如何配置 Nginx 來運行 Redmine¶

這是我使用的 Nginx 和 Thin 設定，運作良好。這不是一份詳盡的安裝指南；它假設您已閱讀安裝說明並安裝了適用於您發行版的套件。

此設定為您提供四個 Thin 程序，用於並行處理請求，並在適當的位置轉發到 SSL，以確保登入安全。

首先，Thin -- 這是我在 /etc/thin/redmine.yml 中的內容

--- 
pid: tmp/pids/thin.pid
group: redmine
wait: 30
timeout: 30
log: log/thin.log
max_conns: 1024
require: []

environment: production
max_persistent_conns: 512
servers: 4
daemonize: true
user: redmine
socket: /tmp/thin.sock
chdir: /var/lib/redmine/redmine 

您必須將使用者/群組/chdir 變更為適合您設定的值。

接下來，是 nginx 設定。這不是一個詳盡的設定，只是相關的 server{} 部分。首先，是我的標準代理包含檔案 proxy.include，您將在 Redmine 特定部分中看到它被引用

    proxy_set_header   Host $http_host;                                                                                                                     
    proxy_set_header   X-Real-IP $remote_addr;                                                                                                                   
    proxy_set_header   X-Forwarded-For $proxy_add_x_forwarded_for;
    proxy_set_header   X-Forwarded-Proto $scheme;

    client_max_body_size       10m;
    client_body_buffer_size    128k;

    proxy_connect_timeout      90;
    proxy_send_timeout         90;
    proxy_read_timeout         90;

    proxy_buffer_size          4k;
    proxy_buffers              4 32k;
    proxy_busy_buffers_size    64k;
    proxy_temp_file_write_size 64k;

接下來，是實際的 nginx 設定

# Upstream Ruby process cluster for load balancing
upstream thin_cluster {
    server unix:/tmp/thin.0.sock;
    server unix:/tmp/thin.1.sock;
    server unix:/tmp/thin.2.sock;
    server unix:/tmp/thin.3.sock;
}

server {
    listen       your.ip.address.here:80;
    server_name  your.domain.name;

    access_log  /var/log/nginx/redmine-proxy-access;
    error_log   /var/log/nginx/redmine-proxy-error;

    include sites/proxy.include;
    root /var/lib/redmine/redmine/public;
    proxy_redirect off;

    # Send sensitive stuff via https
    rewrite ^/login(.*) https://your.domain.here$request_uri permanent;
    rewrite ^/my/account(.*) https://your.domain.here$request_uri permanent;
    rewrite ^/my/password(.*) https://your.domain.here$request_uri permanent;
    rewrite ^/admin(.*) https://your.domain.here$request_uri permanent;

    location / {
        try_files $uri/index.html $uri.html $uri @cluster;
    }

    location @cluster {
        proxy_pass http://thin_cluster;
    }
}

server {
    listen       your.ip.address.here:443;
    server_name  your.domain.here;

    access_log  /var/log/nginx/redmine-ssl-proxy-access;
    error_log   /var/log/nginx/redmine-ssl-proxy-error;

    ssl on;

    ssl_certificate /etc/ssl/startssl/your.domain.here.pem.full;
    ssl_certificate_key /etc/ssl/startssl/your.domain.here.key;

    include sites/proxy.include;
    proxy_redirect off;
    root /var/lib/redmine/redmine/public;

    # When we're back to non-sensitive things, send back to http
    rewrite ^/$ http://your.domain.here$request_uri permanent;

    # Examples of URLs we don't want to rewrite (otherwise 404 errors occur):
    # /projects/PROJECTNAME/archive?status=
    # /projects/copy/PROJECTNAME
    # /projects/PROJECTNAME/destroy

    # This should exclude those (tested here: http://www.regextester.com/ )
    if ($uri !~* "^/projects/.*(copy|destroy|archive)") {
        rewrite ^/projects(.*) http://your.domain.here$request_uri permanent;
    }

    rewrite ^/guide(.*) http://your.domain.here$request_uri permanent;
    rewrite ^/users(.*) http://your.domain.here$request_uri permanent;
    rewrite ^/my/page(.*) http://your.domain.here$request_uri permanent;
    rewrite ^/logout(.*) http://your.domain.here$request_uri permanent;

    location / {
        try_files $uri/index.html $uri.html $uri @cluster;
    }

    location @cluster {
        proxy_pass http://thin_cluster;
    }
}