使用Let’s Encrypt SSL在Ubuntu 20.04 LTS上安装Rocket.Chat

Rocket.Chat是可以替代Slack的开源自托管聊天平台。它具有自托管环境所需的许多功能,例如视频会议,群聊以及与其他平台的集成。

本指南介绍了如何使用“让我们加密”在Ubuntu 20.04 LTS上安装Rocket.Chat服务器。

使用以下内容进行安装。

第1步-更新Ubuntu系统

更新Ubuntu 20.04系统

sudo apt-get -y update

步骤2 –安装所需的程序包依赖项

添加MongoDB GPG签名密钥。

wget -qO - https://www.mongodb.org/static/pgp/server-4.4.asc | sudo apt-key add -

添加MongoDB存储库

echo "deb [ arch=amd64,arm64 ] https://repo.mongodb.org/apt/ubuntu focal/mongodb-org/4.4 multiverse" | sudo tee /etc/apt/sources.list.d/mongodb-org-4.4.list

配置要通过Ubuntu软件包管理器安装的Node.js。

sudo apt-get -y update && sudo apt-get install -y curl && curl -sL https://deb.nodesource.com/setup_12.x | sudo bash -

安装Node.js,MongoDB,构建工具和graphicsmagick。

sudo apt-get install -y build-essential mongodb-org nodejs graphicsmagick

在Ubuntu 20.04中,安装与安装的基本版本不同的节点版本将与Rocket.Chat冲突。您只需要安装与基本版本相同的版本,或创建指向基本版本的符号链接。要检查安装的版本:

$ node --version

安装继承和n。

sudo npm install -g inherits n

为节点二进制文件创建符号链接

sudo ln -s /usr/bin/node /usr/local/bin/node

步骤3 –在Ubuntu 20.04上安装Rocket.Chat

如下下载最新版本的Rocket.Chat

curl -L https://releases.rocket.chat/latest/download -o /tmp/rocket.chat.tgz

将下载的文件解压缩到 /tmp

tar -xzf /tmp/rocket.chat.tgz -C /tmp

在您选择的目录中安装Rocket.Chat。在本指南中,安装至 /opt 目录

cd /tmp/bundle/programs/server && npm install
sudo mv /tmp/bundle /opt/Rocket.Chat

步骤4 –创建Rocketcat系统用户

创建一个rocketchat用户,并将所有权分配给Rocket.Chat文件夹。

sudo useradd -M rocketchat && sudo usermod -L rocketchat
sudo chown -R rocketchat:rocketchat /opt/Rocket.Chat

创建用户后,您可以继续创建服务。

步骤5 –创建Rocket.Chat服务

创建一个Rocket.Chat服务单元文件。

cat << EOF |sudo tee /etc/systemd/system/rocketchat.service
[Unit]
Description=The Rocket.Chat server
After=network.target remote-fs.target nss-lookup.target nginx.target mongod.target
[Service]
ExecStart=/usr/local/bin/node /opt/Rocket.Chat/main.js
StandardOutput=syslog
StandardError=syslog
SyslogIdentifier=rocketchat
User=rocketchat
Environment=MONGO_URL=mongodb://localhost:27017/rocketchat?replicaSet=rs01 MONGO_OPLOG_URL=mongodb://localhost:27017/local?replicaSet=rs01 ROOT_URL=http://localhost:3000/ PORT=3000
[Install]
WantedBy=multi-user.target
EOF

在启动MongoDB服务之前,请配置MongoDB的存储引擎和复制。

sudo sed -i "s/^#  engine:/  engine: mmapv1/"  /etc/mongod.conf
sudo sed -i "s/^#replication:/replication:n  replSetName: rs01/" /etc/mongod.conf

启动并启用MongoDB服务

sudo systemctl enable mongod && sudo systemctl start mongod

测试:

mongo --eval "printjson(rs.initiate())"

启动Rocket.Chat服务。

sudo systemctl enable rocketchat && sudo systemctl start rocketchat

检查服务是否正在运行。

$ systemctl status rocketchat
● rocketchat.service - The Rocket.Chat server
     Loaded: loaded (/lib/systemd/system/rocketchat.service; enabled; vendor preset: enabled)
     Active: active (running) since Fri 2020-11-27 10:05:54 UTC; 31s ago
   Main PID: 28294 (node)
      Tasks: 11 (limit: 19076)
     Memory: 559.7M
     CGroup: /system.slice/rocketchat.service
             └─28294 /usr/local/bin/node /opt/Rocket.Chat/main.js

Nov 27 10:06:20 chat rocketchat[28294]: ➔ |      MongoDB Version: 4.0.21                      |
Nov 27 10:06:20 chat rocketchat[28294]: ➔ |       MongoDB Engine: mmapv1                      |
Nov 27 10:06:20 chat rocketchat[28294]: ➔ |             Platform: linux                       |
Nov 27 10:06:20 chat rocketchat[28294]: ➔ |         Process Port: 3000                        |
Nov 27 10:06:20 chat rocketchat[28294]: ➔ |             Site URL: http://0.0.0.0:3000/        |
Nov 27 10:06:20 chat rocketchat[28294]: ➔ |     ReplicaSet OpLog: Enabled                     |
Nov 27 10:06:20 chat rocketchat[28294]: ➔ |          Commit Hash: b471caf9c9                  |
Nov 27 10:06:20 chat rocketchat[28294]: ➔ |        Commit Branch: HEAD                        |
Nov 27 10:06:20 chat rocketchat[28294]: ➔ |                                                   |
Nov 27 10:06:20 chat rocketchat[28294]: ➔ +---------------------------------------------------+

步骤6 –配置Nginx反向代理

配置Nginx充当反向代理。另外,在同一配置文件中设置“让我们加密”

安装Nginx Web服务器。

sudo apt install nginx

在配置SSL之前,请使用以下设置进行反向代理设置。

sudo nano /etc/nginx/conf.d/rocketchat.conf

该文件的内容如下:

upstream rocket_backend {
  server 127.0.0.1:3000;
}

server {
    listen 80;
    server_name chat.hirebestengineers.com;
    access_log /var/log/nginx/rocketchat-access.log;
    error_log /var/log/nginx/rocketchat-error.log;

    location / {
        proxy_pass http://rocket_backend/;
        proxy_http_version 1.1;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection "upgrade";
        proxy_set_header Host $http_host;

        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forward-For $proxy_add_x_forwarded_for;
        proxy_set_header X-Forward-Proto http;
        proxy_set_header X-Nginx-Proxy true;

        proxy_redirect off;
    }
}

哪里:

  • rocket.example.com 换成域名

检查Nginx配置是否存在问题。

$ sudo nginx  -t
nginx: the configuration file /etc/nginx/nginx.conf syntax is ok
nginx: configuration file /etc/nginx/nginx.conf test is successful

重新启动并启用Nginx服务

sudo systemctl restart nginx
sudo systemctl enable nginx

步骤7 –设置让我们加密SSL

下载并设置“让我们加密SSL证书”

sudo apt install certbot python3-certbot-nginx

然后运行certbot获取SSL证书

$ certbot --nginx
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Plugins selected: Authenticator nginx, Installer nginx

Which names would you like to activate HTTPS for?
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
1: chat.hirebestengineers.com
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Select the appropriate numbers separated by commas and/or spaces, or leave input
blank to select all options shown (Enter 'c' to cancel): 1
Obtaining a new certificate
Performing the following challenges:
http-01 challenge for chat.hirebestengineers.com
Waiting for verification...
Cleaning up challenges
Deploying Certificate to VirtualHost /etc/nginx/conf.d/chat.conf

Please choose whether or not to redirect HTTP traffic to HTTPS, removing HTTP access.
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
1: No redirect - Make no further changes to the webserver configuration.
2: Redirect - Make all requests redirect to secure HTTPS access. Choose this for
new sites, or if you're confident your site works on HTTPS. You can undo this
change by editing your web server's configuration.
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Select the appropriate number [1-2] then [enter] (press 'c' to cancel): 2
Redirecting all traffic on port 80 to ssl in /etc/nginx/conf.d/chat.conf

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Congratulations! You have successfully enabled
https://chat.hirebestengineers.com

You should test your configuration at:
https://www.ssllabs.com/ssltest/analyze.html?d=chat.hirebestengineers.com
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

IMPORTANT NOTES:
 - Congratulations! Your certificate and chain have been saved at:
   /etc/letsencrypt/live/chat.hirebestengineers.com/fullchain.pem
   Your key file has been saved at:
   /etc/letsencrypt/live/chat.hirebestengineers.com/privkey.pem
   Your cert will expire on 2021-02-26. To obtain a new or tweaked
   version of this certificate in the future, simply run certbot again
   with the "certonly" option. To non-interactively renew *all* of
   your certificates, run "certbot renew"
 - If you like Certbot, please consider supporting our work by:

   Donating to ISRG / Let's Encrypt:   https://letsencrypt.org/donate
   Donating to EFF:                    https://eff.org/donate-le

SSL之后的最终Nginx配置如下所示:

upstream rocket_backend {
  server 127.0.0.1:3000;
}

server {
    server_name chat.hirebestengineers.com;
    access_log /var/log/nginx/rocketchat-access.log;
    error_log /var/log/nginx/rocketchat-error.log;

    location / {
        proxy_pass http://rocket_backend/;
        proxy_http_version 1.1;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection "upgrade";
        proxy_set_header Host $http_host;

        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forward-For $proxy_add_x_forwarded_for;
        proxy_set_header X-Forward-Proto http;
        proxy_set_header X-Nginx-Proxy true;

        proxy_redirect off;
    }

    listen 443 ssl; # managed by Certbot
    ssl_certificate /etc/letsencrypt/live/chat.hirebestengineers.com/fullchain.pem; # managed by Certbot
    ssl_certificate_key /etc/letsencrypt/live/chat.hirebestengineers.com/privkey.pem; # managed by Certbot
    include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
    ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot

}


server {
    if ($host = chat.hirebestengineers.com) {
        return 301 https://$host$request_uri;
    } # managed by Certbot


    listen 80;
    server_name chat.hirebestengineers.com;
    return 404; # managed by Certbot
}

检查Nginx配置是否存在问题。

$ sudo nginx  -t
nginx: the configuration file /etc/nginx/nginx.conf syntax is ok
nginx: configuration file /etc/nginx/nginx.conf test is successful

重新启动Nginx服务以使其生效。

sudo systemctl restart nginx

现在,您可以使用https通过FQDN访问聊天服务器。

使用安装向导配置服务器

火箭聊天Ubuntu 20.04

成功配置服务器后,您将能够使用上一步中创建的管理员凭据来访问站点。

安装火箭聊天ubuntu 20.04

我已经在Ubuntu 20.04服务器上成功安装并配置了Rocket.Chat。

您可以在下面查看其他相关文章:

如何在Debian / Ubuntu上安装Rocket.Chat服务器

使用“让我们加密SSL”在Ubuntu上安装Chatwoot

Sidebar