Rocket.Chat 即時通訊
BUBU 因前陣子有點忙碌,現在比較有空閒一點來建置這一套聊天平台,這是一套團隊在內部溝通的通訊軟體,因有些事情不適合在 Line 交談,因此看到社群有在推這一套 Rocket.Chat 通訊平台 節省工具箱 Jason Tools
運行環境
本工作室環境都是在 「Proxmox VE 」 虛擬系統上架設,都是以 「 LXC 」模式為主,除非有特殊狀況會告知使用 「 VM 」 模式
- 系統環境: Debian10
安裝過程
- 先更新系統並且新增加來源庫
sudo apt-get -y update
sudo apt-get install -y dirmngr gnupg && sudo apt-key adv --keyserver hkp://keyserver.ubuntu.com:80 --recv 9DA31620334BD75D9DCB49F368818C72E52529D4
增加 Mongodb 來源庫
- 導入 Mongodb 密鑰
wget -qO - https://www.mongodb.org/static/pgp/server-4.4.asc | sudo apt-key add -
- 如果遇到 gnupg 未安裝時的處理
sudo apt-get install gnupg
- 安裝完導入密鑰
wget -qO - https://www.mongodb.org/static/pgp/server-4.4.asc | sudo apt-key add -
- 新增加來源庫
echo "deb http://repo.mongodb.org/apt/debian buster/mongodb-org/4.4 main" | sudo tee /etc/apt/sources.list.d/mongodb-org-4.0.list
- 更新系統
sudo apt-get update
增加 Node.js 來源庫
- 因 Rocket.Chat 如是 4.4 版本以上 NodeJS 需要在 14 版才能正常運行。
sudo apt-get -y update && sudo apt-get install -y curl && curl -fsSL https://deb.nodesource.com/setup_14.x | bash -
安裝服務
- 安裝MongoDB、nodejs、graphicsmagick
sudo apt-get install -y build-essential mongodb-org nodejs graphicsmagick
- 指定 NPM 版本
sudo npm install -g inherits n && sudo n 14.19.3
安裝 Rocket.Chat
- 下載 Rocket.Chat 套件
curl -L https://releases.rocket.chat/latest/download -o /tmp/rocket.chat.tgz
- 解壓
tar -xzf /tmp/rocket.chat.tgz -C /tmp
- 進入某個目錄之後並且安裝
cd /tmp/bundle/programs/server && npm install
sudo mv /tmp/bundle /opt/Rocket.Chat
設定 Rocket.Chat 服務
- 新增加使用者及群組
sudo useradd -M rocketchat && sudo usermod -L rocketchat
- 權限設定
sudo chown -R rocketchat:rocketchat /opt/Rocket.Chat
- 新增加 Rocketchat 服務
cat << EOF |sudo tee -a /lib/systemd/system/rocketchat.service
[Unit]
Description=The Rocket.Chat server
After=network.target remote-fs.target nss-lookup.target nginx.service mongod.service
[Service]
ExecStart=/usr/local/bin/node /opt/Rocket.Chat/main.js
StandardOutput=syslog
StandardError=syslog
SyslogIdentifier=rocketchat
User=rocketchat
Environment=MONGO_URL=mongodb://localhost:27017/rocketchat?replicaSet=rs01 MONGO_OPLOG_URL=mongodb://localhost:27017/local?replicaSet=rs01 ROOT_URL=http://localhost:3000/ PORT=3000
[Install]
WantedBy=multi-user.target
EOF
- 修正設定檔
vim /lib/systemd/system/rocketchat.service(選擇性處理)
Environment = MONGO_URL=mongodb://localhost:27017/rocketchat?replicaSet=rs01
Environment = MONGO_OPLOG_URL=mongodb://localhost:27017/local?replicaSet=rs01
Environment = ROOT_URL=http://your-host-name.com-as-accessed-from-internet:3000 <---這個要修改成 0.0.0.0 允許所有的來源
Environment = PORT=3000
設定 MongoDB 跟 Rocket.Chat 溝通
sudo sed -i "s/^# engine:/ engine: wiredTiger/" /etc/mongod.conf
sudo sed -i "s/^#replication:/replication:\n replSetName: rs01/" /etc/mongod.conf
sudo systemctl enable mongod && sudo systemctl start mongod
mongo --eval "printjson(rs.initiate())"
sudo systemctl enable rocketchat && sudo systemctl start rocketchat
安裝 Nginx 服務
- 可以參考本站之前做設定方式 Nginx 模組擴充 - Debain \ Ubuntu,或著直接安裝
Nginx 設定檔
- 代理伺服器的服務設定檔
server {
listen 80;
server_name 你的網域;
rewrite ^(.*)$ https://${server_name}$1 permanent;
}
#
server {
# 使用 https 和 http/2 協定
listen 443 ssl http2;
# 上述的 IPv6 方式
listen [::]:443 ssl http2;
server_name 你的網域;
#
# certs sent to the client in SERVER HELLO are concatenated in ssl_certificate
#
# SSL 憑證證書路徑
ssl_certificate /etc/nginx/ssl/fullchain.pem;
# 私鑰路徑
ssl_certificate_key /etc/nginx/ssl/privkey.pem;
# 緩存有效期
ssl_session_timeout 1d;
# 緩存憑證類型和大小
ssl_session_cache shared:SSL:50m;
#
# intermediate configuration. tweak to your needs.
#
# 使用的加密協定
ssl_protocols TLSv1.3 TLSv1.2 TLSv1.1;
# 加密演算法,越前面的優先級越高
ssl_ciphers 'TLS13-AES-256-GCM-SHA384:TLS13-CHACHA20-POLY1305-SHA256:TLS13-AES-128-GCM-SHA256:TLS13-AES-128-CCM-8-SHA256:TLS13-AES-128-CCM-SHA256:EECDH+CHACHA20:EECDH+CHACHA20-draft:EECDH+ECDSA+AES128:EECDH+aRSA+AES128:RSA+AES128:EECDH+ECDSA+AES256:EECDH+aRSA+AES256:RSA+AES256:EECDH+ECDSA+3DES:EECDH+aRSA+3DES:RSA+3DES:!MD5';
# 交握過程使用 Server 的首選加演算法,這裡使用 Client 為首選
ssl_prefer_server_ciphers on;
#
access_log /var/log/nginx/rc_access.log;
error_log /var/log/nginx/rc_error.log;
#
location ~ ^/.* {
proxy_pass http://您的服務主機:3000;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_set_header Host $http_host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto https;
proxy_set_header X-Nginx-Proxy true;
proxy_redirect off;
}
}
- 本機上的全域設定
user www-data;
worker_processes auto;
error_log /var/log/nginx/error.log;
pid /run/nginx.pid;
include /usr/share/nginx/modules/*.conf;
#
events {
worker_connections 1024;
}
#
http {
log_format main '$remote_addr - $remote_user [$time_local] "$request" '
'$status $body_bytes_sent "$http_referer" '
'"$http_user_agent" "$http_x_forwarded_for"';
#
access_log /var/log/nginx/access.log main;
#
#
client_max_body_size 2048m;
client_body_buffer_size 256k;
client_body_timeout 1800s;
client_header_timeout 1800s;
fastcgi_intercept_errors on;
fastcgi_buffers 4 64K;
#
server_tokens off;
#
# Default is 60, May need to be increased for very large uploads
#
sendfile on;
tcp_nopush on;
tcp_nodelay on;
keepalive_timeout 65;
types_hash_max_size 2048;
#
include /etc/nginx/mime.types;
include /etc/nginx/conf.d/*.conf;
default_type application/octet-stream;
# Restoring the original visitor IP for your web application
set_real_ip_from 127.0.0.1;
# use any of the following two
# real_ip_header CF-Connecting-IP;
real_ip_header X-Forwarded-For;
#
brotli on;
brotli_comp_level 6;
brotli_min_length 512;
brotli_types text/plain text/javascript text/css text/xml text/x-component application/javascript application/x-javascript application/xml application/json application/xhtml+xml application/rss+xml application/atom+xml application/x-font-ttf application/vnd.ms-fontobject image/svg+xml image/x-icon font/opentype;
brotli_static always;
}
- 本機上服務設定檔
# Upstreams
upstream rocket_backend {
server 127.0.0.1:3000;
}
#
server {
listen 80;
server_name 你的網域;
rewrite ^(.*)$ https://${server_name}$1 permanent;
}
#
server {
listen 443 ssl http2;
listen [::]:443 ssl http2;
server_name 你的網域;
#
# certs sent to the client in SERVER HELLO are concatenated in ssl_certificate
#
ssl_certificate /etc/nginx/ssl/fullchain.pem;
ssl_certificate_key /etc/nginx/ssl/privkey.pem;
ssl_session_timeout 1d;
ssl_session_cache shared:SSL:50m;
ssl_session_tickets on;
#
# intermediate configuration. tweak to your needs.
#
ssl_protocols TLSv1.3 TLSv1.2;
ssl_ciphers 'TLS13-AES-256-GCM-SHA384:TLS13-CHACHA20-POLY1305-SHA256:TLS13-AES-128-GCM-SHA256:TLS13-AES-128-CCM-8-SHA256:TLS13-AES-128-CCM-SHA256:EECDH+CHACHA20:EECDH+CHACHA20-draft:EECDH+ECDSA+AES128:EECDH+aRSA+AES128:RSA+AES128:EECDH+ECDSA+AES256:EECDH+aRSA+AES256:RSA+AES256:EECDH+ECDSA+3DES:EECDH+aRSA+3DES:RSA+3DES:!MD5';
ssl_prefer_server_ciphers on;
#
access_log /var/log/nginx/rc_access.log;
error_log /var/log/nginx/rc_error.log;
#
client_max_body_size 1G;
fastcgi_buffers 64 4K;
#
#index index.php;
#
location / {
proxy_pass http://127.0.0.1:3000/;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_set_header Host $http_host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forward-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forward-Proto http;
proxy_set_header X-Nginx-Proxy true;
proxy_redirect off;
}
}