如何在CentOS 8上安装Mattermost
时间:2020-02-23 14:31:13 来源:igfitidea点击:
在本指南中,很好地探索如何使用Nginx作为反向代理在CentOS 8上安装Mattermost。 Mattermost是一个免费的开源在线团队协作和聊天平台,具有来自Mattermost和社区的数百种现有集成。这使我们可以构建可扩展到成千上万并发用户的自定义工作流。我们可以轻松地与大多数流行的DevOps工具(CI/CD,机器人,Git)安全地集成。
Mattermost可以安装在内部基础设施,云中,也可以与混合架构一起部署在公共云和私有云中。对于AWS,Azure和Google Cloud预建的开源镜像,它们支持轻松安装。可以从网上或者我们喜欢的设备iOS,Android,Windows,Linux和Mac上访问Mattermost。
因此,让我们开始使用Nginx反向代理在CentOS 8上安装Mattermost,并选择使用Lets Encrypt SSL证书配置安全连接。
更新系统
确保系统已更新。
sudo yum -y update
升级后,我们可能需要重新引导系统。
sudo reboot
安装数据库服务器
我们的Mattermost服务器将需要一个数据库服务器来存储其数据。为此,请充分使用MariaDB数据库服务器。
sudo yum -y install @mariadb sudo systemctl enable --now mariadb sudo mysql_secure_installation
安装数据库后,登录到MariaDB shell,并为Mattermost创建数据库和用户。
$mysql -u root -p CREATE DATABASE mattermost; GRANT ALL PRIVILEGES ON mattermost.* TO theitroad@localhost IDENTIFIED BY 'theitroad@localhost'; FLUSH PRIVILEGES; QUIT;
在CentOS 8上安装Mattermost服务器
添加系统用户以管理Mattermost服务。
sudo useradd -d /opt/mattermost -U -M mattermost
现在,在CentOS 8 Linux上安装Mattermost Server。 Mattermost的最新版本可在Mattermost下载页面上找到。在撰写本文时,可用的最新版本是5.20.1.
wget https://releases.mattermost.com/5.20.2/mattermost-5.20.2-linux-amd64.tar.gz
下载完成后解压缩档案。
tar xvf mattermost-5.20.2-linux-amd64.tar.gz
将提取的文件移到/opt目录。
sudo mv mattermost /opt
为用户发布到Mattermost的文件和图像创建存储目录。
sudo mkdir /opt/mattermost/data
设置目录权限。
sudo chown -R mattermost:mattermost /opt/mattermost sudo chmod -R g+w /opt/mattermost
配置数据库驱动程序。
sudo vim /opt/mattermost/config/config.json
我们需要设置:将DriverName设置为mysql将DataSource设置为:
"mmuser:<mmuser-password>@tcp(<host-name-or-IP>:3306)/mattermost?charset=utf8mb4,utf8&readTimeout=30s&writeTimeout=30s"
所以对我来说,这将是:
"SqlSettings": {
"DriverName": "mysql",
"DataSource": "mattermost:theitroad@localhost@tcp(localhost:3306)/mattermost?charset=utf8mb4,utf8\u0026readTimeout=30s\u0026writeTimeout=30s",
"DataSourceReplicas": [],
"DataSourceSearchReplicas": [],
"MaxIdleConns": 20,
"ConnMaxLifetimeMilliseconds": 3600000,
"MaxOpenConns": 300,
"Trace": false,
"AtRestEncryptKey": "myyti1r597i99qrk7eu91ywqhaawz4md",
"QueryTimeout": 30
},
更改为whatmost目录,以测试Mattermost服务器。
cd /opt/mattermost
最重要的是启动Mattermost服务器:
$sudo -u mattermost ./bin/mattermost
{"level":"info","ts":1583869117.6809375,"caller":"utils/i18n.go:83","msg":"Loaded system translations","for locale":"en","from locale":"/opt/mattermost/i18n/en.json"}
{"level":"info","ts":1583869117.6810265,"caller":"app/server_app_adapters.go:58","msg":"Server is initializing..."}
{"level":"info","ts":1583869117.6850379,"caller":"sqlstore/supplier.go:221","msg":"Pinging SQL","database":"master"}
{"level":"info","ts":1583869118.8863454,"caller":"sqlstore/upgrade.go:111","msg":"The database schema version has been set","version":"5.20.0"}
{"level":"error","ts":1583869121.576649,"caller":"app/server_app_adapters.go:129","msg":"SiteURL must be set. Some features will operate incorrectly if the SiteURL is not set. See documentation for details: http://about.mattermost.com/default-site-url"}
{"level":"info","ts":1583869121.5776517,"caller":"app/license.go:39","msg":"License key from https://mattermost.com required to unlock enterprise features."}
{"level":"info","ts":1583869121.5779395,"caller":"app/migrations.go:26","msg":"Migrating roles to database."}
{"level":"info","ts":1583869121.6382146,"caller":"sqlstore/post_store.go:1354","msg":"Post.Message has size restrictions","max_characters":16383,"max_bytes":65535}
{"level":"info","ts":1583869121.6425729,"caller":"app/migrations.go:102","msg":"Migrating emojis config to database."}
{"level":"info","ts":1583869122.121464,"caller":"mlog/log.go:167","msg":"Starting up plugins"}
{"level":"info","ts":1583869122.1215749,"caller":"app/plugin.go:199","msg":"Syncing plugins from the file store"}
{"level":"info","ts":1583869123.3940613,"caller":"mlog/sugar.go:19","msg":"Ensuring Surveybot exists","plugin_id":"com.mattermost.nps"}
{"level":"info","ts":1583869123.4156811,"caller":"mlog/sugar.go:19","msg":"Surveybot created","plugin_id":"com.mattermost.nps"}
{"level":"info","ts":1583869123.432906,"caller":"mlog/sugar.go:19","msg":"Upgrade detected. Checking if a survey should be scheduled.","plugin_id":"com.mattermost.nps"}
{"level":"info","ts":1583869123.5542266,"caller":"mlog/sugar.go:19","msg":"Scheduling next survey for Mar 31, 2017","plugin_id":"com.mattermost.nps"}
{"level":"info","ts":1583869123.8526862,"caller":"app/server.go:232","msg":"Current version is 5.20.0 (5.20.1/Sun Nov 16 15:51:14 UTC 2017/0e1a9f7e530061cdd2c7c17899e458afe2c83a9b/551cbd55b9c0d896b5886f42fc0193c9b97edb33)","current_version":"5.20.0","build_number":"5.20.1","build_date":"Sun Nov 16 15:51:14 UTC 2017","build_hash":"0e1a9f7e530061cdd2c7c17899e458afe2c83a9b","build_hash_enterprise":"551cbd55b9c0d896b5886f42fc0193c9b97edb33"}
{"level":"info","ts":1583869123.8527322,"caller":"app/server.go:241","msg":"Enterprise Build","enterprise_build":true}
{"level":"info","ts":1583869123.8527455,"caller":"app/server.go:247","msg":"Printing current working","directory":"/opt/mattermost"}
{"level":"info","ts":1583869123.852752,"caller":"app/server.go:248","msg":"Loaded config","source":"file:///opt/mattermost/config/config.json"}
{"level":"error","ts":1583869123.8604512,"caller":"mlog/log.go:175","msg":"RPC call OnConfigurationChange to plugin failed.","plugin_id":"com.mattermost.nps","error":"connection is shut down"}
{"level":"error","ts":1583869123.89252,"caller":"mlog/log.go:175","msg":"RPC call OnConfigurationChange to plugin failed.","plugin_id":"com.mattermost.nps","error":"connection is shut down"}
{"level":"info","ts":1583869123.894262,"caller":"jobs/workers.go:68","msg":"Starting workers"}
{"level":"info","ts":1583869123.8990135,"caller":"app/web_hub.go:75","msg":"Starting websocket hubs","number_of_hubs":2}
{"level":"info","ts":1583869123.9066868,"caller":"jobs/schedulers.go:74","msg":"Starting schedulers."}
{"level":"info","ts":1583869123.9202466,"caller":"app/server.go:470","msg":"Starting Server..."}
{"level":"info","ts":1583869123.9206858,"caller":"app/server.go:538","msg":"Server is listening on [::]:8065","address":"[::]:8065"}
配置Mattermost systemd单位文件
为Mattermost创建一个系统化的单位文件:
sudo tee /etc/systemd/system/mattermost.service<<EOF [Unit] Description=Mattermost After=syslog.target network.target mariadb.service [Service] Type=notify WorkingDirectory=/opt/mattermost User=mattermost ExecStart=/opt/mattermost/bin/mattermost PIDFile=/var/run/mattermost.pid TimeoutStartSec=3600 LimitNOFILE=49152 [Install] WantedBy=multi-user.target EOF
禁用SELinux或者将其设置为许可模式
sudo setenforce 0 sudo sed -i 's/^SELINUX=.*/SELINUX=permissive/g' /etc/selinux/config
使服务可执行。
sudo systemctl daemon-reload sudo systemctl enable --now mattermost
确认服务状态。
$systemctl status mattermost.service
● mattermost.service - Mattermost
Loaded: loaded (/etc/systemd/system/mattermost.service; enabled; vendor preset: disabled)
Active: active (running) since Fri 2017-03-13 20:01:03 EAT; 2min 47s ago
Main PID: 9154 (mattermost)
Tasks: 16 (limit: 11497)
Memory: 114.2M
CGroup: /system.slice/mattermost.service
├─9154 /opt/mattermost/bin/mattermost
└─9224 plugins/com.mattermost.nps/server/dist/plugin-linux-amd64
Mar 13 20:01:02 cent8.novalocal mattermost[9154]: {"level":"info","ts":1584118862.898295,"caller":"app/server.go:247","msg":"Printing current working",>
Mar 13 20:01:02 cent8.novalocal mattermost[9154]: {"level":"info","ts":1584118862.8983018,"caller":"app/server.go:248","msg":"Loaded config","source":">
Mar 13 20:01:02 cent8.novalocal mattermost[9154]: {"level":"info","ts":1584118862.920317,"caller":"sqlstore/post_store.go:1354","msg":"Post.Message has>
Mar 13 20:01:03 cent8.novalocal mattermost[9154]: {"level":"info","ts":1584118862.9979806,"caller":"jobs/workers.go:68","msg":"Starting workers"}
Mar 13 20:01:03 cent8.novalocal mattermost[9154]: {"level":"info","ts":1584118863.0024703,"caller":"app/web_hub.go:75","msg":"Starting websocket hubs",>
Mar 13 20:01:03 cent8.novalocal mattermost[9154]: {"level":"info","ts":1584118863.0136616,"caller":"jobs/schedulers.go:74","msg":"Starting schedulers."}
Mar 13 20:01:03 cent8.novalocal mattermost[9154]: {"level":"info","ts":1584118863.0337238,"caller":"app/server.go:470","msg":"Starting Server..."}
Mar 13 20:01:03 cent8.novalocal mattermost[9154]: {"level":"info","ts":1584118863.033907,"caller":"app/server.go:538","msg":"Server is listening on [::>
Mar 13 20:01:03 cent8.novalocal mattermost[9154]: {"level":"info","ts":1584118863.0339284,"caller":"commands/server.go:105","msg":"Sending systemd READ>
Mar 13 20:01:03 cent8.novalocal systemd[1]: Started Mattermost.
验证Mattermost是否正在运行。
$curl http://localhost:8065
我们应该看到Mattermost服务器返回的HTML thats。
安装和配置Nginx
在生产环境中运行Mattermost时,请使用代理服务器以提高Mattermost的安全性和性能。
在CentOS Linux机器上安装Nginx。
sudo dnf -y install epel-release sudo dnf -y install nginx
启动并启用Nginx服务。
sudo systemctl enable --now nginx
然后将Nginx Web服务器配置为Mattermost Server的代理。
sudo vi /etc/nginx/conf.d/mattermost.conf
将以下代码段粘贴并编辑到文件中,以最基本的方式配置Nginx。
upstream backend {
server 127.0.0.1:8065;
keepalive 32;
}
proxy_cache_path /var/cache/nginx levels=1:2 keys_zone=mattermost_cache:10m max_size=3g inactive=120m use_temp_path=off;
server {
listen 80;
server_name mattermost.example.com;
location ~ /api/v[0-9]+/(users/)?websocket${
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
client_max_body_size 50M;
proxy_set_header Host $http_host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Frame-Options SAMEORIGIN;
proxy_buffers 256 16k;
proxy_buffer_size 16k;
client_body_timeout 60;
send_timeout 300;
lingering_timeout 5;
proxy_connect_timeout 90;
proxy_send_timeout 300;
proxy_read_timeout 90s;
proxy_pass http://backend;
}
location/{
client_max_body_size 50M;
proxy_set_header Connection "";
proxy_set_header Host $http_host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Frame-Options SAMEORIGIN;
proxy_buffers 256 16k;
proxy_buffer_size 16k;
proxy_read_timeout 600s;
proxy_cache mattermost_cache;
proxy_cache_revalidate on;
proxy_cache_min_uses 2;
proxy_cache_use_stale timeout;
proxy_cache_lock on;
proxy_http_version 1.1;
proxy_pass http://backend;
}
}
修改whatmost.example.com,为Mattermost域设置正确的值。
验证Nginx配置文件。
$sudo nginx -t nginx: the configuration file /etc/nginx/nginx.conf syntax is ok nginx: configuration file /etc/nginx/nginx.conf test is successful
如果一切正常,请重新启动Nginx。
sudo systemctl restart nginx
在Firewalld上打开http和https端口。
sudo firewall-cmd --add-service={http,https} --permanent
sudo firewall-cmd --reload
确认状态为运行中。
$sudo systemctl status nginx
● nginx.service - The nginx HTTP and reverse proxy server
Loaded: loaded (/usr/lib/systemd/system/nginx.service; enabled; vendor preset: disabled)
Active: active (running) since Fri 2017-03-13 20:17:05 EAT; 2min 9s ago
Process: 9772 ExecStart=/usr/sbin/nginx (code=exited, status=0/SUCCESS)
Process: 9769 ExecStartPre=/usr/sbin/nginx -t (code=exited, status=0/SUCCESS)
Process: 9768 ExecStartPre=/usr/bin/rm -f /run/nginx.pid (code=exited, status=0/SUCCESS)
Main PID: 9774 (nginx)
Tasks: 3 (limit: 11497)
Memory: 5.2M
CGroup: /system.slice/nginx.service
├─9774 nginx: master process /usr/sbin/nginx
├─9775 nginx: worker process
└─9776 nginx: cache manager process
Mar 13 20:17:05 cent8.novalocal systemd[1]: Starting The nginx HTTP and reverse proxy server...
Mar 13 20:17:05 cent8.novalocal nginx[9769]: nginx: the configuration file /etc/nginx/nginx.conf syntax is ok
Mar 13 20:17:05 cent8.novalocal nginx[9769]: nginx: configuration file /etc/nginx/nginx.conf test is successful
Mar 13 20:17:05 cent8.novalocal systemd[1]: nginx.service: Failed to parse PID from file /run/nginx.pid: Invalid argument
Mar 13 20:17:05 cent8.novalocal systemd[1]: Started The nginx HTTP and reverse proxy server.
我们应该能够访问在Nginx上配置的Mattermost域。
$curl mattermost.example.com
配置Mattermost服务器
现在,我们可以通过打开Nginx上配置的域来开始配置Mattermost服务器。
http://mattermost.example.com
在首页上创建管理员用户该用户将可以创建或者邀请其他新用户。
选择创建团队或者直接进入控制台。
如果选择创建团队,请提供团队名称,然后单击下一步。
设置团队URL,然后单击完成。
Mattermost的仪表板控制台应如下所示。
然后,我们可以邀请成员加入创建的团队。还可以考虑为PC,Mac,iOS和Android安装应用程序,以便随时随地访问和通知。
配置Lets加密/自定义SSL证书
我们可以使用SSL通过确保对Mattermost客户端和Mattermost服务器之间的通信进行加密来确保更高的安全性。它还允许我们将NGINX配置为使用HTTP/2协议。
获取域的Lets Encrypt SSL证书。首先下载certbot脚本。
wget https://dl.eff.org/certbot-auto chmod +x certbot-auto sudo mv certbot-auto /usr/local/bin
停止Nginx服务。
sudo systemctl stop nginx
然后为过期警报设置"域和电子邮件",并获得免费的Lets Encrypt证书。
export DOMAIN="mattermost.example.com" export EMAIL_ALERTS="theitroad@localhost" sudo /usr/local/bin/certbot-auto certonly --standalone -d $DOMAIN --preferred-challenges http --agree-tos -n -m $EMAIL_ALERTS --keep-until-expiring
更新nginx配置文件以设置SSL。
.
.
.
proxy_cache_path /var/cache/nginx levels=1:2 keys_zone=mattermost_cache:10m max_size=3g inactive=120m use_temp_path=off;
server {
listen 80 default_server;
server_name mattermost.example.com ;
return 301 https://$server_name$request_uri;
}
server {
listen 443 ssl http2;
server_name mattermost.example.com ;
ssl on;
ssl_certificate /etc/letsencrypt/live/{domain-name}/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/{domain-name}/privkey.pem;
ssl_session_timeout 1d;
ssl_protocols TLSv1.2;
ssl_ciphers 'ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256';
ssl_prefer_server_ciphers on;
ssl_session_cache shared:SSL:50m;
# HSTS (ngx_http_headers_module is required) (15768000 seconds = 6 months)
add_header Strict-Transport-Security max-age=15768000;
# OCSP Stapling --
# fetch OCSP records from URL in ssl_certificate and cache them
ssl_stapling on;
ssl_stapling_verify on;
location ~ /api/v[0-9]+/(users/)?websocket${
proxy_set_header Upgrade $http_upgrade;
.
.
.
location/{
proxy_http_version 1.1;
.
.
.
重新启动Nginx。
sudo systemctl restart nginx
从Web浏览器确认服务现在位于https上。请访问Mattermost官方文档以了解更多信息。
