使用Nginx在CentOS 8上安裝Mattermost

在本指南中,我們將探討如何使用Nginx作為反向代理在Matt CentOS 8上安裝Mattermost.Mattermost是免費的開源在線團隊協作和聊天平台,具有Mattermost和社區的數百種現有集成。擴展到數以萬計並發用戶的自定義工作流。您可以輕鬆地與大多數流行的DevOps工具(CI / CD,bots,Git)安全地集成。

Mattermost可以安裝在內部基礎設施,雲中,也可以通過混合架構部署(公共雲和私有雲)進行安裝。對於AWS,Azure和Google Cloud,支持預先構建的開源映像以方便安裝。網絡或您喜歡的設備– iOS,Android,Windows,Linux和Mac。

因此,讓我們開始使用Nginx反向代理在CentOS 8上安裝Mattermost,並選擇使用“加密SSL”證書配置安全連接。

步驟1:更新系統

確保系統已更新。

sudo yum -y update

升級後,您可能需要重新引導系統。

sudo reboot

步驟2:安裝數據庫服務器

我們的Mattermost服務器將需要一個數據庫服務器來存儲其數據。為此,我們將使用MariaDB數據庫服務器。

sudo yum -y install @mariadb
sudo systemctl enable --now mariadb
sudo mysql_secure_installation

安裝數據庫後,登錄到MariaDB shell,並為Mattermost創建數據庫和用戶。

$ mysql -u root -p
CREATE DATABASE mattermost;
GRANT ALL PRIVILEGES ON mattermost.* TO [email protected] IDENTIFIED BY '[email protected]';
FLUSH PRIVILEGES;
QUIT;

步驟3:在CentOS 8上安裝Mattermost服務器

添加系統用戶以管理Mattermost服務。

sudo useradd -d /opt/mattermost -U -M mattermost

現在在CentOS 8 Linux上安裝Mattermost Server。 最重要的下載頁面在撰寫本文時,可用的最新版本是 5.20.1。

wget https://releases.mattermost.com/5.20.2/mattermost-5.20.2-linux-amd64.tar.gz

下載完成後解壓縮檔案。

tar xvf mattermost-5.20.2-linux-amd64.tar.gz

將提取的文件移至/ opt目錄。

sudo mv mattermost /opt

為用戶發布到Mattermost的文件和圖像創建存儲目錄。

sudo mkdir /opt/mattermost/data

設置目錄權限。

sudo chown -R mattermost:mattermost /opt/mattermost
sudo chmod -R g+w /opt/mattermost

配置數據庫驅動程序。

sudo vim /opt/mattermost/config/config.json

我們需要設置:

  • 將“ DriverName”設置為“MySQL的
  • 將“數據源”設置為:
"mmuser:@tcp(:3306)/mattermost?charset=utf8mb4,utf8&readTimeout=30s&writeTimeout=30s"

所以對我來說,這將是:

"SqlSettings": {
        "DriverName": "mysql",
        "DataSource": "mattermost:[email protected]@tcp(localhost:3306)/mattermost?charset=utf8mb4,utf8u0026readTimeout=30su0026writeTimeout=30s",
        "DataSourceReplicas": [],
        "DataSourceSearchReplicas": [],
        "MaxIdleConns": 20,
        "ConnMaxLifetimeMilliseconds": 3600000,
        "MaxOpenConns": 300,
        "Trace": false,
        "AtRestEncryptKey": "myyti1r597i99qrk7eu91ywqhaawz4md",
        "QueryTimeout": 30
    },

更改為whatmost目錄,以測試Mattermost服務器。

cd /opt/mattermost

最重要的是啟動Mattermost服務器:

$ sudo -u mattermost ./bin/mattermost
{"level":"info","ts":1583869117.6809375,"caller":"utils/i18n.go:83","msg":"Loaded system translations","for locale":"en","from locale":"/opt/mattermost/i18n/en.json"}
{"level":"info","ts":1583869117.6810265,"caller":"app/server_app_adapters.go:58","msg":"Server is initializing..."}
{"level":"info","ts":1583869117.6850379,"caller":"sqlstore/supplier.go:221","msg":"Pinging SQL","database":"master"}
{"level":"info","ts":1583869118.8863454,"caller":"sqlstore/upgrade.go:111","msg":"The database schema version has been set","version":"5.20.0"}
{"level":"error","ts":1583869121.576649,"caller":"app/server_app_adapters.go:129","msg":"SiteURL must be set. Some features will operate incorrectly if the SiteURL is not set. See documentation for details: http://about.mattermost.com/default-site-url"}
{"level":"info","ts":1583869121.5776517,"caller":"app/license.go:39","msg":"License key from https://mattermost.com required to unlock enterprise features."}
{"level":"info","ts":1583869121.5779395,"caller":"app/migrations.go:26","msg":"Migrating roles to database."}
{"level":"info","ts":1583869121.6382146,"caller":"sqlstore/post_store.go:1354","msg":"Post.Message has size restrictions","max_characters":16383,"max_bytes":65535}
{"level":"info","ts":1583869121.6425729,"caller":"app/migrations.go:102","msg":"Migrating emojis config to database."}
{"level":"info","ts":1583869122.121464,"caller":"mlog/log.go:167","msg":"Starting up plugins"}
{"level":"info","ts":1583869122.1215749,"caller":"app/plugin.go:199","msg":"Syncing plugins from the file store"}
{"level":"info","ts":1583869123.3940613,"caller":"mlog/sugar.go:19","msg":"Ensuring Surveybot exists","plugin_id":"com.mattermost.nps"}
{"level":"info","ts":1583869123.4156811,"caller":"mlog/sugar.go:19","msg":"Surveybot created","plugin_id":"com.mattermost.nps"}
{"level":"info","ts":1583869123.432906,"caller":"mlog/sugar.go:19","msg":"Upgrade detected. Checking if a survey should be scheduled.","plugin_id":"com.mattermost.nps"}
{"level":"info","ts":1583869123.5542266,"caller":"mlog/sugar.go:19","msg":"Scheduling next survey for Mar 31, 2020","plugin_id":"com.mattermost.nps"}
{"level":"info","ts":1583869123.8526862,"caller":"app/server.go:232","msg":"Current version is 5.20.0 (5.20.1/Sun Feb 16 15:51:14 UTC 2020/0e1a9f7e530061cdd2c7c17899e458afe2c83a9b/551cbd55b9c0d896b5886f42fc0193c9b97edb33)","current_version":"5.20.0","build_number":"5.20.1","build_date":"Sun Feb 16 15:51:14 UTC 2020","build_hash":"0e1a9f7e530061cdd2c7c17899e458afe2c83a9b","build_hash_enterprise":"551cbd55b9c0d896b5886f42fc0193c9b97edb33"}
{"level":"info","ts":1583869123.8527322,"caller":"app/server.go:241","msg":"Enterprise Build","enterprise_build":true}
{"level":"info","ts":1583869123.8527455,"caller":"app/server.go:247","msg":"Printing current working","directory":"/opt/mattermost"}
{"level":"info","ts":1583869123.852752,"caller":"app/server.go:248","msg":"Loaded config","source":"file:///opt/mattermost/config/config.json"}
{"level":"error","ts":1583869123.8604512,"caller":"mlog/log.go:175","msg":"RPC call OnConfigurationChange to plugin failed.","plugin_id":"com.mattermost.nps","error":"connection is shut down"}
{"level":"error","ts":1583869123.89252,"caller":"mlog/log.go:175","msg":"RPC call OnConfigurationChange to plugin failed.","plugin_id":"com.mattermost.nps","error":"connection is shut down"}
{"level":"info","ts":1583869123.894262,"caller":"jobs/workers.go:68","msg":"Starting workers"}
{"level":"info","ts":1583869123.8990135,"caller":"app/web_hub.go:75","msg":"Starting websocket hubs","number_of_hubs":2}
{"level":"info","ts":1583869123.9066868,"caller":"jobs/schedulers.go:74","msg":"Starting schedulers."}
{"level":"info","ts":1583869123.9202466,"caller":"app/server.go:470","msg":"Starting Server..."}
{"level":"info","ts":1583869123.9206858,"caller":"app/server.go:538","msg":"Server is listening on [::]:8065","address":"[::]:8065"}

步驟4:配置Mattermost systemd單位文件

為Mattermost創建一個系統化的單位文件:

sudo tee /etc/systemd/system/mattermost.service<

禁用SELinux或將其設置為許可模式

sudo setenforce 0
sudo sed -i 's/^SELINUX=.*/SELINUX=permissive/g' /etc/selinux/config

使服務可執行。

sudo systemctl daemon-reload
sudo systemctl enable --now mattermost

確認服務狀態。

$ systemctl status mattermost.service 
● mattermost.service - Mattermost
   Loaded: loaded (/etc/systemd/system/mattermost.service; enabled; vendor preset: disabled)
   Active: active (running) since Fri 2020-03-13 20:01:03 EAT; 2min 47s ago
 Main PID: 9154 (mattermost)
    Tasks: 16 (limit: 11497)
   Memory: 114.2M
   CGroup: /system.slice/mattermost.service
           ├─9154 /opt/mattermost/bin/mattermost
           └─9224 plugins/com.mattermost.nps/server/dist/plugin-linux-amd64

Mar 13 20:01:02 cent8.novalocal mattermost[9154]: {"level":"info","ts":1584118862.898295,"caller":"app/server.go:247","msg":"Printing current working",>
Mar 13 20:01:02 cent8.novalocal mattermost[9154]: {"level":"info","ts":1584118862.8983018,"caller":"app/server.go:248","msg":"Loaded config","source":">
Mar 13 20:01:02 cent8.novalocal mattermost[9154]: {"level":"info","ts":1584118862.920317,"caller":"sqlstore/post_store.go:1354","msg":"Post.Message has>
Mar 13 20:01:03 cent8.novalocal mattermost[9154]: {"level":"info","ts":1584118862.9979806,"caller":"jobs/workers.go:68","msg":"Starting workers"}
Mar 13 20:01:03 cent8.novalocal mattermost[9154]: {"level":"info","ts":1584118863.0024703,"caller":"app/web_hub.go:75","msg":"Starting websocket hubs",>
Mar 13 20:01:03 cent8.novalocal mattermost[9154]: {"level":"info","ts":1584118863.0136616,"caller":"jobs/schedulers.go:74","msg":"Starting schedulers."}
Mar 13 20:01:03 cent8.novalocal mattermost[9154]: {"level":"info","ts":1584118863.0337238,"caller":"app/server.go:470","msg":"Starting Server..."}
Mar 13 20:01:03 cent8.novalocal mattermost[9154]: {"level":"info","ts":1584118863.033907,"caller":"app/server.go:538","msg":"Server is listening on [::>
Mar 13 20:01:03 cent8.novalocal mattermost[9154]: {"level":"info","ts":1584118863.0339284,"caller":"commands/server.go:105","msg":"Sending systemd READ>
Mar 13 20:01:03 cent8.novalocal systemd[1]: Started Mattermost.

驗證Mattermost是否正在運行。

$ curl http://localhost:8065

您應該會看到Mattermost服務器返回的HTML。

步驟5:安裝和配置Nginx

在生產環境中運行Mattermost時,請使用代理服務器以提高Mattermost的安全性和性能。

在CentOS Linux機器上安裝Nginx。

sudo dnf -y install epel-release
sudo dnf -y install nginx

啟動並啟用Nginx服務。

sudo systemctl enable --now nginx

然後將Nginx Web服務器配置為Mattermost Server的代理。

sudo vi /etc/nginx/conf.d/mattermost.conf

將以下代碼段粘貼並編輯到文件中,以最基本地配置Nginx。

upstream backend {
   server 127.0.0.1:8065;
   keepalive 32;
}

proxy_cache_path /var/cache/nginx levels=1:2 keys_zone=mattermost_cache:10m max_size=3g inactive=120m use_temp_path=off;

server {
   listen 80;
   server_name    mattermost.example.com;

   location ~ /api/v[0-9]+/(users/)?websocket$ {
       proxy_set_header Upgrade $http_upgrade;
       proxy_set_header Connection "upgrade";
       client_max_body_size 50M;
       proxy_set_header Host $http_host;
       proxy_set_header X-Real-IP $remote_addr;
       proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
       proxy_set_header X-Forwarded-Proto $scheme;
       proxy_set_header X-Frame-Options SAMEORIGIN;
       proxy_buffers 256 16k;
       proxy_buffer_size 16k;
       client_body_timeout 60;
       send_timeout 300;
       lingering_timeout 5;
       proxy_connect_timeout 90;
       proxy_send_timeout 300;
       proxy_read_timeout 90s;
       proxy_pass http://backend;
   }

   location / {
       client_max_body_size 50M;
       proxy_set_header Connection "";
       proxy_set_header Host $http_host;
       proxy_set_header X-Real-IP $remote_addr;
       proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
       proxy_set_header X-Forwarded-Proto $scheme;
       proxy_set_header X-Frame-Options SAMEORIGIN;
       proxy_buffers 256 16k;
       proxy_buffer_size 16k;
       proxy_read_timeout 600s;
       proxy_cache mattermost_cache;
       proxy_cache_revalidate on;
       proxy_cache_min_uses 2;
       proxy_cache_use_stale timeout;
       proxy_cache_lock on;
       proxy_http_version 1.1;
       proxy_pass http://backend;
   }
}

修改 mattermost.example.com 為您的Mattermost域設置正確的值。

驗證您的Nginx配置文件。

$ sudo nginx -t
nginx: the configuration file /etc/nginx/nginx.conf syntax is ok
nginx: configuration file /etc/nginx/nginx.conf test is successful

如果一切正常,請重新啟動Nginx。

sudo systemctl restart nginx

在Firewalld上打開http和https端口。

sudo firewall-cmd --add-service={http,https} --permanent
sudo firewall-cmd --reload

確認狀態為運行中。

$ sudo systemctl status nginx
● nginx.service - The nginx HTTP and reverse proxy server
   Loaded: loaded (/usr/lib/systemd/system/nginx.service; enabled; vendor preset: disabled)
   Active: active (running) since Fri 2020-03-13 20:17:05 EAT; 2min 9s ago
  Process: 9772 ExecStart=/usr/sbin/nginx (code=exited, status=0/SUCCESS)
  Process: 9769 ExecStartPre=/usr/sbin/nginx -t (code=exited, status=0/SUCCESS)
  Process: 9768 ExecStartPre=/usr/bin/rm -f /run/nginx.pid (code=exited, status=0/SUCCESS)
 Main PID: 9774 (nginx)
    Tasks: 3 (limit: 11497)
   Memory: 5.2M
   CGroup: /system.slice/nginx.service
           ├─9774 nginx: master process /usr/sbin/nginx
           ├─9775 nginx: worker process
           └─9776 nginx: cache manager process

Mar 13 20:17:05 cent8.novalocal systemd[1]: Starting The nginx HTTP and reverse proxy server...
Mar 13 20:17:05 cent8.novalocal nginx[9769]: nginx: the configuration file /etc/nginx/nginx.conf syntax is ok
Mar 13 20:17:05 cent8.novalocal nginx[9769]: nginx: configuration file /etc/nginx/nginx.conf test is successful
Mar 13 20:17:05 cent8.novalocal systemd[1]: nginx.service: Failed to parse PID from file /run/nginx.pid: Invalid argument
Mar 13 20:17:05 cent8.novalocal systemd[1]: Started The nginx HTTP and reverse proxy server.

您應該能夠訪問在Nginx上配置的Mattermost域。

$ curl mattermost.example.com

第6步:配置案件服務器

現在,我們可以通過打開Nginx上配置的域來開始配置Mattermost服務器。

http://mattermost.example.com

在首頁上創建管理員用戶-該用戶將可以創建或邀請其他新用戶。

選擇創建團隊或直接進入控制台。

使用Nginx在CentOS 8上安裝Mattermost

如果選擇創建團隊,請提供團隊名稱,然後單擊下一步。

使用Nginx在CentOS 8上安裝Mattermost

設置團隊URL,然後單擊完成。

使用Nginx在CentOS 8上安裝Mattermost

Mattermost的儀錶板控制台應如下所示。

使用Nginx在CentOS 8上安裝Mattermost

然後,您可以邀請會員加入創建的團隊。也可以考慮安裝以下應用程序: PC,Mac,iOS和Android 便於隨時隨地訪問和通知。

第7步:配置“加密/自定義SSL證書”

您可以使用SSL通過確保對Mattermost客戶端和Mattermost服務器之間的通信進行加密來確保更高的安全性。還可以將NGINX配置為使用HTTP / 2協議。

為您的域獲取Let's Encrypt SSL證書。首先下載certbot腳本。

wget https://dl.eff.org/certbot-auto
chmod +x certbot-auto
sudo mv certbot-auto /usr/local/bin

停止Nginx服務。

sudo systemctl stop nginx

然後為過期警報設置“域和電子郵件”,並獲得免費的“加密”證書。

export DOMAIN="mattermost.example.com"
export EMAIL_ALERTS="[email protected]"
sudo /usr/local/bin/certbot-auto certonly --standalone -d $DOMAIN --preferred-challenges http --agree-tos -n -m $EMAIL_ALERTS --keep-until-expiring

更新您的nginx配置文件以設置SSL。

.
.
.
proxy_cache_path /var/cache/nginx levels=1:2 keys_zone=mattermost_cache:10m max_size=3g inactive=120m use_temp_path=off;

server {
   listen 80 default_server;
   server_name   mattermost.example.com ;
   return 301 https://$server_name$request_uri;
}

server {
  listen 443 ssl http2;
  server_name    mattermost.example.com ;

  ssl on;
  ssl_certificate /etc/letsencrypt/live/{domain-name}/fullchain.pem;
  ssl_certificate_key /etc/letsencrypt/live/{domain-name}/privkey.pem;
  ssl_session_timeout 1d;
  ssl_protocols TLSv1.2;
  ssl_ciphers 'ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256';
  ssl_prefer_server_ciphers on;
  ssl_session_cache shared:SSL:50m;
  # HSTS (ngx_http_headers_module is required) (15768000 seconds = 6 months)
  add_header Strict-Transport-Security max-age=15768000;
  # OCSP Stapling ---
  # fetch OCSP records from URL in ssl_certificate and cache them
  ssl_stapling on;
  ssl_stapling_verify on;


  location ~ /api/v[0-9]+/(users/)?websocket$ {
    proxy_set_header Upgrade $http_upgrade;
    .
    .
    .

location / {
    proxy_http_version 1.1;
    .
    .
    .

重新啟動Nginx。

sudo systemctl restart nginx

從您的Web瀏覽器確認服務現在位於https上。 最重要的文檔 了解更多。

更多指南。

最佳開源協作與群件軟件解決方案

FileCloud社區版–安全文件共享服務

在Debian 10(Buster)上安裝OpenProject Community Edition

Sidebar