26 September 2010

RedMine (Synology)

RedMine is a great project/content management targeted at developers. I'm personnally using it as a complementary tool alongside Mercurial source code repository (cf previous posts):

And after a terrible fight, i managed to get Redmine running on my Synology through Apache.

First, Redmine is coded with Ruby, and that's partially a problem concerning the webserver to run this Web App. CGI interface is deprecated, and Mongrel, Thin, Unicorn, FastCGI gems (which are the usual suspects :)) are not built for our plateform. After spending some days trying, i resign myself using Webrick (which is not intended for production use, but for development, anyways it's working out of the box).

Using Webrick, our ruby webapp will run standalone, accessible via http port 3000. If you want to use Apache to access it (because you cant access port 3000 from the outside, because you need secured transations) you'll need to set 'reverse proxying' to map one of your Apache web directory (https://diskstation/redmine/ ) to Webrick server.

The most important about this installation is these references
http://wiki.joachimschuster.de/index.php/Install_Ruby_on_Rails_and_Redmine_on_DS210%2B
(choose the 'root install' way)
http://www.vinc3nt.fr/2010/03/installer-redmine-sur-un-synology-ds209ii/
(in french, use a dedicated redmine user which complicates things a little)
http://www.redmine.org/wiki/redmine/RedmineInstall
(Redmine official install howto)
http://www.redmine.org/wiki/1/HowTo_Install_Redmine_in_a_sub-URI
(and finally to connect the running instance with Apache)

To write it again, the steps are:

  Setup MySQL (no other backend look usable right now)

    Activate MySQL services with Synology Console
    Create a 'redmine' database in MySQL (via phpmyadmin)
http://forum.synology.com/wiki/index.php/How_to_manage_the_MySQL_database_using_phpMyAdmin
(unzip phpmyadmin into shared web. copy phpmyadmin\config.sample.inc.php into config.inc.php, and add these ''. then flag it as read only.
go on http://diskstation/phpmyadmin
  in privileges:
    create user in mysql db
    check 'create database for user + all credentials'
  Install 'Ruby and the gems'
ipkg install rubygems
  Install the right version of Rake and Rails (long process => coffee time):
gem install rails -v 2.3.5
gem install rack -v 1.0.1
  Plug Ruby with MySQL, using an adapter:
cd /tmp
check http://github.com/tmtm/ruby-mysql/downloads
wget http://github.com/downloads/tmtm/ruby-mysql/ruby-mysql-2.9.3-beta.tar.gz
tar -xzvf ruby-mysql-2.9.3-beta.tar.gz
cd ruby-mysql-2.9.3-beta/
ruby setup.rb
  Download and configure Redmine (http://www.redmine.org/wiki/redmine/RedmineInstall)
mkdir /volume1/apps/
cd /volume1/apps
wget http://rubyforge.org/frs/download.php/72201/redmine-1.0.1.tar.gz
tar -xzvf redmine-1.0.1.tar.gz
mv redmine-1.0.1 redmine
chown -R nobody:users redmine/
cp config/database.yml.sample config/database.yml
nano config/database.yml
(enter MySQL credential) 
  Session Key creation &  Database init
RAILS_ENV=production rake config/initializers/session_store.rb
RAILS_ENV=production rake db:migrate
  You should be able to launch Redmine from this point, with the command line.
ruby /volume1/apps/redmine/script/server -e production
   Create a startup script, daemonizing redmine:
nano /opt/etc/init.d/S97rubyrails.sh
#!/bin/ash
  case "$1" in
   start)
     /opt/bin/ruby /volume1/rubyapps/redmine/script/server webrick -d -e production
   ;;
   stop)
     killall ruby
   ;;
   restart)
     $0 stop
     sleep 1
     $0 start
   ;;
   *)
     echo “usage: $0 { start | stop | restart}” &>2
     exit 1
   ;;
   esac
don't forget to chmod 755 S97rubyrails.sh
  Now, you can access redmine via  http://synology:3000 .
But Let's go one step further by implementing a proxy within Apache. The proxy thing helps if you need access to your redmine setup through the default syno apache frontend: it makes sense when you're enforcing security with passwords (Apache style), or only want to open your 80 port in your firewall.

  Finally, Reverse Proxying with Apache:

    Add this to /usr/syno/apache/conf/httpd.conf-user
LoadModule proxy_module modules/mod_proxy.so
LoadModule proxy_http_module  modules/mod_proxy_http.so
ProxyRequests Off
ProxyPreserveHost On
ProxyPass /redmine/ http://127.0.0.1:3000/
ProxyPassReverse /redmine/ http://127.0.0.1:3000/
Apache server restart
/usr/syno/etc.defaults/rc.d/S97apache-user.sh restart
  And finally the most important part: tell Redmine to prefix every url with a 'redmine/'when generating pages:
Add the following line at the end of your Redmine config/environment.rb
Redmine::Utils::relative_url_root = "/redmine"
  Done ! Hopefully. Access to redmine via http://synology.ip/redmine

  Final note: after some time on using RedMine, i wouldn't recommend using it on a low-end synology. As an example, my DS-107+ really takes age at updating project wiki pages. In fact, i ended using the NAS as a gateway between the outside, and some other private servers running on my private network... Next post should about this.

20 September 2010

Mercurial on Synology (hg web)



I switched from a single Mercurial repository configuration (cf previous post) to one-per-project-so-multiple-repositories on my Synology.

All my projects would be stored on NAS, located under a specific directory  /volume1/repos , and browsable through internet at http://diskstation/hg

I was using ssh until now but someone suggested an hg web configuration: so, basically we are going to configure the native Apache web server to allow Mercurial transactions *and repositories browsing* via http/https.


This is how i did it, the 'minimal Apache fuss' way, dealing with a dedicated web directory via .htaccess/.htpasswd files: it's far from perfect, security speaking, as it does not follow every Apache recommendations. 
Sorry, but i didn't want to cripple this How-To with too much external considerations.

1) Requirements:
  • being able to telnet into your synology box
  • being able to ipkg packages
  • having mercurial installed
  • having nano installed, or mastering vi
  (cf previous post)

Note:
  • to edit text files, install nano with ipkg install nano
  • if you're editing files into windows through shared directories (using pspad ?) dont forget to save files the unix way (CR). Or Apache will fail @ parsing them.
2) Enable Web Service on Synology:
      Apache web service should now be 'live', and you should have a new 'web' shared directory in /volume1/web or /var/services/web (both paths are identical).

3) Creating a directory of Repositories (with correct credentials):
  • telnet into your diskstation, and type
    mkdir /volume1/repos/hg
    chown -R nobody:users /volume1/repos
  hgweb/apache would have problems to access repos otherwise (Error: abort: HTTP Error 500: Permission denied: .hg/store/lock), as processes are spawned with nobody:users credentials (check this with 'ps', looking at httpd processes group and user).
   could be good to create a shared repos/ directory (via syno control panel).
  • now create a /volume1/repos/hg/test repository, type :
     cd /volume1/repos/hg
     hg init test
     cd test
     nano test.txt (write some and save)
     hg add test.txt
     hg commit -u yourname -m first
  • create a /volume1/web/hg subdirectory
      cd /volume1/web
      mkdir hg
 
4) Time for Script and Config 
  • create a .htaccess file to allow script executions in /volume1/web/hg/.htaccess
    cd /volume1/web/hg (or cd /var/services/web/hg)
    nano .htaccess

    (.htaccess is an Apache config file specifying options for this specific directory
  • insert this:
AddHandler cgi-script .cgi
Options +FollowSymLinks +ExecCGI

AuthUserFile /var/services/web/hg/.htpasswd
AuthName "Protected Access"
AuthType Basic

Require valid-user
  In this directory, Apache is allowed to execute cgi scripts and will protect access with login/passwords. If you don't want a password protected directory, erase all but the two first lines.
  Then, to password access /volume1/web/hg/:
  • create a .htpasswd file in /volume1/web/hg/ to store login info
    cd /volume1/web/hg    

    nano .htpasswd
  now, get and modify the Mercurial web cgi script (into /volume1/web/hg)
  • get mercurial hgweb.cgi from there or via
      cd /volume1/web/hg 
    wget http://www.selenic.com/repo/hg-stable/raw-file/7cf258b2d0cc/hgweb.cgi 
  • rename it into index.cgi
      mv hgweb.cgi index.cgi 
  • flag this python script as executable, and assign credentials (thx anon)
      chmod u+x index.cgi 
      chown -R nobody:users index.cgi
  • create a symbolic link to your favorite python executable: 
      ln /opt/bin/python2.6 /opt/bin/python
  • change /volume1/web/hg/index.cgi first line to: 
     #!/opt/bin/python
  • change in index.cgi (thx Mike):
config = "/var/services/web/hg/hgweb.config"
  • create hgweb config file in /volume1/web/hg/hgweb.config
     nano /volume1/web/hg/hgweb.config
  • write
[collections]
/volume1/repos/hg = /volume1/repos/hg
this config file is parsed by hgweb.cgi (now index.cgi), and will allow it to scan the whole directory to build the repository list. They are other options to play with.
5?) Optionally, error feedbacks from Apache: 
  • edit apache config /usr/syno/apache/conf/httpd.conf-user
      nano /usr/syno/apache/conf/httpd.conf-user
  • to get log informations, change the line
      ErrorLog /dev/null
    into
      ErrorLog /var/log/httpd-error-user.log
  • save and restart apache
      /usr/syno/etc.defaults/rc.d/S97apache-user.sh restart
  • then, to access apache log
     cat /var/log/httpd-error-user.log|more

Final notes: 
  Use the latter two to pull/push changes from/into other repos.
  Mercurial pushes are only allowed through https: it's possible to change this behavior in hgweb.config. Otherwise, dont forget to open your router to port 443 transactions.
  And yes it's working: i'm using it every day :)
  With Redmine. Next post should be totally about RedMine.

References: