Rocket.Chat 是一个完整的团队沟通平台, 是一个自我托管的 Slack 替代品。它由 Meteor 构建, 提供多种功能, 包括帮助台聊天、视频会议、文件共享、语音消息、API等。
在本教程中, 我们将向你展示如何在使用 Nginx SSL 反向代理在 CentOS 7 服务器 (至少 1GB 内存) 上部署 Rocket.Chat v0.69.1
安装基础环境
yum install epel-release curl GraphicsMagick gcc-c++
yum install nodejs npm nginx
# 安装 Node.js
npm install -g inherits n
n 8.11.3
安装 MongoDB
MongoDB 是一个面向 NoSQL 文档的数据库
Rocket.Chat 建议使用 MongoDB 3.6。使用 yum 安装官方 MongoDB 存储库
vim /etc/yum.repos.d/mongodb-org.repo
# 把下面的复制进去
[mongodb-org-3.6]
name=MongoDB Repository
baseurl=https://repo.mongodb.org/yum/redhat/$releasever/mongodb-org/3.6/x86_64/
gpgcheck=1
enabled=1
gpgkey=https://www.mongodb.org/static/pgp/server-3.6.asc
:wq
保存并退出
安装 MongoDB 并设置开机启动
yum install mongodb-org
systemctl start mongod
systemctl enable mongod
创建新用户
创建一个新用户和组, 使用 rocket
运行 Rocket.Chat
useradd -m -U -r -d /opt/rocket rocket
将 nginx 用户添加到新用户组并更改 /opt/rocket
目录权限, 以便 nginx 可以访问它
usermod -a -G rocket nginx
chmod 750 /opt/rocket
安装 Rocket.Chat
# 切换到 rocket 用户
su - rocket
# 下载最新稳定版的 Rocket.Chat
curl -L https://releases.rocket.chat/latest/download -o rocket.chat.tgz
# 解压并重命名文件夹
tar zxf rocket.chat.tgz
mv bundle Rocket.Chat
# 进入到 Rocket.Chat/programs/server 目录并安装所有必需的 npm 包
cd Rocket.Chat/programs/server
npm install
在创建系统服务和使用 Nginx 反向代理之前, 最好先测试安装是否成功
设置所需的环境变量
export PORT=3000
export ROOT_URL=http://example.com:3000/
export MONGO_URL=mongodb://localhost:27017/rocketchat
返回 Rocket.Chat 目录并启动 Rocket.Chat 服务器
cd ../../
node main.js
如果没有错误, 应该看到如下输出
➔ +---------------------------------------------+
➔ | SERVER RUNNING |
➔ +---------------------------------------------+
➔ | |
➔ | Rocket.Chat Version: 0.71.1 |
➔ | NodeJS Version: 8.11.3 - x64 |
➔ | Platform: linux |
➔ | Process Port: 3000 |
➔ | Site URL: http://0.0.0.0:3000/ |
➔ | ReplicaSet OpLog: Disabled |
➔ | Commit Hash: e73dc78ffd |
➔ | Commit Branch: HEAD |
➔ | |
➔ +---------------------------------------------+
此时, Rocket.Chat 已经安装在 CentOS 7 机器上。按下 CTRL+C
停止 Rocket.Chat 服务器
创建系统服务
vim /etc/systemd/system/rocketchat.service
# 把下面的复制进去
[Unit]
Description=Rocket.Chat server
After=network.target nss-lookup.target mongod.target
[Service]
StandardOutput=syslog
StandardError=syslog
SyslogIdentifier=rocketchat
User=rocket
Environment=MONGO_URL=mongodb://localhost:27017/rocketchat ROOT_URL=http://example.com:3000/ PORT=3000
ExecStart=/usr/local/bin/node /opt/rocket/Rocket.Chat/main.js
[Install]
WantedBy=multi-user.target
刷新系统服务, 并启动 Rocket.Chat
systemctl daemon-reload
systemctl start rocketchat
检查是否启动成功
systemctl status rocketchat
● rocketchat.service - Rocket.Chat server
Loaded: loaded (/etc/systemd/system/rocketchat.service; enabled; vendor preset: disabled)
Active: active (running) since Tue 2018-04-10 20:30:56 UTC; 8s ago
Main PID: 32356 (node)
CGroup: /system.slice/rocketchat.service
└─32356 /usr/local/bin/node /opt/rocket/Rocket.Chat/main.js
如果没有错误, 可以设置开机自动启动
systemctl enable rocketchat
使用 Nginx 设置反向代理
vim /etc/nginx/conf.d/rocket.chat.conf
在文件中添加以下配置
upstream rocketchat_backend {
server 127.0.0.1:3000;
}
server {
listen 80;
server_name example.com www.example.com;
return 301 https://example.com$request_uri;
}
server {
listen 443 ssl http2;
server_name example.com;
ssl_certificate /SSL/example.com.crt;
ssl_certificate_key /SSL/example.com.key;
# ssl_trusted_certificate /SSL/example.com.pfx;
# ssl_dhparam /etc/ssl/certs/dhparam.pem;
ssl_session_timeout 1d;
ssl_session_cache shared:SSL:50m;
ssl_session_tickets off;
ssl_protocols TLSv1.1 TLSv1.2;
ssl_ciphers 'ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256';
ssl_prefer_server_ciphers on;
ssl_stapling on;
ssl_stapling_verify on;
resolver 8.8.8.8 8.8.4.4 valid=300s;
resolver_timeout 30s;
add_header Strict-Transport-Security "max-age=15768000; includeSubdomains; preload";
add_header X-Frame-Options SAMEORIGIN;
add_header X-Content-Type-Options nosniff;
access_log /var/log/nginx/example.com-access.log;
error_log /var/log/nginx/example.com-error.log;
location / {
proxy_pass http://rocketchat_backend;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_set_header Host $http_host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forward-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forward-Proto http;
proxy_set_header X-Nginx-Proxy true;
proxy_redirect off;
}
}
重新加载 Nginx 服务以使更改生效
systemctl reload nginx
配置 Rocket.Chat
打开浏览器并输入: http://chat.example.com
如果安装成功, 你将看到 Rocket.Chat 安装向导, 它将指导你设置第一个管理员用户和配置账号信息
配置完成后即可进入 Rocket.Chat
你现在可以开始使用 Rocket.Chat 与你的团队协作, 共享文件和实时聊天
原文
How to deploy Rocket.Chat on CentOS 7
Secure Nginx with Let’s Encrypt on CentOS 7