#!/bin/bash
# env
REDMINE_VERSION="3.2.0"
# FireWall
systemctl enable firewalld.service
systemctl start firewalld.service
firewall-cmd --add-service=http --zone=public --permanent
firewall-cmd --add-service=https --zone=public --permanent
firewall-cmd --reload
# ssh disable password authentication
sed -i 's/^PasswordAuthentication yes/PasswordAuthentication no/' /etc/ssh/sshd_config
systemctl restart sshd.service
# Time zone
/bin/cp -p /usr/share/zoneinfo/Japan /etc/localtime
echo 'ZONE="Asia/Tokyo"' > /etc/sysconfig/clock
echo 'UTC=false' >> /etc/sysconfig/clock
# Yum
## Utility
yum install -y \
bash-completion \
bind-utils \
lsof \
net-tools \
screen \
sos \
sysstat
## Editor
yum install -y \
vim-enhanced
## MariaDB
yum install -y mariadb mariadb-server mariadb-devel
## DevTools
yum -y groupinstall "Development Tools"
## for Redmine
yum -y install openssl-devel readline-devel zlib-devel curl-devel libyaml-devel libffi-devel
yum -y install ImageMagick ImageMagick-devel ipa-pgothic-fonts
yum -y install ruby ruby-devel rubygems
# MariaDB Settings
mv /etc/my.cnf /etc/my.cnf.org
curl -OL https://raw.githubusercontent.com/kazuhisya/SL-Redmine/master/conf/mariadb-my.cnf
mv mariadb-my.cnf /etc/my.cnf
# Service Enable and Start
systemctl enable mariadb.service
systemctl start mariadb.service
# Create MariaDB Password
PASS=`date +%s | sha256sum | base64 | head -c 32`
echo $PASS > /root/db_password.txt
# Create Redmine DB
/usr/bin/mysql -e "CREATE DATABASE redmine DEFAULT CHARACTER SET utf8;" -D mysql
/usr/bin/mysql -e "GRANT ALL PRIVILEGES ON redmine.* TO redmine@'%' IDENTIFIED BY '${PASS}';" -D mysql
# mysql_secure_installation
/usr/bin/mysqladmin drop test -f
/usr/bin/mysql -e "DELETE FROM mysql.user WHERE User = '';" -D mysql
/usr/bin/mysql -e "DELETE FROM mysql.user WHERE User='root' AND Host NOT IN ('localhost', '127.0.0.1', '::1');" -D mysql
/usr/bin/mysql -e "SET PASSWORD FOR 'root'@'::1' = PASSWORD('${PASS}');" -D mysql
/usr/bin/mysql -e "SET PASSWORD FOR 'root'@'127.0.0.1' = PASSWORD('${PASS}');" -D mysql
/usr/bin/mysql -e "SET PASSWORD FOR 'root'@'localhost' = PASSWORD('${PASS}');" -D mysql
/usr/bin/mysqladmin flush-privileges -p${PASS}
# Ruby Gems
echo "gem: --no-ri --no-rdoc --user-install" > /root/.gemrc
echo "export PATH=\"\$HOME/.gem/ruby/bin:\$PATH\"" >> /root/.bashrc
export PATH="$HOME/.gem/ruby/bin:$PATH"
gem install bundler
# Redmine Download
curl -OL http://www.redmine.org/releases/redmine-${REDMINE_VERSION}.tar.gz
tar xvf redmine-${REDMINE_VERSION}.tar.gz
mv redmine-${REDMINE_VERSION} /var/lib/redmine
# Redmine Settings
cat << EOF | tee /var/lib/redmine/config/database.yml > /dev/null
production:
adapter: mysql2
database: redmine
host: localhost
username: root
password: "$PASS"
encoding: utf8
EOF
cp /var/lib/redmine/config/configuration.yml.example /var/lib/redmine/config/configuration.yml
sed -i -e 's/ rmagick_font_path:/ rmagick_font_path: \/usr\/share\/fonts\/ipa-pgothic\/ipagp.ttf/' /var/lib/redmine/config/configuration.yml
curl -OL https://raw.githubusercontent.com/kazuhisya/SL-Redmine/master/conf/redmine-config.ru
mv /var/lib/redmine/config.ru /tmp/config.ru
mv redmine-config.ru /var/lib/redmine/config.ru
# Redmine Install
cd /var/lib/redmine
echo "gem \"unicorn\"" > Gemfile.local
bundle install --without development test --path vendor/bundle
bundle exec rake generate_secret_token
RAILS_ENV=production bundle exec rake db:migrate
RAILS_ENV=production REDMINE_LANG=ja bundle exec rake redmine:load_default_data
# Unicorn Settings
cat << EOF | tee config/unicorn.rb > /dev/null
working_directory "/var/lib/redmine"
pid "/var/lib/redmine/tmp/pids/unicorn.pid"
stderr_path "/var/lib/redmine/log/unicorn.log"
stdout_path "/var/lib/redmine/log/unicorn.log"
listen "/var/lib/redmine/tmp/sockets/unicorn.sock"
worker_processes 2
timeout 30
EOF
cat << EOF | tee /usr/lib/systemd/system/redmine-unicorn.service > /dev/null
[Unit]
Description=Redmine Unicorn Server
[Service]
WorkingDirectory=/var/lib/redmine
Environment=RAILS_ENV=production
SyslogIdentifier=redmine-unicorn
PIDFile=/var/lib/redmine/tmp/pids/unicorn.pid
User=root
Group=root
ExecStart=/root/.gem/ruby/bin/bundle exec "unicorn_rails -c config/unicorn.rb -E production --path /redmine"
ExecStop=/usr/bin/kill -QUIT \$MAINPID
ExecReload=/bin/kill -USR2 \$MAINPID
[Install]
WantedBy=multi-user.target
EOF
systemctl enable redmine-unicorn.service
systemctl start redmine-unicorn.service
# Nginx Repository
cat << EOF | tee /etc/yum.repos.d/nginx-mainline.repo > /dev/null
[nginx-mainline]
name=nginx mainline repo
baseurl=http://nginx.org/packages/mainline/centos/7/x86_64/
gpgcheck=0
enabled=1
EOF
# Hack for Nginx
echo 'net.ipv4.tcp_tw_recycle = 1' >> /etc/sysctl.conf
echo 'net.ipv4.tcp_tw_reuse = 1' >> /etc/sysctl.conf
echo 'net.ipv4.tcp_max_syn_backlog = 100000' >> /etc/sysctl.conf
echo 'net.netfilter.nf_conntrack_max = 100000' >> /etc/sysctl.conf
echo 'net.nf_conntrack_max = 100000' >> /etc/sysctl.conf
echo 'fs.file-max = 320000' >> /etc/sysctl.conf
sysctl -p
# Install Nginx
yum install -y nginx
sed -i 's/worker_processes 1;/worker_processes auto;/' /etc/nginx/nginx.conf
curl -OL https://raw.githubusercontent.com/kazuhisya/SL-Redmine/master/conf/nginx-redmine.conf
mv /etc/nginx/conf.d/default.conf /etc/nginx/conf.d/default.conf.org
mv nginx-redmine.conf /etc/nginx/conf.d/redmine.conf
ln -s /var/lib/redmine/public /usr/share/nginx/html/redmine
mv /usr/share/nginx/html/index.html /tmp/index.html
cat << EOF | tee /usr/share/nginx/html/index.html > /dev/null
EOF
# Make SSL
mkdir -p /etc/nginx/conf.d/ssl
COMMONNAME=`curl -k https://api.service.softlayer.com/rest/v3/SoftLayer_Resource_Metadata/getFullyQualifiedDomainName 2> /dev/null | sed -n -e 's/^"\(.*\)"$/\1/p'`
openssl genrsa 2048 -sha256 > /etc/nginx/conf.d/ssl/server.key
openssl req -new -sha256 -key /etc/nginx/conf.d/ssl/server.key < /etc/nginx/conf.d/ssl/server.csr
JP
Tokyo
Example Town
Example Company
Example Section
$COMMONNAME
EOF
openssl x509 -days 3650 -req -sha256 -signkey /etc/nginx/conf.d/ssl/server.key < /etc/nginx/conf.d/ssl/server.csr > /etc/nginx/conf.d/ssl/server.crt
openssl x509 -in /etc/nginx/conf.d/ssl/server.crt -inform PEM -out /etc/nginx/conf.d/ssl/server.der -outform DER
# Nginx Start
systemctl enable nginx.service
systemctl start nginx.service