原文地址:https://lala.im/5345.html,請支持原作者!該處僅作轉載。
Mattermost应该是目前开源界最好用的一款WEB聊天软件,但是很可惜开源版阉割掉了非常关键的一个功能:高级权限控制。导致现在这个软件有点圈钱的味道在里面。
没有最基本的用户权限控制功能,比如一个普通用户登录进去可以更改其他所有频道的信息,又比如普通用户可以任意置顶其他用户包括管理员在内的消息。在老版本中还有更离谱的:普通用户可以删除任意频道。诸如此类的权限问题让我对这个软件是又爱又恨。。
有很多人都向官方反应过这些问题,但是官方并没有作为,依旧我行我素,认为开源版本不需要有这样的功能,你要想用有权限控制的版本?行,花钱买吧!按人头数来算钱,一个用户3.5刀一月。。
所以我觉得这个东西的开源版真的挺团队的,而且还是彼此非常信任的团队才敢用。。
以下安装过程基于CentOS7X64:
yum -y update
yum -y install sudo curl wget nano
关SELinux/Firewall:
sed -i 's/SELINUX=enforcing/SELINUX=disabled/g' /etc/selinux/config
setenforce 0
systemctl stop firewalld
systemctl disable firewalld
安装Nginx:
vi /etc/yum.repos.d/nginx.repo
写入:
[nginx]
name=nginx repo
baseurl=http://nginx.org/packages/centos/7/$basearch/
gpgcheck=0
enabled=1
安装:
yum -y install nginx
启动Nginx:
systemctl start nginx
systemctl enable nginx
安装MySQL5.7:
vi /etc/yum.repos.d/mysql-community.repo
写入:
[mysql57-community]
name=MySQL 5.7 Community Server
baseurl=http://repo.mysql.com/yum/mysql-5.7-community/el/7/$basearch/
enabled=1
gpgcheck=0
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-mysql
安装:
yum -y install mysql-community-server
启动MySQL:
systemctl start mysqld
systemctl enable mysqld
查看默认的ROOT密码:
grep 'temporary password' /var/log/mysqld.log
修改默认的ROOT密码:
mysqladmin -u root -p password
登录到MySQL服务器内:
mysql -u root -p
创建用户和数据库并授权:
CREATE USER 'mattermost'@'%' IDENTIFIED BY 'yourpassword';
CREATE DATABASE mattermost;
GRANT ALL PRIVILEGES ON mattermost.* to 'mattermost'@'%';
FLUSH PRIVILEGES;
quit
创建一个mattermost用户:
useradd -r -s /bin/bash -U mattermost
下载项目文件:
cd /opt
wget https://releases.mattermost.com/5.9.0/mattermost-5.9.0-linux-amd64.tar.gz
tar -xzvf mattermost-5.9.0-linux-amd64.tar.gz
chown -R mattermost:mattermost mattermost
编辑配置文件:
nano mattermost/config/config.json
修改数据库连接方式为MySQL:
"DriverName": "mysql",
修改数据库连接信息,默认是这样的:
"DataSource": "mmuser:mostest@tcp(dockerhost:3306)/mattermost_test?charset=utf8mb4,utf8&readTimeout=30s&writeTimeout=30s",
改为:
"DataSource": "你的数据库名字:你的数据库密码@tcp(127.0.0.1:3306)/mattermost?charset=utf8mb4,utf8&readTimeout=30s&writeTimeout=30s",
启动mattermost:
cd mattermost
sudo -u mattermost ./bin/mattermost
如看到如下信息则说明运行正常:
Ctrl+C退出来,新建Systemd服务文件:
nano /etc/systemd/system/mattermost.service
写入如下配置:
[Unit]
Description=Mattermost
After=syslog.target network.target mysqld.service
[Service]
Type=notify
WorkingDirectory=/opt/mattermost
User=mattermost
ExecStart=/opt/mattermost/bin/mattermost
PIDFile=/var/spool/mattermost/pid/master.pid
TimeoutStartSec=3600
LimitNOFILE=49152
[Install]
WantedBy=multi-user.target
使用Systemd启动mattermost:
systemctl start mattermost
systemctl enable mattermost
打开你的服务器公网IP+端口8065先注册第一个账号,第一个注册的账号默认就是管理员:
登录进去之后首先把语言改为中文:
修改语言这类设置需要重启服务才能生效:
systemctl restart mattermost
之后新建一个nginx反代配置文件:
nano /etc/nginx/conf.d/mattermost.conf
写入:
server {
listen 80;
server_name koko.cat;
location ~ /api/v[0-9]+/(users/)?websocket$ {
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
client_max_body_size 50M;
proxy_set_header Host $http_host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Frame-Options SAMEORIGIN;
proxy_buffers 256 16k;
proxy_buffer_size 16k;
client_body_timeout 60;
send_timeout 300;
lingering_timeout 5;
proxy_connect_timeout 90;
proxy_send_timeout 300;
proxy_read_timeout 90s;
proxy_pass http://127.0.0.1:8065;
}
location / {
client_max_body_size 50M;
proxy_set_header Connection "";
proxy_set_header Host $http_host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Frame-Options SAMEORIGIN;
proxy_buffers 256 16k;
proxy_buffer_size 16k;
proxy_read_timeout 600s;
proxy_http_version 1.1;
proxy_pass http://127.0.0.1:8065;
}
}
检查nginx配置是否有语法错误:
nginx -t
如果一切正常,现在安装acme.sh并申请一个SSL证书:
cd
curl https://get.acme.sh | sh
cd ~/.acme.sh && ./acme.sh --issue -d koko.cat --nginx
mkdir -p /etc/nginx/certs/koko.cat
安装证书(达到自动续期的目的):
./acme.sh --install-cert -d koko.cat \
--key-file /etc/nginx/certs/koko.cat/koko.cat.key \
--fullchain-file /etc/nginx/certs/koko.cat/fullchain.cer \
--reloadcmd "systemctl force-reload nginx.service"
将之前的配置文件删除并重新创建:
rm -rf /etc/nginx/conf.d/mattermost.conf
nano /etc/nginx/conf.d/mattermost.conf
写入:
server {
listen 80;
listen 443 ssl http2;
server_name koko.cat;
if ($server_port !~ 443){
rewrite ^(/.*)$ https://$host$1 permanent;
}
ssl_certificate /etc/nginx/certs/koko.cat/fullchain.cer;
ssl_certificate_key /etc/nginx/certs/koko.cat/koko.cat.key;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:HIGH:!aNULL:!MD5:!RC4:!DHE;
ssl_prefer_server_ciphers on;
ssl_session_cache shared:SSL:10m;
ssl_session_timeout 10m;
error_page 497 https://$host$request_uri;
location ~ /api/v[0-9]+/(users/)?websocket$ {
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
client_max_body_size 50M;
proxy_set_header Host $http_host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Frame-Options SAMEORIGIN;
proxy_buffers 256 16k;
proxy_buffer_size 16k;
client_body_timeout 60;
send_timeout 300;
lingering_timeout 5;
proxy_connect_timeout 90;
proxy_send_timeout 300;
proxy_read_timeout 90s;
proxy_pass http://127.0.0.1:8065;
}
location / {
client_max_body_size 50M;
proxy_set_header Connection "";
proxy_set_header Host $http_host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Frame-Options SAMEORIGIN;
proxy_buffers 256 16k;
proxy_buffer_size 16k;
proxy_read_timeout 600s;
proxy_http_version 1.1;
proxy_pass http://127.0.0.1:8065;
}
}
检查nginx配置:
nginx -t
如没问题重启nginx使其生效:
systemctl restart nginx
还是用IP+端口的形式访问mattermost后台,将域名和监听的地址进行修改:
最后重启mattermost,这样就把域名和SSL配置好了,以后就可以直接用域名来访问:
systemctl restart mattermost
另管理员后台也是可以设置中文的,需要在自己的账号设置里面把语言改一下即可: