Skip to main content

Rocket.Chat 即時通訊

BUBU 因前陣子有點忙碌,現在比較有空閒一點來建置這一套聊天平台,這是一套團隊在內部溝通的通訊軟體,因有些事情不適合在 Line 交談,因此看到社群有在推這一套 Rocket.Chat 通訊平台 節省工具箱 Jason Tools

運行環境


本工作室環境都是在 「Proxmox VE 」 虛擬系統上架設,都是以 「 LXC 」模式為主,除非有特殊狀況會告知使用 「 VM 」 模式

  • 系統環境: Debian10

安裝或測試過程


  • 先更新系統並且新增加來源庫
sudo apt-get -y update
sudo apt-get install -y dirmngr gnupg && sudo apt-key adv --keyserver hkp://keyserver.ubuntu.com:80 --recv 9DA31620334BD75D9DCB49F368818C72E52529D4
增加 Mongodb 來源庫

  • 導入 Mongodb 密鑰
wget -qO - https://www.mongodb.org/static/pgp/server-4.4.asc | sudo apt-key add -
  • 如果遇到 gnupg 未安裝時的處理
sudo apt-get install gnupg
  • 安裝完導入密鑰
wget -qO - https://www.mongodb.org/static/pgp/server-4.4.asc | sudo apt-key add -
  • 新增加來源庫
echo "deb http://repo.mongodb.org/apt/debian buster/mongodb-org/4.4 main" | sudo tee /etc/apt/sources.list.d/mongodb-org-4.4.list
  • 更新系統
sudo apt-get update
增加 Node.js 來源庫

sudo apt-get -y update && sudo apt-get install -y curl && curl -sL https://deb.nodesource.com/setup_12.x | sudo bash -
安裝服務

  • 安裝MongoDB、nodejs、graphicsmagick
sudo apt-get install -y build-essential mongodb-org nodejs graphicsmagick
  • 指定 NPM 版本
sudo npm install -g inherits n && sudo n 12.18.4
安裝 Rocket.Chat

  • 下載 Rocket.Chat 套件
curl -L https://releases.rocket.chat/latest/download -o /tmp/rocket.chat.tgz
  • 解壓
tar -xzf /tmp/rocket.chat.tgz -C /tmp
  • 進入某個目錄之後並且安裝
cd /tmp/bundle/programs/server && npm install

sudo mv /tmp/bundle /opt/Rocket.Chat
設定 Rocket.Chat 服務

  • 新增加使用者及群組
sudo useradd -M rocketchat && sudo usermod -L rocketchat
  • 權限設定
sudo chown -R rocketchat:rocketchat /opt/Rocket.Chat
  • 新增加 Rocketchat 服務
cat << EOF |sudo tee -a /lib/systemd/system/rocketchat.service
[Unit]
Description=The Rocket.Chat server
After=network.target remote-fs.target nss-lookup.target nginx.service mongod.service
[Service]
ExecStart=/usr/local/bin/node /opt/Rocket.Chat/main.js
StandardOutput=syslog
StandardError=syslog
SyslogIdentifier=rocketchat
User=rocketchat
Environment=MONGO_URL=mongodb://localhost:27017/rocketchat?replicaSet=rs01 MONGO_OPLOG_URL=mongodb://localhost:27017/local?replicaSet=rs01 ROOT_URL=http://localhost:3000/ PORT=3000
[Install]
WantedBy=multi-user.target
EOF
  • 修正設定檔 vim /lib/systemd/system/rocketchat.service (選擇性處理)
Environment = MONGO_URL=mongodb://localhost:27017/rocketchat?replicaSet=rs01
Environment = MONGO_OPLOG_URL=mongodb://localhost:27017/local?replicaSet=rs01
Environment = ROOT_URL=http://your-host-name.com-as-accessed-from-internet:3000 <---這個要修改成 0.0.0.0 允許所有的來源
Environment = PORT=3000
設定 MongoDB 跟 Rocket.Chat 溝通

sudo sed -i "s/^#  engine:/  engine: wiredTiger/"  /etc/mongod.conf

sudo sed -i "s/^#replication:/replication:\n  replSetName: rs01/" /etc/mongod.conf

sudo systemctl enable mongod && sudo systemctl start mongod

mongo --eval "printjson(rs.initiate())"

sudo systemctl enable rocketchat && sudo systemctl start rocketchat
安裝 Nginx 服務

Nginx 設定檔


  • 代理伺服器的服務設定檔
server {
	listen 80;
	server_name 你的網域;
    rewrite ^(.*)$ https://${server_name}$1 permanent;
}
#
server {
	#                                使用 https 和 http/2 協定
	listen 443 ssl http2;
	#                                上述的 IPv6 方式
	listen [::]:443 ssl http2;
	server_name 你的網域;
	#
	#                                certs sent to the client in SERVER HELLO are concatenated in ssl_certificate
	#
	#                                SSL 憑證證書路徑
	ssl_certificate /etc/nginx/ssl/fullchain.pem;
	#                                私鑰路徑
	ssl_certificate_key /etc/nginx/ssl/privkey.pem;
	#                                緩存有效期
	ssl_session_timeout 1d;
	#                                緩存憑證類型和大小
	ssl_session_cache shared:SSL:50m;
	#
	#                                intermediate configuration. tweak to your needs.
	#
	#                                使用的加密協定
	ssl_protocols TLSv1.3 TLSv1.2 TLSv1.1;
	#                                加密演算法,越前面的優先級越高
	ssl_ciphers 'TLS13-AES-256-GCM-SHA384:TLS13-CHACHA20-POLY1305-SHA256:TLS13-AES-128-GCM-SHA256:TLS13-AES-128-CCM-8-SHA256:TLS13-AES-128-CCM-SHA256:EECDH+CHACHA20:EECDH+CHACHA20-draft:EECDH+ECDSA+AES128:EECDH+aRSA+AES128:RSA+AES128:EECDH+ECDSA+AES256:EECDH+aRSA+AES256:RSA+AES256:EECDH+ECDSA+3DES:EECDH+aRSA+3DES:RSA+3DES:!MD5';
	#                                交握過程使用 Server 的首選加演算法,這裡使用 Client 為首選
	ssl_prefer_server_ciphers on;
	#
	access_log /var/log/nginx/rc_access.log;
	error_log /var/log/nginx/rc_error.log;
	#
	location ~ ^/.* {
		proxy_pass http://您的服務主機:3000;
        proxy_http_version 1.1;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection "upgrade";
        proxy_set_header Host $http_host;

        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header X-Forwarded-Proto https;
        proxy_set_header X-Nginx-Proxy true;

        proxy_redirect off;
	}
}
  • 本機上的全域設定
user nginx;
worker_processes auto;
error_log /var/log/nginx/error.log;
pid /run/nginx.pid;
include /usr/share/nginx/modules/*.conf;
#
events {
    worker_connections 1024;
}
#
http {
    log_format main '$remote_addr - $remote_user [$time_local] "$request" '
    '$status $body_bytes_sent "$http_referer" '
    '"$http_user_agent" "$http_x_forwarded_for"';
    #
    access_log /var/log/nginx/access.log main;
    #
    #
    client_max_body_size 2048m;
    client_body_buffer_size 256k;
    client_body_timeout 1800s;
    client_header_timeout 1800s;
    fastcgi_intercept_errors on;
    fastcgi_buffers 4 64K;
    #
    server_tokens off;
    #
    # Default is 60, May need to be increased for very large uploads
    #
    sendfile on;
    tcp_nopush on;
    tcp_nodelay on;
    keepalive_timeout 65;
    types_hash_max_size 2048;
    #
    include /etc/nginx/mime.types;
    include /etc/nginx/conf.d/*.conf;
    default_type application/octet-stream;
    # Restoring the original visitor IP for your web application
    set_real_ip_from 127.0.0.1;
    # use any of the following two
    # real_ip_header CF-Connecting-IP;
    real_ip_header X-Forwarded-For;
    #
    brotli on;
    brotli_comp_level 6;
    brotli_min_length 512;
    brotli_types text/plain text/javascript text/css text/xml text/x-component application/javascript application/x-javascript application/xml application/json application/xhtml+xml application/rss+xml application/atom+xml application/x-font-ttf application/vnd.ms-fontobject image/svg+xml image/x-icon font/opentype;
    brotli_static always;
}
  • 本機上服務設定檔
# Upstreams
upstream rocket_backend {
  server 127.0.0.1:3000;
}
#
server {
    listen 80;
    server_name 你的網域;
    rewrite ^(.*)$ https://${server_name}$1 permanent;
}
#
server {
    listen 443 ssl http2;
    listen [::]:443 ssl http2;
    server_name 你的網域;
    #
    # certs sent to the client in SERVER HELLO are concatenated in ssl_certificate
    #
    ssl_certificate /etc/nginx/ssl/fullchain.pem;
    ssl_certificate_key /etc/nginx/ssl/privkey.pem;
    ssl_session_timeout 1d;
    ssl_session_cache shared:SSL:50m;
    ssl_session_tickets on;
    #
    # intermediate configuration. tweak to your needs.
    #
    ssl_protocols TLSv1.3 TLSv1.2;
	ssl_ciphers 'TLS13-AES-256-GCM-SHA384:TLS13-CHACHA20-POLY1305-SHA256:TLS13-AES-128-GCM-SHA256:TLS13-AES-128-CCM-8-SHA256:TLS13-AES-128-CCM-SHA256:EECDH+CHACHA20:EECDH+CHACHA20-draft:EECDH+ECDSA+AES128:EECDH+aRSA+AES128:RSA+AES128:EECDH+ECDSA+AES256:EECDH+aRSA+AES256:RSA+AES256:EECDH+ECDSA+3DES:EECDH+aRSA+3DES:RSA+3DES:!MD5';
    ssl_prefer_server_ciphers on;
    #
    access_log /var/log/nginx/rc_access.log;
    error_log /var/log/nginx/rc_error.log;
    #
    client_max_body_size 1G;
    fastcgi_buffers 64 4K;
    #
    #index index.php;
    #
    location / {
        proxy_pass http://127.0.0.1:3000/;
        proxy_http_version 1.1;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection "upgrade";
        proxy_set_header Host $http_host;

        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forward-For $proxy_add_x_forwarded_for;
        proxy_set_header X-Forward-Proto http;
        proxy_set_header X-Nginx-Proxy true;
        proxy_redirect off;
    }
}

補充說明


備註





參考相關網頁