Redmine on Gentoo with unicorn and nginx

com.example.redmine.conf

upstream redmine.example.com.backend {
  server unix:/var/lib/redmine/redmine/tmp/sockets/unicorn.sock;
}
server {
  listen 0.0.0.0:80;
  server_name redmine.example.com;
  return 301 https://$host$request_uri;
}
server {
  listen 0.0.0.0:443;
  server_name redmine.example.com;
  ssl on;
  ssl_certificate certs/redmine.example.com.crt;
  ssl_certificate_key certs/redmine.example.com.key;
  ssl_protocols SSLv3 TLSv1;
  ssl_ciphers HIGH:!ADH:!MD5;
  access_log /var/log/nginx/redmine.example.com/access.log main;
  error_log /var/log/nginx/redmine.example.com/error.log info;
  proxy_set_header Host $http_host;
  location / {
    client_max_body_size 50M;
    proxy_pass http://redmine.example.com.backend;
  }
}

configuration.yml

default:
  email_delivery:
    delivery_method: :smtp
    smtp_settings:
      enable_starttls_auto: false
      address: "example.com"
      port: 587
      authentication: :login
      domain: "redmine.example.com"
      user_name: "[email protected]"
      password: "PASS"
  attachments_storage_path:
  autologin_cookie_name:
  autologin_cookie_path:
  autologin_cookie_secure:
  scm_subversion_command:
  scm_mercurial_command:
  scm_git_command:
  scm_cvs_command:
  scm_bazaar_command:
  scm_darcs_command:
  database_cipher_key:
  rmagick_font_path:
production:
development:

database.yml

production:
  adapter: mysql2
  database: DBNAME
  host: localhost
  username: USER
  password: ****
  encoding: utf8

Gemfile.local

gem 'unicorn'

nginx.conf

user nginx nginx;
worker_processes 2;
error_log /var/log/nginx/error.log info;
events {
        worker_connections 1024;
        use epoll;
}
http {
        include /etc/nginx/mime.types;
        default_type application/octet-stream;
        log_format main
                '$remote_addr - $remote_user [$time_local] '
                '"$request" $status $bytes_sent '
                '"$http_referer" "$http_user_agent" '
                '"$gzip_ratio"';
        client_header_timeout 10m;
        client_body_timeout 10m;
        send_timeout 10m;
        connection_pool_size 256;
        client_header_buffer_size 1k;
        large_client_header_buffers 4 2k;
        request_pool_size 4k;
        gzip on;
        gzip_min_length 1100;
        gzip_buffers 4 8k;
        gzip_types text/plain;
        output_buffers 1 32k;
        postpone_output 1460;
        sendfile on;
        tcp_nopush on;
        tcp_nodelay on;
        keepalive_timeout 75 20;
        ignore_invalid_headers on;
        index index.html;
        server {
                listen 127.0.0.1;
                server_name localhost;
                access_log /var/log/nginx/localhost.access_log main;
                error_log /var/log/nginx/localhost.error_log info;
                root /var/www/localhost/htdocs;
        }
        include conf.d/*.conf;
}

unicorn

#!/sbin/runscript
# Copyright 1999-2014 Gentoo Foundation
# Distributed under the terms of the GNU General Public License v2
# $Header: $

description="Unicorn daemon"

UNICORN_USER="${UNICORN_USER:-unicorn}"
UNICORN_GROUP="${UNICORN_GROUP:-unicorn}"
UNICORN_NAME="${SVCNAME##*.}"
if [ -n "${UNICORN_NAME}" -a "${SVCNAME}" != "unicorn" ]; then
  description="${description} for ${UNICORN_NAME}"
  UNICORN_PID_FILE="/var/run/unicorn.${UNICORN_NAME}.pid"
  UNICORN_RB_DEFAULT="/etc/unicorn/${FLUENTD_NAME}.rb"
else
  UNICORN_PID_FILE="/var/run/unicorn.pid"
  UNICORN_RB_DEFAULT="/etc/unicorn/unicorn.rb"
fi
UNICORN_DIR="${UNICORN_DIR:-/var/lib/unicorn}"
UNICORN_RB="${UNICORN_RB:-${UNICORN_RB_DEFAULT}}"
UNICORN_WORKER_PROCESSES="${UNICORN_WORKER_PROCESSES:-4}"
UNICORN_BUNDLE_EXEC="${UNICORN_BUNDLE_EXEC:-/usr/local/bin/bundle}"
LD_PRELOAD_OPTS=""
if [ -f "/usr/lib64/libjemalloc.so" ]; then
  LD_PRELOAD_OPTS="/usr/lib64/libjemalloc.so"
fi

depend() {
  need net
}

start() {
  ebegin "Starting ${SVCNAME}"
  start-stop-daemon \
  --start \
  --chdir "${UNICORN_DIR}" \
  --user "${UNICORN_USER}" \
  --background \
  --make-pidfile --pidfile "${UNICORN_PID_FILE}" \
  --env PATH="${PATH}:$(dirname ${UNICORN_BUNDLE_EXEC})" \
  --env LD_PRELOAD="${LD_PRELOAD_OPTS}" \
  --env UNICORN_PID_FILE="${UNICORN_PID_FILE}" \
  --exec "${UNICORN_BUNDLE_EXEC}" \
  -- exec unicorn_rails -c "${UNICORN_RB}" -E production
  eend $?
}

stop() {
  ebegin "Stopping ${SVCNAME}"
  start-stop-daemon --stop --pidfile "${UNICORN_PID_FILE}"
  eend $?
}

unicorn.rb

worker_processes 4
listen "unix:tmp/sockets/unicorn.sock", :backlog => 64
timeout 30
stderr_path "log/unicorn.stderr.log"
stdout_path "log/unicorn.stdout.log"
preload_app true
GC.respond_to?(:copy_on_write_friendly=) and
  GC.copy_on_write_friendly = true
check_client_connection false
before_fork do |server, worker|
  defined?(ActiveRecord::Base) and
    ActiveRecord::Base.connection.disconnect!
end
after_fork do |server, worker|
  defined?(ActiveRecord::Base) and
    ActiveRecord::Base.establish_connection
end

unicorn.redmine

rc_need="nginx mysql"
UNICORN_USER="redmine"
UNICORN_GROUP="redmine"
UNICORN_DIR="/var/lib/redmine/redmine"
UNICORN_BUNDLE_EXEC="/var/lib/redmine/ruby/1.9.3-p547/bin/bundle"
UNICORN_RB="/var/lib/redmine/redmine/config/unicorn.rb"

• Create personal cert

# openssl genrsa -out certs/redmine.example.com.key 2048
# openssl req -new -key certs/redmine.example.com.key -out redmine.example.com.csr
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [AU]:JP
State or Province Name (full name) [Some-State]:Suginami
Locality Name (eg, city) []:Koenji
Organization Name (eg, company) [Internet Widgits Pty Ltd]:A Company Inc.
Organizational Unit Name (eg, section) []:Gentoo
Common Name (e.g. server FQDN or YOUR name) []:Hidenori MATSUKI
Email Address []:[email protected]
Please enter the following 'extra' attributes
to be sent with your certificate request
A challenge password []:
An optional company name []:
# openssl x509 -days 3650 -req -in certs/redmine.example.com.csr -signkey certs/redmine.example.com.key -out certs/redmine.example.com.crt

• Install ruby

# su - redmine -s /bin/bash
$ pwd
/var/lib/redmine
$ mkdir -p ruby/.tmp && cd ruby
$ TMPDIR=.tmp/ ruby-build 1.9.3-p547 1.9.3-p547

• Create red mine user

# useradd --system -d /var/lib/redmine -s /sbin/nologin redmine

• Directory tree (summary)

# tree -L 3 /var/lib/redmine/
/var/lib/redmine/
|-- redmine
|   |-- archives
|   |   |-- redmine-2.2.0.tar.gz
|   |   |-- redmine-2.4.5.tar.gz
|   |   `-- redmine-2.5.1.tar.gz
|   |-- redmine
|   |   |-- Gemfile.local
|   |   |-- (snip)
|   |   `-- vendor
`-- ruby
    |-- 1.9.3-p547
    `-- 2.0.0-p481