使用Let’s Encrypt SSL在Ubuntu 20.04 LTS上安裝Rocket.Chat

Rocket.Chat是可以替代Slack的開源自託管聊天平台。它具有自託管環境所需的許多功能,例如視頻會議,群聊以及與其他平台的集成。

本指南介紹了如何使用“讓我們加密”在Ubuntu 20.04 LTS上安裝Rocket.Chat服務器。

使用以下內容進行安裝。

第1步-更新Ubuntu系統

更新Ubuntu 20.04系統

sudo apt-get -y update

步驟2 –安裝所需的程序包依賴項

添加MongoDB GPG簽名密鑰。

wget -qO - https://www.mongodb.org/static/pgp/server-4.4.asc | sudo apt-key add -

添加MongoDB存儲庫

echo "deb [ arch=amd64,arm64 ] https://repo.mongodb.org/apt/ubuntu focal/mongodb-org/4.4 multiverse" | sudo tee /etc/apt/sources.list.d/mongodb-org-4.4.list

配置要通過Ubuntu軟件包管理器安裝的Node.js。

sudo apt-get -y update && sudo apt-get install -y curl && curl -sL https://deb.nodesource.com/setup_12.x | sudo bash -

安裝Node.js,MongoDB,構建工具和graphicsmagick。

sudo apt-get install -y build-essential mongodb-org nodejs graphicsmagick

在Ubuntu 20.04中,安裝與安裝的基本版本不同的節點版本將與Rocket.Chat衝突。您只需要安裝與基本版本相同的版本,或創建指向基本版本的符號鏈接。要檢查安裝的版本:

$ node --version

安裝繼承和n。

sudo npm install -g inherits n

為節點二進制文件創建符號鏈接

sudo ln -s /usr/bin/node /usr/local/bin/node

步驟3 –在Ubuntu 20.04上安裝Rocket.Chat

如下下載最新版本的Rocket.Chat

curl -L https://releases.rocket.chat/latest/download -o /tmp/rocket.chat.tgz

將下載的文件解壓縮到 /tmp

tar -xzf /tmp/rocket.chat.tgz -C /tmp

在您選擇的目錄中安裝Rocket.Chat。在本指南中,安裝至 /opt 目錄

cd /tmp/bundle/programs/server && npm install
sudo mv /tmp/bundle /opt/Rocket.Chat

步驟4 –創建Rocketcat系統用戶

創建一個rocketchat用戶,並將所有權分配給Rocket.Chat文件夾。

sudo useradd -M rocketchat && sudo usermod -L rocketchat
sudo chown -R rocketchat:rocketchat /opt/Rocket.Chat

創建用戶後,您可以繼續創建服務。

步驟5 –創建Rocket.Chat服務

創建一個Rocket.Chat服務單元文件。

cat << EOF |sudo tee /etc/systemd/system/rocketchat.service
[Unit]
Description=The Rocket.Chat server
After=network.target remote-fs.target nss-lookup.target nginx.target mongod.target
[Service]
ExecStart=/usr/local/bin/node /opt/Rocket.Chat/main.js
StandardOutput=syslog
StandardError=syslog
SyslogIdentifier=rocketchat
User=rocketchat
Environment=MONGO_URL=mongodb://localhost:27017/rocketchat?replicaSet=rs01 MONGO_OPLOG_URL=mongodb://localhost:27017/local?replicaSet=rs01 ROOT_URL=http://localhost:3000/ PORT=3000
[Install]
WantedBy=multi-user.target
EOF

在啟動MongoDB服務之前,請配置MongoDB的存儲引擎和複製。

sudo sed -i "s/^#  engine:/  engine: mmapv1/"  /etc/mongod.conf
sudo sed -i "s/^#replication:/replication:n  replSetName: rs01/" /etc/mongod.conf

啟動並啟用MongoDB服務

sudo systemctl enable mongod && sudo systemctl start mongod

測試:

mongo --eval "printjson(rs.initiate())"

啟動Rocket.Chat服務。

sudo systemctl enable rocketchat && sudo systemctl start rocketchat

檢查服務是否正在運行。

$ systemctl status rocketchat
● rocketchat.service - The Rocket.Chat server
     Loaded: loaded (/lib/systemd/system/rocketchat.service; enabled; vendor preset: enabled)
     Active: active (running) since Fri 2020-11-27 10:05:54 UTC; 31s ago
   Main PID: 28294 (node)
      Tasks: 11 (limit: 19076)
     Memory: 559.7M
     CGroup: /system.slice/rocketchat.service
             └─28294 /usr/local/bin/node /opt/Rocket.Chat/main.js

Nov 27 10:06:20 chat rocketchat[28294]: ➔ |      MongoDB Version: 4.0.21                      |
Nov 27 10:06:20 chat rocketchat[28294]: ➔ |       MongoDB Engine: mmapv1                      |
Nov 27 10:06:20 chat rocketchat[28294]: ➔ |             Platform: linux                       |
Nov 27 10:06:20 chat rocketchat[28294]: ➔ |         Process Port: 3000                        |
Nov 27 10:06:20 chat rocketchat[28294]: ➔ |             Site URL: http://0.0.0.0:3000/        |
Nov 27 10:06:20 chat rocketchat[28294]: ➔ |     ReplicaSet OpLog: Enabled                     |
Nov 27 10:06:20 chat rocketchat[28294]: ➔ |          Commit Hash: b471caf9c9                  |
Nov 27 10:06:20 chat rocketchat[28294]: ➔ |        Commit Branch: HEAD                        |
Nov 27 10:06:20 chat rocketchat[28294]: ➔ |                                                   |
Nov 27 10:06:20 chat rocketchat[28294]: ➔ +---------------------------------------------------+

步驟6 –配置Nginx反向代理

配置Nginx充當反向代理。另外,在同一配置文件中設置“讓我們加密”

安裝Nginx Web服務器。

sudo apt install nginx

在配置SSL之前,請使用以下設置進行反向代理設置。

sudo nano /etc/nginx/conf.d/rocketchat.conf

該文件的內容如下:

upstream rocket_backend {
  server 127.0.0.1:3000;
}

server {
    listen 80;
    server_name chat.hirebestengineers.com;
    access_log /var/log/nginx/rocketchat-access.log;
    error_log /var/log/nginx/rocketchat-error.log;

    location / {
        proxy_pass http://rocket_backend/;
        proxy_http_version 1.1;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection "upgrade";
        proxy_set_header Host $http_host;

        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forward-For $proxy_add_x_forwarded_for;
        proxy_set_header X-Forward-Proto http;
        proxy_set_header X-Nginx-Proxy true;

        proxy_redirect off;
    }
}

哪裡:

  • rocket.example.com 換成域名

檢查Nginx配置是否存在問題。

$ sudo nginx  -t
nginx: the configuration file /etc/nginx/nginx.conf syntax is ok
nginx: configuration file /etc/nginx/nginx.conf test is successful

重新啟動並啟用Nginx服務

sudo systemctl restart nginx
sudo systemctl enable nginx

步驟7 –設置讓我們加密SSL

下載並設置“讓我們加密SSL證書”

sudo apt install certbot python3-certbot-nginx

然後運行certbot獲取SSL證書

$ certbot --nginx
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Plugins selected: Authenticator nginx, Installer nginx

Which names would you like to activate HTTPS for?
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
1: chat.hirebestengineers.com
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Select the appropriate numbers separated by commas and/or spaces, or leave input
blank to select all options shown (Enter 'c' to cancel): 1
Obtaining a new certificate
Performing the following challenges:
http-01 challenge for chat.hirebestengineers.com
Waiting for verification...
Cleaning up challenges
Deploying Certificate to VirtualHost /etc/nginx/conf.d/chat.conf

Please choose whether or not to redirect HTTP traffic to HTTPS, removing HTTP access.
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
1: No redirect - Make no further changes to the webserver configuration.
2: Redirect - Make all requests redirect to secure HTTPS access. Choose this for
new sites, or if you're confident your site works on HTTPS. You can undo this
change by editing your web server's configuration.
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Select the appropriate number [1-2] then [enter] (press 'c' to cancel): 2
Redirecting all traffic on port 80 to ssl in /etc/nginx/conf.d/chat.conf

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Congratulations! You have successfully enabled
https://chat.hirebestengineers.com

You should test your configuration at:
https://www.ssllabs.com/ssltest/analyze.html?d=chat.hirebestengineers.com
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

IMPORTANT NOTES:
 - Congratulations! Your certificate and chain have been saved at:
   /etc/letsencrypt/live/chat.hirebestengineers.com/fullchain.pem
   Your key file has been saved at:
   /etc/letsencrypt/live/chat.hirebestengineers.com/privkey.pem
   Your cert will expire on 2021-02-26. To obtain a new or tweaked
   version of this certificate in the future, simply run certbot again
   with the "certonly" option. To non-interactively renew *all* of
   your certificates, run "certbot renew"
 - If you like Certbot, please consider supporting our work by:

   Donating to ISRG / Let's Encrypt:   https://letsencrypt.org/donate
   Donating to EFF:                    https://eff.org/donate-le

SSL之後的最終Nginx配置如下所示:

upstream rocket_backend {
  server 127.0.0.1:3000;
}

server {
    server_name chat.hirebestengineers.com;
    access_log /var/log/nginx/rocketchat-access.log;
    error_log /var/log/nginx/rocketchat-error.log;

    location / {
        proxy_pass http://rocket_backend/;
        proxy_http_version 1.1;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection "upgrade";
        proxy_set_header Host $http_host;

        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forward-For $proxy_add_x_forwarded_for;
        proxy_set_header X-Forward-Proto http;
        proxy_set_header X-Nginx-Proxy true;

        proxy_redirect off;
    }

    listen 443 ssl; # managed by Certbot
    ssl_certificate /etc/letsencrypt/live/chat.hirebestengineers.com/fullchain.pem; # managed by Certbot
    ssl_certificate_key /etc/letsencrypt/live/chat.hirebestengineers.com/privkey.pem; # managed by Certbot
    include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
    ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot

}


server {
    if ($host = chat.hirebestengineers.com) {
        return 301 https://$host$request_uri;
    } # managed by Certbot


    listen 80;
    server_name chat.hirebestengineers.com;
    return 404; # managed by Certbot
}

檢查Nginx配置是否存在問題。

$ sudo nginx  -t
nginx: the configuration file /etc/nginx/nginx.conf syntax is ok
nginx: configuration file /etc/nginx/nginx.conf test is successful

重新啟動Nginx服務以使其生效。

sudo systemctl restart nginx

現在,您可以使用https通過FQDN訪問聊天服務器。

使用安裝嚮導配置服務器

火箭聊天Ubuntu 20.04

成功配置服務器後,您將能夠使用上一步中創建的管理員憑據來訪問站點。

安裝火箭聊天ubuntu 20.04

我已經在Ubuntu 20.04服務器上成功安裝並配置了Rocket.Chat。

您可以在下面查看其他相關文章:

如何在Debian / Ubuntu上安裝Rocket.Chat服務器

使用“讓我們加密SSL”在Ubuntu上安裝Chatwoot

Sidebar