静看光阴荏苒
不管不顾不问不说也不念

CentOS7部署Mattermost团队协作软件

Mattermost应该是目前开源界最好用的一款WEB聊天软件,但是很可惜开源版阉割掉了非常关键的一个功能:高级权限控制。导致现在这个软件有点圈钱的味道在里面。

没有最基本的用户权限控制功能,比如一个普通用户登录进去可以更改其他所有频道的信息,又比如普通用户可以任意置顶其他用户包括管理员在内的消息。在老版本中还有更离谱的:普通用户可以删除任意频道。诸如此类的权限问题让我对这个软件是又爱又恨。。

有很多人都向官方反应过这些问题,但是官方并没有作为,依旧我行我素,认为开源版本不需要有这样的功能,你要想用有权限控制的版本?行,花钱买吧!按人头数来算钱,一个用户3.5刀一月。。

所以我觉得这个东西的开源版真的挺团队的,而且还是彼此非常信任的团队才敢用。。

以下安装过程基于CentOS7X64:

yum -y update
yum -y install sudo curl wget nano

关SELinux/Firewall:

sed -i 's/SELINUX=enforcing/SELINUX=disabled/g' /etc/selinux/config
setenforce 0
systemctl stop firewalld
systemctl disable firewalld

安装Nginx:

vi /etc/yum.repos.d/nginx.repo

写入:

[nginx]
name=nginx repo
baseurl=http://nginx.org/packages/centos/7/$basearch/
gpgcheck=0
enabled=1

安装:

yum -y install nginx

启动Nginx:

systemctl start nginx
systemctl enable nginx

安装MySQL5.7:

vi /etc/yum.repos.d/mysql-community.repo

写入:

[mysql57-community]
name=MySQL 5.7 Community Server
baseurl=http://repo.mysql.com/yum/mysql-5.7-community/el/7/$basearch/
enabled=1
gpgcheck=0
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-mysql

安装:

yum -y install mysql-community-server

启动MySQL:

systemctl start mysqld
systemctl enable mysqld

查看默认的ROOT密码:

grep 'temporary password' /var/log/mysqld.log

修改默认的ROOT密码:

mysqladmin -u root -p password

登录到MySQL服务器内:

mysql -u root -p

创建用户和数据库并授权:

CREATE USER 'mattermost'@'%' IDENTIFIED BY 'yourpassword';
CREATE DATABASE mattermost;
GRANT ALL PRIVILEGES ON mattermost.* to 'mattermost'@'%';
FLUSH PRIVILEGES;
quit

创建一个mattermost用户:

useradd -r -s /bin/bash -U mattermost

下载项目文件:

cd /opt
wget https://releases.mattermost.com/5.9.0/mattermost-5.9.0-linux-amd64.tar.gz
tar -xzvf mattermost-5.9.0-linux-amd64.tar.gz
chown -R mattermost:mattermost mattermost

编辑配置文件:

nano mattermost/config/config.json

修改数据库连接方式为MySQL:

"DriverName": "mysql",

修改数据库连接信息,默认是这样的:

"DataSource": "mmuser:mostest@tcp(dockerhost:3306)/mattermost_test?charset=utf8mb4,utf8&readTimeout=30s&writeTimeout=30s",

改为:

"DataSource": "你的数据库名字:你的数据库密码@tcp(127.0.0.1:3306)/mattermost?charset=utf8mb4,utf8&readTimeout=30s&writeTimeout=30s",

启动mattermost:

cd mattermost
sudo -u mattermost ./bin/mattermost

如看到如下信息则说明运行正常:

Ctrl+C退出来,新建Systemd服务文件:

nano /etc/systemd/system/mattermost.service

写入如下配置:

[Unit]
Description=Mattermost
After=syslog.target network.target mysqld.service

[Service]
Type=notify
WorkingDirectory=/opt/mattermost
User=mattermost
ExecStart=/opt/mattermost/bin/mattermost
PIDFile=/var/spool/mattermost/pid/master.pid
TimeoutStartSec=3600
LimitNOFILE=49152

[Install]
WantedBy=multi-user.target

使用Systemd启动mattermost:

systemctl start mattermost
systemctl enable mattermost

打开你的服务器公网IP+端口8065先注册第一个账号,第一个注册的账号默认就是管理员:

登录进去之后首先把语言改为中文:

修改语言这类设置需要重启服务才能生效:

systemctl restart mattermost

之后新建一个nginx反代配置文件:

nano /etc/nginx/conf.d/mattermost.conf

写入:

server {
   listen 80;
   server_name koko.cat;

   location ~ /api/v[0-9]+/(users/)?websocket$ {
       proxy_set_header Upgrade $http_upgrade;
       proxy_set_header Connection "upgrade";
       client_max_body_size 50M;
       proxy_set_header Host $http_host;
       proxy_set_header X-Real-IP $remote_addr;
       proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
       proxy_set_header X-Forwarded-Proto $scheme;
       proxy_set_header X-Frame-Options SAMEORIGIN;
       proxy_buffers 256 16k;
       proxy_buffer_size 16k;
       client_body_timeout 60;
       send_timeout 300;
       lingering_timeout 5;
       proxy_connect_timeout 90;
       proxy_send_timeout 300;
       proxy_read_timeout 90s;
       proxy_pass http://127.0.0.1:8065;
   }

   location / {
       client_max_body_size 50M;
       proxy_set_header Connection "";
       proxy_set_header Host $http_host;
       proxy_set_header X-Real-IP $remote_addr;
       proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
       proxy_set_header X-Forwarded-Proto $scheme;
       proxy_set_header X-Frame-Options SAMEORIGIN;
       proxy_buffers 256 16k;
       proxy_buffer_size 16k;
       proxy_read_timeout 600s;
       proxy_http_version 1.1;
       proxy_pass http://127.0.0.1:8065;
   }
}

检查nginx配置是否有语法错误:

nginx -t

如果一切正常,现在安装acme.sh并申请一个SSL证书:

cd
curl https://get.acme.sh | sh
cd ~/.acme.sh && ./acme.sh --issue -d koko.cat --nginx
mkdir -p /etc/nginx/certs/koko.cat

安装证书(达到自动续期的目的):

./acme.sh --install-cert -d koko.cat \
--key-file /etc/nginx/certs/koko.cat/koko.cat.key \
--fullchain-file /etc/nginx/certs/koko.cat/fullchain.cer \
--reloadcmd "systemctl force-reload nginx.service"

将之前的配置文件删除并重新创建:

rm -rf /etc/nginx/conf.d/mattermost.conf
nano /etc/nginx/conf.d/mattermost.conf

写入:

server {
   listen 80;
   listen 443 ssl http2;
   server_name koko.cat;
   if ($server_port !~ 443){
       rewrite ^(/.*)$ https://$host$1 permanent;
   }

   ssl_certificate    /etc/nginx/certs/koko.cat/fullchain.cer;
   ssl_certificate_key    /etc/nginx/certs/koko.cat/koko.cat.key;
   ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
   ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:HIGH:!aNULL:!MD5:!RC4:!DHE;
   ssl_prefer_server_ciphers on;
   ssl_session_cache shared:SSL:10m;
   ssl_session_timeout 10m;
   error_page 497  https://$host$request_uri;

   location ~ /api/v[0-9]+/(users/)?websocket$ {
       proxy_set_header Upgrade $http_upgrade;
       proxy_set_header Connection "upgrade";
       client_max_body_size 50M;
       proxy_set_header Host $http_host;
       proxy_set_header X-Real-IP $remote_addr;
       proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
       proxy_set_header X-Forwarded-Proto $scheme;
       proxy_set_header X-Frame-Options SAMEORIGIN;
       proxy_buffers 256 16k;
       proxy_buffer_size 16k;
       client_body_timeout 60;
       send_timeout 300;
       lingering_timeout 5;
       proxy_connect_timeout 90;
       proxy_send_timeout 300;
       proxy_read_timeout 90s;
       proxy_pass http://127.0.0.1:8065;
   }

   location / {
       client_max_body_size 50M;
       proxy_set_header Connection "";
       proxy_set_header Host $http_host;
       proxy_set_header X-Real-IP $remote_addr;
       proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
       proxy_set_header X-Forwarded-Proto $scheme;
       proxy_set_header X-Frame-Options SAMEORIGIN;
       proxy_buffers 256 16k;
       proxy_buffer_size 16k;
       proxy_read_timeout 600s;
       proxy_http_version 1.1;
       proxy_pass http://127.0.0.1:8065;
   }
}

检查nginx配置:

nginx -t

如没问题重启nginx使其生效:

systemctl restart nginx

还是用IP+端口的形式访问mattermost后台,将域名和监听的地址进行修改:

最后重启mattermost,这样就把域名和SSL配置好了,以后就可以直接用域名来访问:

systemctl restart mattermost

另管理员后台也是可以设置中文的,需要在自己的账号设置里面把语言改一下即可:

赞(1)
未经允许不得转载:荒岛 » CentOS7部署Mattermost团队协作软件
分享到: 更多 (0)

评论 1

  • 昵称 (必填)
  • 邮箱 (必填)
  • 网址
  1. #1

    :mrgreen: wow,抢个沙发

    superuser2周前 (04-06) Google Chrome 72.0.3626.96 Google Chrome 72.0.3626.96 Windows 10 x64 Edition Windows 10 x64 Edition回复

分享创造快乐

广告合作资源投稿