stura-infra/hosts/redmine

Redmine Host - Project Management

Redmine project management system at 141.56.51.15 running in an LXC container.

Overview

• Hostname: pro
• FQDN: pro.htw.stura-dresden.de
• IP Address: 141.56.51.15
• Type: Proxmox LXC Container
• Services: Redmine (Rails), Nginx (reverse proxy), OpenSSH

Services

Redmine

Redmine is a flexible project management web application:

• Port: 3000 (local only, not exposed)
• Database: SQLite (default NixOS configuration)
• SMTP relay: mail.htw.stura-dresden.de:25
• Image processing: ImageMagick enabled
• PDF support: Ghostscript enabled
• Auto-upgrade: Enabled (Redmine updates automatically)

Features:

• Issue tracking
• Project wikis
• Time tracking
• Gantt charts and calendars
• Multiple project support
• Role-based access control

Nginx

Nginx acts as a reverse proxy:

• Receives HTTPS requests (TLS termination)
• Forwards to Redmine on localhost:3000
• Manages ACME/Let's Encrypt certificates
• Default virtual host (catches all traffic to this IP)

Privacy configuration:

• Access logs: Disabled
• Error logs: Emergency level only (/dev/null emerg)

Email Delivery

SMTP is configured for email notifications:

• Delivery method: SMTP
• SMTP host: mail.htw.stura-dresden.de
• SMTP port: 25
• Authentication: None (internal relay)

Redmine can send notifications for:

• New issues
• Issue updates
• Comments
• Project updates

Deployment

See the main README for deployment methods.

Initial Installation

Using nixos-anywhere:

nix run github:nix-community/nixos-anywhere -- --flake .#redmine --target-host root@141.56.51.15

Using container tarball:

nix build .#containers-redmine
scp result/tarball/nixos-system-x86_64-linux.tar.xz root@proxmox-host:/var/lib/vz/template/cache/
pct create 115 /var/lib/vz/template/cache/nixos-system-x86_64-linux.tar.xz \
  --hostname pro \
  --net0 name=eth0,bridge=vmbr0,ip=141.56.51.15/24,gw=141.56.51.254 \
  --memory 2048 \
  --cores 2 \
  --rootfs local-lvm:10 \
  --unprivileged 1 \
  --features nesting=1
pct start 115

Updates

# From local machine
nixos-rebuild switch --flake .#redmine --target-host root@141.56.51.15

# Or use auto-generated script
nix run .#redmine-update

Post-Deployment Steps

After deploying for the first time:

1. Access the web interface:

   https://pro.htw.stura-dresden.de
   

2. Complete initial setup:

   • Log in with default admin credentials (admin/admin)
   • Immediately change the admin password
   • Configure basic settings (Settings → Administration)

3. Configure LDAP authentication (optional):

   • Navigate to Administration → LDAP authentication
   • Add LDAP server if using external identity provider
   • Configure attribute mapping

4. Set up projects:

   • Create projects via Administration → Projects → New project
   • Configure project modules (issues, wiki, time tracking, etc.)
   • Set up roles and permissions

5. Configure email notifications:

   • Administration → Settings → Email notifications
   • Verify SMTP settings are working
   • Set default email preferences
   • Test email delivery

6. Configure issue tracking:

   • Administration → Trackers (Bug, Feature, Support, etc.)
   • Administration → Issue statuses
   • Administration → Workflows

Integration with Proxy

The central proxy at 141.56.51.1 handles:

• SNI routing: Routes HTTPS traffic for pro.htw.stura-dresden.de
• HTTP routing: Routes HTTP traffic and redirects to HTTPS
• ACME challenges: Forwards certificate verification requests

This host manages its own ACME certificates. Nginx handles TLS termination.

Troubleshooting

SMTP connection issues

If email notifications are not being sent:

# Check Redmine email configuration
cat /var/lib/redmine/config/configuration.yml | grep -A 10 email_delivery

# Test SMTP connectivity
telnet mail.htw.stura-dresden.de 25

# View Redmine logs
tail -f /var/lib/redmine/log/production.log

# Check mail queue (if using local sendmail)
mailq

Solution: Verify the SMTP relay (mail.htw.stura-dresden.de) is reachable and accepting connections on port 25.

ImageMagick/Ghostscript paths

If image processing or PDF thumbnails fail:

# Check ImageMagick installation
which convert
/run/current-system/sw/bin/convert --version

# Check Ghostscript installation
which gs
/run/current-system/sw/bin/gs --version

# Test image conversion
/run/current-system/sw/bin/convert test.png -resize 100x100 output.png

# View Redmine logs for image processing errors
grep -i imagemagick /var/lib/redmine/log/production.log

Solution: ImageMagick and Ghostscript are enabled via NixOS config. Paths are automatically configured.

Database migration failures

If Redmine fails to start after an update:

# Check Redmine service status
systemctl status redmine

# View Redmine logs
journalctl -u redmine -f

# Manually run database migrations (if needed)
cd /var/lib/redmine
sudo -u redmine bundle exec rake db:migrate RAILS_ENV=production

# Check database schema version
sudo -u redmine bundle exec rake db:version RAILS_ENV=production

Solution: Auto-upgrade is enabled, but migrations can sometimes fail. Check logs for specific errors.

Nginx proxy configuration

If the web interface is unreachable:

# Check Nginx configuration
nginx -t

# Check Nginx status
systemctl status nginx

# View Nginx error logs
journalctl -u nginx -f

# Test local Redmine connection
curl http://127.0.0.1:3000

Solution: Verify Nginx is proxying correctly to localhost:3000 and that Redmine is running.

Redmine service not starting

If Redmine fails to start:

# Check service status
systemctl status redmine

# View detailed logs
journalctl -u redmine -n 100

# Check database file permissions
ls -l /var/lib/redmine/db/

# Check configuration
ls -l /var/lib/redmine/config/

# Try starting manually
cd /var/lib/redmine
sudo -u redmine bundle exec rails server -e production

Solution: Check logs for specific errors. Common issues include database permissions, missing gems, or configuration errors.

ACME certificate issues

If HTTPS is not working:

# Check ACME certificate status
systemctl status acme-pro.htw.stura-dresden.de

# View ACME logs
journalctl -u acme-pro.htw.stura-dresden.de -f

# Check certificate files
ls -l /var/lib/acme/pro.htw.stura-dresden.de/

# Manually trigger renewal
systemctl start acme-pro.htw.stura-dresden.de

Solution: Ensure DNS points to proxy (141.56.51.1) and the proxy forwards ACME challenges to this host.

Files and Directories

• Redmine home: /var/lib/redmine/
• Configuration: /var/lib/redmine/config/
  • configuration.yml - Email and general settings
  • database.yml - Database configuration
• Logs: /var/lib/redmine/log/production.log
• Database: /var/lib/redmine/db/ (SQLite)
• Files/attachments: /var/lib/redmine/files/
• Plugins: /var/lib/redmine/plugins/
• Themes: /var/lib/redmine/public/themes/

Network

• Interface: eth0 (LXC container)
• IP: 141.56.51.15/24
• Gateway: 141.56.51.254
• Firewall: Ports 22, 80, 443 allowed

Configuration Details

• Redmine version: Latest from NixOS 25.11
• Database: SQLite (default)
• Web server: Nginx (reverse proxy)
• Application server: Puma (default Rails server)
• Ruby version: Determined by NixOS Redmine package
• SMTP: mail.htw.stura-dresden.de:25
• ImageMagick: Enabled (minimagick)
• Ghostscript: Enabled (PDF support)
• Font: Liberation Sans Regular

Automatic Maintenance

• Auto-upgrade: Enabled (system automatically updates)
• Auto-reboot: Allowed (system may reboot for updates)
• Store optimization: Automatic
• Garbage collection: Automatic (delete older than 42 days)

Useful Commands

# Access Redmine console
cd /var/lib/redmine
sudo -u redmine bundle exec rails console -e production

# Run rake tasks
sudo -u redmine bundle exec rake <task> RAILS_ENV=production

# Database backup
sudo -u redmine cp /var/lib/redmine/db/production.sqlite3 /backup/redmine-$(date +%Y%m%d).sqlite3

# View running processes
ps aux | grep redmine

# Restart Redmine
systemctl restart redmine

See Also

• Main README - Deployment methods and architecture
• Proxy README - How the central proxy routes traffic
• Redmine Documentation
• Redmine Administration Guide
• NixOS Redmine Options