cp redmine.crt /srv/docker/redmine/redmine/certs/
cp dhparam.pem /srv/docker/redmine/redmine/certs/
chmod 400 /srv/docker/redmine/redmine/certs/redmine.key

Great! we are now just one step away from having our application secured.

Enabling HTTPS support

HTTPS support can be enabled by setting the REDMINE_HTTPS option to true.

docker run --name=redmine -d \
  --publish=10083:80 --publish 10445:443 \
  --env='REDMINE_PORT=10445' --env='REDMINE_HTTPS=true' \
  --volume=/srv/docker/redmine/redmine:/home/redmine/data \
  --volume=/srv/docker/redmine/redmine-logs:/var/log/redmine/ \
  sameersbn/redmine:4.2.1-1

In this configuration, any requests made over the plain http protocol will automatically be redirected to use the https protocol. However, this is not optimal when using a load balancer.

Note: If startup prints SSL keys and certificates were not found. refer to SSL and verify you put the certs in the correct place. Unless your trying to setup for Using HTTPS with a load balancer

Configuring HSTS

HSTS if supported by the browsers makes sure that your users will only reach your server via HTTPS. When the user comes for the first time it sees a header from the server which states for how long from now this site should only be reachable via HTTPS - that's the HSTS max-age value.

With NGINX_HSTS_MAXAGE you can configure that value. The default value is 31536000 seconds. If you want to disable a already sent HSTS MAXAGE value, set it to 0.

docker run --name=redmine -d \
  --env='REDMINE_HTTPS=true' \
  --env='NGINX_HSTS_MAXAGE=2592000'
  --volume=/srv/docker/redmine/redmine:/home/redmine/data \
  --volume=/srv/docker/redmine/redmine-logs:/var/log/redmine/ \
  sameersbn/redmine:4.2.1-1

If you want to completely disable HSTS set NGINX_HSTS_ENABLED to false.

Using HTTPS with a load balancer

Load balancers like nginx/haproxy/hipache talk to backend applications over plain http and as such the installation of ssl keys and certificates are not required and should NOT be installed in the container. The SSL configuration has to instead be done at the load balancer. Hoewever, when using a load balancer you MUST set REDMINE_HTTPS to true.

With this in place, you should configure the load balancer to support handling of https requests. But that is out of the scope of this document. Please refer to Using SSL/HTTPS with HAProxy for information on the subject.

When using a load balancer, you probably want to make sure the load balancer performs the automatic http to https redirection. Information on this can also be found in the link above.

In summation, when using a load balancer, the docker command would look for the most part something like this:

docker run --name=redmine -d --publish=10083:80 \
  --env='REDMINE_HTTPS=true' \
  --vol

Docker Pull Command

docker pull sameersbn/redmine