1

So I'm working on a Redmine deployment that has two web servers and one back end MySQL database.

The plan is to stick one inside our network and do LDAP integrated logins.

The other one goes out on our DMZ and will use the shared MySQL database for auth (only Redmine defined logins).

The only issue so far I've theoretically ran into is the /files folder, all files that get uploaded go to this folder. So I have some possible ideas:

  1. Set up a sync between the two folders (no clue as to the limitations of this as the folders get crowded).
  2. Proxy the internal Redmine (so LDAP doesn't have to be available on the DMZ, however if the internal Redmine has a security exploit we can run into issues).
  3. Set up some kind of mounted drive over NFS/links to the DMZ system, so all files get stored out there...

Any other ideas? We're currently running people into our VPN but I don't really like having outsiders in our network like that.

StrangeWill
  • 541
  • 5
  • 16

2 Answers2

1

I guess setting up a shared storage is the best way to go here. We doing something very similar and we are successfully using NFS shares to let both servers access the files.

I think an rsync based approach would only work well, if external and internal users tend to work on different projects, so that you may keep the sync interval at a bit higher.

Gregor Schmidt
  • 126
  • 2
0

I guess a 3rd option is to reverse proxy only the /files folder, hence less of a security issue...

StrangeWill
  • 541
  • 5
  • 16