centos7搭建自己的聊天服务器rocket.chat
此安装指南在以下环境中进行了测试:
Rocket.Chat 3.5.0
OS: CentOS 7.6 mini
Mongodb 4.0.9
NodeJS 12.14.0
一、官网:
https://rocket.chat/
官网文档
https://docs.rocket.chat/installation/manual-installation/centos
二、安装依赖关系
2.1、关闭SELinux
sed -i 's/SELINUX=enforcing/SELINUX=disabled/g' /etc/selinux/config
临时关闭(不用重启机器):
setenforce 0 ##设置SELinux 成为permissive模式
2.2、安装nodejs、mongodb:创建mongodb的yum源:(MongoDB是NoSQL面向文档的数据库,它被Rocket.Chat用作数据存储)
cat << EOF | sudo tee -a /etc/yum.repos.d/mongodb-org-4.0.repo
[mongodb-org-4.0]
name=MongoDB Repository
baseurl=https://repo.mongodb.org/yum/redhat/7/mongodb-org/4.0/x86_64/
gpgcheck=1
enabled=1
gpgkey=https://www.mongodb.org/static/pgp/server-4.0.asc
EOF
2.3、配置nodejs通过软件包管理器安装:
sudo yum install -y curl && curl -sL https://rpm.nodesource.com/setup_12.x | sudo bash -
软件包需要安装依赖包yarn,下载yarn 云源并安装yarn
curl -sL https://dl.yarnpkg.com/rpm/yarn.repo | sudo tee /etc/yum.repos.d/yarn.repo
sudo yum install yarn -y
2.4、安装开发工具、MongoDB、nodejs和graphicsmagick:
sudo yum install -y gcc-c++ make mongodb-org nodejs
sudo yum install -y epel-release && sudo yum install -y GraphicsMagick
Rocket.Chat3.5推荐的Node.js版本是Node.js v12.0.0及以上版本。 发出以下命令以安装推荐的Node.js版本:12.14.0
sudo npm install -g inherits n && sudo n 12.14.0
三、安装rocket.chat服务器:并用curl下载最新的Rocket.Chat稳定版本
安装lrzsz上传下载工具
yum install -y lrzsz
3.1.下载:
curl -L https://releases.rocket.chat/latest/download -o /tmp/rocket.chat.tgz
下载完成后,解压缩压缩文件并将目录重命名为Rocket.Chat:
3.2. 解压:
tar -xzf /tmp/rocket.chat.tgz -C /tmp
3.3. 安装依赖模块:
cd /tmp/bundle/programs/server && npm install
3.4. 重命名:
sudo mv /tmp/bundle /opt/Rocket.Chat
四、添加rocketchat用户,配置rocket.cha服务
sudo useradd -M rocketchat && sudo usermod -L rocketchat
sudo chown -R rocketchat:rocketchat /opt/Rocket.Chat
cat << EOF |sudo tee -a /lib/systemd/system/rocketchat.service
[Unit]
Description=The Rocket.Chat server
After=network.target remote-fs.target nss-lookup.target nginx.target mongod.target
[Service]
ExecStart=/usr/local/bin/node /opt/Rocket.Chat/main.js
StandardOutput=syslog
StandardError=syslog
SyslogIdentifier=rocketchat
User=rocketchat
Environment=MONGO_URL=mongodb://localhost:27017/rocketchat?replicaSet=rs01 MONGO_OPLOG_URL=mongodb://localhost:27017/local?replicaSet=rs01 ROOT_URL=http://l192.168.32.61:3000/ PORT=3000
[Install]
WantedBy=multi-user.target
EOF
4.1、为MongoDB设置存储引擎和复制(版本>1时必须),并启用并启动MongoDB和Rocket.Chat
sudo sed -i "s/^# engine:/ engine: mmapv1/" /etc/mongod.conf
sudo sed -i "s/^#replication:/replication:\n replSetName: rs01/" /etc/mongod.conf
设置MongoDB 服务开机启动,并查看MongoDB初始化信息
sudo systemctl enable mongod && sudo systemctl start mongod
mongo --eval "printjson(rs.initiate())"
设置rocketchat 服务开机启动,并启动服务
sudo systemctl enable rocketchat && sudo systemctl start rocketchat
4.2、使用以下命令检查服务状态:查看rocketchat和mongodb 服务状态
systemctl status mongod.service
systemctl status rocketchat.service
安装网络工具
yum install -y net-tools
netstat -nat |grep 3000
4.3、防火墙配置
sudo firewall-cmd --permanent --add-port=3000/tcp
sudo systemctl reload firewalld
五、测试:
5.1.连接浏览器:
http://192.168.32.61:3000
5.2.客户端添加
5.3. 创建管理员:
5.4. 创建组织:
5.5. 创建服务器信息:
5.6. 注册服务器:
5.7. 转移到工作区
5.8. 界面效果:
5.9.用管理员登陆,打开管理界面
5.10.创建用户
六、安装并配置nginx SSL反向代理(启用HTTPS)
yum -y install nginx
nginx配置文件在 /etc/nginx/conf.d/
6.1.将nginx 用户添加到rocket用户组,并更改/opt/rocket 目录权限,以便Nginx可以访问它:
sudo usermod -a -G rocketchat nginx sudo chmod 750 /opt/Rocket.Chat
验证nginx 配置的正确行
/usr/sbin/nginx -t
启动NGINX,并设置开机启动
systemctl start nginx
sudo systemctl enable nginx
防火墙配置允许80和443端口
sudo firewall-cmd --add-service=http
sudo firewall-cmd --add-service=https
sudo firewall-cmd --runtime-to-permanent
sudo systemctl reload firewalld
sudo iptables -I INPUT -p tcp -m tcp --dport 80 -j ACCEPT
sudo iptables -I INPUT -p tcp -m tcp --dport 443 -j ACCEPT
使用ip访问出现如下截图说明nginx配置成功
创建SSL证书(生成自签名SSL证书)
sudo mkdir /etc/ssl/private
sudo chmod 700 /etc/ssl/private
sudo openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout /etc/ssl/private/nginx-selfsigned.key -out /etc/ssl/certs/nginx-selfsigned.crt
复制自签名SSL证书及私钥到nginx目录,设置400权限
Add your private key to /etc/nginx/certificate.key
Lock down permissions: chmod 400 /etc/nginx/certificate.key
Add your certificate to /etc/nginx/certificate.crt
Edit /etc/nginx/sites-enabled/default or if you use nginx from docker /etc/nginx/conf.d/default.conf and be sure to use your actual hostname in lieu of the sample hostname "your_hostname.com" below.
配置rocketchat服务,基于NGINX https
vi /etc/nginx/conf.d/Rocket.Chat.conf
# Upstreams
upstream backend {
server 127.0.0.1:3000;
}
# HTTPS Server
server {
listen 443;
server_name rocketchat.xxx.com;
# You can increase the limit if your need to.
client_max_body_size 200M;
error_log /var/log/nginx/rocketchat.access.log;#创建记录错误的日志 可以访问早nginx的目录就可以了 rocketchat.access.log会自动生成
ssl on;
ssl_certificate /etc/nginx/certificate.crt;#你自己的证书crt
ssl_certificate_key /etc/nginx/certificate.key;#你自己的证书key
ssl_protocols TLSv1 TLSv1.1 TLSv1.2; # don’t use SSLv3 ref: POODLE
location / {
proxy_pass http://0.0.0.0:3000;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_set_header Host $http_host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forward-Proto http;
proxy_set_header X-Nginx-Proxy true;
proxy_redirect off;
}
}
修改Rocket.Chat服务配置文件中 ROOT_URL选项(启用https)
vi /lib/systemd/system/rocketchat.service
重新加载rocketchat服务,以使更改生效:
systemctl daemon-reload
systemctl restart rocketchat
修改NGINX HTTPS端口为特殊端口
vi /etc/nginx/conf.d/Rocket.Chat.conf
6.2.重新加载Nginx服务,以使更改生效:
sudo systemctl reload nginx
查看rocketchat服务状态
systemctl status rocketchat
在管理界面修改网址信息
防火墙配置,允许特殊端口8443访问
sudo firewall-cmd --permanent --add-port=8443/tcp
sudo systemctl reload firewalld