操作
如何配置Nginx运行Redmine¶
以下是我使用的Nginx和Thin配置,它们对我来说效果很好。这不是一个详尽的安装指南;假设您已经阅读了安装说明并为您的发行版安装了适当的软件包。
此设置为您提供了四个用于并发处理请求的 Thin 进程,并在适当的位置转发到 SSL,以保持登录安全。
首先,是 Thin -- 下面是我的 /etc/thin/redmine.yml 文件中的内容
--- pid: tmp/pids/thin.pid group: redmine wait: 30 timeout: 30 log: log/thin.log max_conns: 1024 require: [] environment: production max_persistent_conns: 512 servers: 4 daemonize: true user: redmine socket: /tmp/thin.sock chdir: /var/lib/redmine/redmine
您需要根据您的设置更改用户/组/chdir 到适当的值。
接下来是 nginx 配置。这不是一个详尽的配置,只是相关的 server{} 部分。首先,我的标准代理包含文件 proxy.include,您将在 Redmine 特定部分的引用中看到它
proxy_set_header Host $http_host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
client_max_body_size 10m;
client_body_buffer_size 128k;
proxy_connect_timeout 90;
proxy_send_timeout 90;
proxy_read_timeout 90;
proxy_buffer_size 4k;
proxy_buffers 4 32k;
proxy_busy_buffers_size 64k;
proxy_temp_file_write_size 64k;
接下来是实际的 nginx 配置
# Upstream Ruby process cluster for load balancing
upstream thin_cluster {
server unix:/tmp/thin.0.sock;
server unix:/tmp/thin.1.sock;
server unix:/tmp/thin.2.sock;
server unix:/tmp/thin.3.sock;
}
server {
listen your.ip.address.here:80;
server_name your.domain.name;
access_log /var/log/nginx/redmine-proxy-access;
error_log /var/log/nginx/redmine-proxy-error;
include sites/proxy.include;
root /var/lib/redmine/redmine/public;
proxy_redirect off;
# Send sensitive stuff via https
rewrite ^/login(.*) https://your.domain.here$request_uri permanent;
rewrite ^/my/account(.*) https://your.domain.here$request_uri permanent;
rewrite ^/my/password(.*) https://your.domain.here$request_uri permanent;
rewrite ^/admin(.*) https://your.domain.here$request_uri permanent;
location / {
try_files $uri/index.html $uri.html $uri @cluster;
}
location @cluster {
proxy_pass http://thin_cluster;
}
}
server {
listen your.ip.address.here:443;
server_name your.domain.here;
access_log /var/log/nginx/redmine-ssl-proxy-access;
error_log /var/log/nginx/redmine-ssl-proxy-error;
ssl on;
ssl_certificate /etc/ssl/startssl/your.domain.here.pem.full;
ssl_certificate_key /etc/ssl/startssl/your.domain.here.key;
include sites/proxy.include;
proxy_redirect off;
root /var/lib/redmine/redmine/public;
# When we're back to non-sensitive things, send back to http
rewrite ^/$ http://your.domain.here$request_uri permanent;
# Examples of URLs we don't want to rewrite (otherwise 404 errors occur):
# /projects/PROJECTNAME/archive?status=
# /projects/copy/PROJECTNAME
# /projects/PROJECTNAME/destroy
# This should exclude those (tested here: http://www.regextester.com/ )
if ($uri !~* "^/projects/.*(copy|destroy|archive)") {
rewrite ^/projects(.*) http://your.domain.here$request_uri permanent;
}
rewrite ^/guide(.*) http://your.domain.here$request_uri permanent;
rewrite ^/users(.*) http://your.domain.here$request_uri permanent;
rewrite ^/my/page(.*) http://your.domain.here$request_uri permanent;
rewrite ^/logout(.*) http://your.domain.here$request_uri permanent;
location / {
try_files $uri/index.html $uri.html $uri @cluster;
}
location @cluster {
proxy_pass http://thin_cluster;
}
}
由 Deoren Moor 更新 13 年前 · 3 次修订