自建Mattermost聊天服务器
最近,我从朋友那边了解到Mattermost,于是本着折腾的精神开始了部署Mattermost之旅,本文基于官网。
Mattermost可以使用mysql和PostgreSQL两种数据库,由于本网站使用mysql,因此我选择了mysql,顺便说下,本文观察了官方文档,基本上,除了安装操作系统有差别,其余步骤几乎相同。
创建Mariadb数据看库
首先要登录网站数据看创建一个mattermost帐号和数据库,这里本文不过多讲解,我使用的DBeaver创建的。
安装Mattermost服务器
首先登录到即将部署服务器的服务器中,然后下载Mattermost服务器二进制文件,X.X.X
为版本:
wget https://releases.mattermost.com/X.X.X/mattermost-X.X.X-linux-amd64.tar.gz
如:
wget https://releases.mattermost.com/5.26.1/mattermost-5.26.1-linux-amd64.tar.gz
然后解压:
tar -xvzf *.gz
sudo mv mattermost /opt
创建安装目录:
sudo mkdir /glusterfs/mattermost/data
Note:
存储目录将包含用户发布到Mattermost的所有文件和图像,因此您需要确保驱动器足够大以容纳预期数量的上载文件和图像。
创建用户并设置权限:
sudo useradd --system --user-group mattermost
sudo chown -R mattermost:mattermost /opt/mattermost
sudo chmod -R g+w /opt/mattermost
配置Mattermost
修改/opt/mattermost/config/config.json
。
本服务器配置相对较为复杂,其他配置详见
{
"ServiceSettings": {
"SiteURL": "http://mattermost.qhjack.cn",
"WebsocketURL": "",
"LicenseFileLocation": "",
"ListenAddress": ":8065",
"ConnectionSecurity": "",
"TLSCertFile": "",
"TLSKeyFile": "",
"TLSMinVer": "1.2",
"TLSStrictTransport": false,
"TLSStrictTransportMaxAge": 63072000,
"TLSOverwriteCiphers": [],
"UseLetsEncrypt": false,
"LetsEncryptCertificateCacheFile": "./config/letsencrypt.cache",
"Forward80To443": false,
"TrustedProxyIPHeader": [],
"ReadTimeout": 300,
"WriteTimeout": 300,
"IdleTimeout": 60,
"MaximumLoginAttempts": 10,
"GoroutineHealthThreshold": -1,
"GoogleDeveloperKey": "",
"EnableOAuthServiceProvider": true,
"EnableIncomingWebhooks": true,
"EnableOutgoingWebhooks": true,
"EnableCommands": true,
"EnableOnlyAdminIntegrations": true,
"EnablePostUsernameOverride": true,
"EnablePostIconOverride": true,
"EnableLinkPreviews": true,
"EnableTesting": false,
"EnableDeveloper": false,
"EnableOpenTracing": false,
"EnableSecurityFixAlert": true,
"EnableInsecureOutgoingConnections": false,
"AllowedUntrustedInternalConnections": "",
"EnableMultifactorAuthentication": false,
"EnforceMultifactorAuthentication": false,
"EnableUserAccessTokens": true,
"AllowCorsFrom": "",
"CorsExposedHeaders": "",
"CorsAllowCredentials": false,
"CorsDebug": false,
"AllowCookiesForSubdomains": false,
"ExtendSessionLengthWithActivity": true,
"SessionLengthWebInDays": 30,
"SessionLengthMobileInDays": 30,
"SessionLengthSSOInDays": 30,
"SessionCacheInMinutes": 10,
"SessionIdleTimeoutInMinutes": 43200,
"WebsocketSecurePort": 443,
"WebsocketPort": 80,
"WebserverMode": "gzip",
"EnableCustomEmoji": true,
"EnableEmojiPicker": true,
"EnableGifPicker": true,
"GfycatApiKey": "2_KtH_W5",
"GfycatApiSecret": "3wLVZPiswc3DnaiaFoLkDvB4X0IV6CpMkj4tf2inJRsBY6-FnkT08zGmppWFgeof",
"RestrictCustomEmojiCreation": "all",
"RestrictPostDelete": "all",
"AllowEditPost": "always",
"PostEditTimeLimit": -1,
"TimeBetweenUserTypingUpdatesMilliseconds": 5000,
"EnablePostSearch": true,
"MinimumHashtagLength": 3,
"EnableUserTypingMessages": true,
"EnableChannelViewedMessages": true,
"EnableUserStatuses": true,
"ExperimentalEnableAuthenticationTransfer": true,
"ClusterLogTimeoutMilliseconds": 2000,
"CloseUnusedDirectMessages": false,
"EnablePreviewFeatures": true,
"EnableTutorial": true,
"ExperimentalEnableDefaultChannelLeaveJoinMessages": true,
"ExperimentalGroupUnreadChannels": "disabled",
"ExperimentalChannelOrganization": false,
"ExperimentalChannelSidebarOrganization": "disabled",
"ExperimentalDataPrefetch": true,
"ImageProxyType": "",
"ImageProxyURL": "",
"ImageProxyOptions": "",
"EnableAPITeamDeletion": false,
"ExperimentalEnableHardenedMode": false,
"DisableLegacyMFA": true,
"ExperimentalStrictCSRFEnforcement": false,
"EnableEmailInvitations": true,
"DisableBotsWhenOwnerIsDeactivated": true,
"EnableBotAccountCreation": false,
"EnableSVGs": true,
"EnableLatex": true,
"EnableLocalMode": false,
"LocalModeSocketLocation": "/var/tmp/mattermost_local.socket"
},
"TeamSettings": {
"SiteName": "Mattermost——起航天空",
"MaxUsersPerTeam": 50,
"EnableTeamCreation": true,
"EnableUserCreation": true,
"EnableOpenServer": true,
"EnableUserDeactivation": true,
"RestrictCreationToDomains": "",
"EnableCustomBrand": false,
"CustomBrandText": "",
"CustomDescriptionText": "",
"RestrictDirectMessage": "team",
"RestrictTeamInvite": "all",
"RestrictPublicChannelManagement": "all",
"RestrictPrivateChannelManagement": "all",
"RestrictPublicChannelCreation": "all",
"RestrictPrivateChannelCreation": "all",
"RestrictPublicChannelDeletion": "all",
"RestrictPrivateChannelDeletion": "all",
"RestrictPrivateChannelManageMembers": "all",
"EnableXToLeaveChannelsFromLHS": false,
"UserStatusAwayTimeout": 300,
"MaxChannelsPerTeam": 2000,
"MaxNotificationsPerChannel": 1000000,
"EnableConfirmNotificationsToChannel": true,
"TeammateNameDisplay": "username",
"ExperimentalViewArchivedChannels": false,
"ExperimentalEnableAutomaticReplies": false,
"ExperimentalHideTownSquareinLHS": false,
"ExperimentalTownSquareIsReadOnly": false,
"LockTeammateNameDisplay": false,
"ExperimentalPrimaryTeam": "",
"ExperimentalDefaultChannels": []
},
"ClientRequirements": {
"AndroidLatestVersion": "",
"AndroidMinVersion": "",
"DesktopLatestVersion": "",
"DesktopMinVersion": "",
"IosLatestVersion": "",
"IosMinVersion": ""
},
"SqlSettings": {
"DriverName": "mysql",
"DataSource": "mmuser:<mmuser-password>@tcp(<host-name-or-IP>:3306)/mattermost?charset=utf8mb4,utf8&readTimeout=30s&writeTimeout=30s",
"DataSourceReplicas": [],
"DataSourceSearchReplicas": [],
"MaxIdleConns": 20,
"ConnMaxLifetimeMilliseconds": 3600000,
"MaxOpenConns": 300,
"Trace": false,
"AtRestEncryptKey": "7k9c5cgyn9mdurhmdnbtsn8b57b9go6c",
"QueryTimeout": 30,
"DisableDatabaseSearch": false
},
"LogSettings": {
"EnableConsole": true,
"ConsoleLevel": "INFO",
"ConsoleJson": true,
"EnableFile": true,
"FileLevel": "INFO",
"FileJson": true,
"FileLocation": "",
"EnableWebhookDebugging": true,
"EnableDiagnostics": true,
"EnableSentry": true,
"AdvancedLoggingConfig": ""
},
"ExperimentalAuditSettings": {
"SysLogEnabled": false,
"SysLogIP": "localhost",
"SysLogPort": 6514,
"SysLogTag": "",
"SysLogCert": "",
"SysLogInsecure": false,
"SysLogMaxQueueSize": 1000,
"FileEnabled": false,
"FileName": "",
"FileMaxSizeMB": 100,
"FileMaxAgeDays": 0,
"FileMaxBackups": 0,
"FileCompress": false,
"FileMaxQueueSize": 1000
},
"NotificationLogSettings": {
"EnableConsole": true,
"ConsoleLevel": "INFO",
"ConsoleJson": true,
"EnableFile": true,
"FileLevel": "INFO",
"FileJson": true,
"FileLocation": ""
},
"PasswordSettings": {
"MinimumLength": 10,
"Lowercase": true,
"Number": true,
"Uppercase": true,
"Symbol": true
},
"FileSettings": {
"EnableFileAttachments": true,
"EnableMobileUpload": true,
"EnableMobileDownload": true,
"MaxFileSize": 52428800,
"DriverName": "local",
"Directory": "/glusterfs/mattermost/data/",
"EnablePublicLink": true,
"PublicLinkSalt": "eaj93ght4prucrpc4k98bp8phtipdhfp",
"InitialFont": "nunito-bold.ttf",
"AmazonS3AccessKeyId": "",
"AmazonS3SecretAccessKey": "",
"AmazonS3Bucket": "",
"AmazonS3PathPrefix": "",
"AmazonS3Region": "",
"AmazonS3Endpoint": "s3.amazonaws.com",
"AmazonS3SSL": true,
"AmazonS3SignV2": false,
"AmazonS3SSE": false,
"AmazonS3Trace": false
},
"EmailSettings": {
"EnableSignUpWithEmail": true,
"EnableSignInWithEmail": true,
"EnableSignInWithUsername": true,
"SendEmailNotifications": true,
"UseChannelInEmailNotifications": false,
"RequireEmailVerification": true,
"FeedbackName": "mattermost",
"FeedbackEmail": "mattermost@example.cn",
"ReplyToAddress": "mattermost@example.cn",
"FeedbackOrganization": "",
"EnableSMTPAuth": true,
"SMTPUsername": "username",
"SMTPPassword": "password",
"SMTPServer": "",
"SMTPPort": "465",
"SMTPServerTimeout": 10,
"ConnectionSecurity": "TLS",
"SendPushNotifications": true,
"PushNotificationServer": "https://push-test.mattermost.com",
"PushNotificationContents": "full",
"PushNotificationBuffer": 1000,
"EnableEmailBatching": false,
"EmailBatchingBufferSize": 256,
"EmailBatchingInterval": 30,
"EnablePreviewModeBanner": false,
"SkipServerCertificateVerification": false,
"EmailNotificationContentsType": "full",
"LoginButtonColor": "#0000",
"LoginButtonBorderColor": "#2389D7",
"LoginButtonTextColor": "#2389D7"
},
"RateLimitSettings": {
"Enable": false,
"PerSec": 10,
"MaxBurst": 100,
"MemoryStoreSize": 10000,
"VaryByRemoteAddr": true,
"VaryByUser": false,
"VaryByHeader": ""
},
"PrivacySettings": {
"ShowEmailAddress": true,
"ShowFullName": true
},
"SupportSettings": {
"TermsOfServiceLink": "https://about.mattermost.com/default-terms/",
"PrivacyPolicyLink": "https://about.mattermost.com/default-privacy-policy/",
"AboutLink": "https://about.mattermost.com/default-about/",
"HelpLink": "https://about.mattermost.com/default-help/",
"ReportAProblemLink": "https://about.mattermost.com/default-report-a-problem/",
"SupportEmail": "jack9603301@163.com",
"CustomTermsOfServiceEnabled": false,
"CustomTermsOfServiceReAcceptancePeriod": 365,
"EnableAskCommunityLink": true
},
"AnnouncementSettings": {
"EnableBanner": false,
"BannerText": "",
"BannerColor": "#f2a93b",
"BannerTextColor": "#333333",
"AllowBannerDismissal": true
},
"ThemeSettings": {
"EnableThemeSelection": true,
"DefaultTheme": "default",
"AllowCustomThemes": true,
"AllowedThemes": []
},
"GitLabSettings": {
"Enable": false,
"Secret": "",
"Id": "",
"Scope": "",
"AuthEndpoint": "",
"TokenEndpoint": "",
"UserApiEndpoint": ""
},
"GoogleSettings": {
"Enable": false,
"Secret": "",
"Id": "",
"Scope": "profile email",
"AuthEndpoint": "https://accounts.google.com/o/oauth2/v2/auth",
"TokenEndpoint": "https://www.googleapis.com/oauth2/v4/token",
"UserApiEndpoint": "https://people.googleapis.com/v1/people/me?personFields=names,emailAddresses,nicknames,metadata"
},
"Office365Settings": {
"Enable": false,
"Secret": "",
"Id": "",
"Scope": "User.Read",
"AuthEndpoint": "https://login.microsoftonline.com/common/oauth2/v2.0/authorize",
"TokenEndpoint": "https://login.microsoftonline.com/common/oauth2/v2.0/token",
"UserApiEndpoint": "https://graph.microsoft.com/v1.0/me",
"DirectoryId": ""
},
"LdapSettings": {
"Enable": false,
"EnableSync": false,
"LdapServer": "",
"LdapPort": 389,
"ConnectionSecurity": "",
"BaseDN": "",
"BindUsername": "",
"BindPassword": "",
"UserFilter": "",
"GroupFilter": "",
"GuestFilter": "",
"EnableAdminFilter": false,
"AdminFilter": "",
"GroupDisplayNameAttribute": "",
"GroupIdAttribute": "",
"FirstNameAttribute": "",
"LastNameAttribute": "",
"EmailAttribute": "",
"UsernameAttribute": "",
"NicknameAttribute": "",
"IdAttribute": "",
"PositionAttribute": "",
"LoginIdAttribute": "",
"PictureAttribute": "",
"SyncIntervalMinutes": 60,
"SkipCertificateVerification": false,
"QueryTimeout": 60,
"MaxPageSize": 0,
"LoginFieldName": "",
"LoginButtonColor": "#0000",
"LoginButtonBorderColor": "#2389D7",
"LoginButtonTextColor": "#2389D7",
"Trace": false
},
"ComplianceSettings": {
"Enable": false,
"Directory": "./data/",
"EnableDaily": false
},
"LocalizationSettings": {
"DefaultServerLocale": "zh-CN",
"DefaultClientLocale": "zh-CN",
"AvailableLocales": "zh-CN,en"
},
"SamlSettings": {
"Enable": false,
"EnableSyncWithLdap": false,
"EnableSyncWithLdapIncludeAuth": false,
"Verify": true,
"Encrypt": true,
"SignRequest": false,
"IdpUrl": "",
"IdpDescriptorUrl": "",
"IdpMetadataUrl": "",
"ServiceProviderIdentifier": "",
"AssertionConsumerServiceURL": "",
"SignatureAlgorithm": "RSAwithSHA1",
"CanonicalAlgorithm": "Canonical1.0",
"ScopingIDPProviderId": "",
"ScopingIDPName": "",
"IdpCertificateFile": "",
"PublicCertificateFile": "",
"PrivateKeyFile": "",
"IdAttribute": "",
"GuestAttribute": "",
"EnableAdminAttribute": false,
"AdminAttribute": "",
"FirstNameAttribute": "",
"LastNameAttribute": "",
"EmailAttribute": "",
"UsernameAttribute": "",
"NicknameAttribute": "",
"LocaleAttribute": "",
"PositionAttribute": "",
"LoginButtonText": "SAML",
"LoginButtonColor": "#34a28b",
"LoginButtonBorderColor": "#2389D7",
"LoginButtonTextColor": "#ffffff"
},
"NativeAppSettings": {
"AppDownloadLink": "https://mattermost.com/download/#mattermostApps",
"AndroidAppDownloadLink": "https://about.mattermost.com/mattermost-android-app/",
"IosAppDownloadLink": "https://about.mattermost.com/mattermost-ios-app/"
},
"ClusterSettings": {
"Enable": false,
"ClusterName": "production",
"OverrideHostname": "",
"NetworkInterface": "",
"BindAddress": "",
"AdvertiseAddress": "",
"UseIpAddress": true,
"UseExperimentalGossip": false,
"EnableExperimentalGossipEncryption": false,
"ReadOnlyConfig": true,
"GossipPort": 8074,
"StreamingPort": 8075,
"MaxIdleConns": 100,
"MaxIdleConnsPerHost": 128,
"IdleConnTimeoutMilliseconds": 90000
},
"MetricsSettings": {
"Enable": false,
"BlockProfileRate": 0,
"ListenAddress": ":8067"
},
"ExperimentalSettings": {
"ClientSideCertEnable": false,
"ClientSideCertCheck": "secondary",
"EnableClickToReply": false,
"LinkMetadataTimeoutMilliseconds": 5000,
"RestrictSystemAdmin": false,
"UseNewSAMLLibrary": false
},
"AnalyticsSettings": {
"MaxUsersForStatistics": 2500
},
"ElasticsearchSettings": {
"ConnectionUrl": "http://localhost:9200",
"Username": "elastic",
"Password": "changeme",
"EnableIndexing": false,
"EnableSearching": false,
"EnableAutocomplete": false,
"Sniff": true,
"PostIndexReplicas": 1,
"PostIndexShards": 1,
"ChannelIndexReplicas": 1,
"ChannelIndexShards": 1,
"UserIndexReplicas": 1,
"UserIndexShards": 1,
"AggregatePostsAfterDays": 365,
"PostsAggregatorJobStartTime": "03:00",
"IndexPrefix": "",
"LiveIndexingBatchSize": 1,
"BulkIndexingTimeWindowSeconds": 3600,
"RequestTimeoutSeconds": 30,
"SkipTLSVerification": false,
"Trace": ""
},
"BleveSettings": {
"IndexDir": "/glusterfs/mattermost/bleve",
"EnableIndexing": false,
"EnableSearching": false,
"EnableAutocomplete": false,
"BulkIndexingTimeWindowSeconds": 3600
},
"DataRetentionSettings": {
"EnableMessageDeletion": false,
"EnableFileDeletion": false,
"MessageRetentionDays": 365,
"FileRetentionDays": 365,
"DeletionJobStartTime": "02:00"
},
"MessageExportSettings": {
"EnableExport": false,
"ExportFormat": "actiance",
"DailyRunTime": "01:00",
"ExportFromTimestamp": 0,
"BatchSize": 10000,
"GlobalRelaySettings": {
"CustomerType": "A9",
"SmtpUsername": "",
"SmtpPassword": "",
"EmailAddress": "",
"SMTPServerTimeout": 1800
}
},
"JobSettings": {
"RunJobs": true,
"RunScheduler": true
},
"PluginSettings": {
"Enable": true,
"EnableUploads": false,
"AllowInsecureDownloadUrl": false,
"EnableHealthCheck": true,
"Directory": "./plugins",
"ClientDirectory": "./client/plugins",
"Plugins": {
"com.github.moussetc.mattermost.plugin.giphy": {
"apikey": null,
"language (giphy\u0026tenor only)": "zh-CN",
"provider": "gfycat",
"rating": null,
"rendition": "fixed_height_small",
"renditiongfycat": "max5mbGif",
"renditiontenor": "gif"
},
"com.mattermost.custom-attributes": {
"customattributes": [
{
"GroupIDs": "",
"Name": "WP-Reliable Repo Admin",
"UserIDs": [
"7jyg5z8nwbfmpdeo1hzacnyffo"
]
},
{
"GroupIDs": "",
"Name": "启航天空网站站长",
"UserIDs": [
"7jyg5z8nwbfmpdeo1hzacnyffo"
]
}
]
},
"github": {
"enablecodepreview": true,
"enableprivaterepo": true,
"encryptionkey": "",
"enterprisebaseurl": null,
"enterpriseuploadurl": null,
"githuboauthclientid": "",
"githuboauthclientsecret": "",
"githuborg": "",
"webhooksecret": ""
}
},
"PluginStates": {
"com.github.moussetc.mattermost.plugin.giphy": {
"Enable": true
},
"com.mattermost.custom-attributes": {
"Enable": true
},
"com.mattermost.nps": {
"Enable": true
},
"com.mattermost.plugin-todo": {
"Enable": true
},
"github": {
"Enable": true
}
},
"EnableMarketplace": true,
"EnableRemoteMarketplace": true,
"AutomaticPrepackagedPlugins": true,
"RequirePluginSignature": false,
"MarketplaceUrl": "https://api.integrations.mattermost.com",
"SignaturePublicKeyFiles": []
},
"DisplaySettings": {
"CustomUrlSchemes": [],
"ExperimentalTimezone": false
},
"GuestAccountsSettings": {
"Enable": false,
"AllowEmailAccounts": true,
"EnforceMultifactorAuthentication": false,
"RestrictCreationToDomains": ""
},
"ImageProxySettings": {
"Enable": false,
"ImageProxyType": "local",
"RemoteImageProxyURL": "",
"RemoteImageProxyOptions": ""
}
}
通常情况下,这个配置要更改的地方不多,主要是以下数据库:
Mysql数据库配置
Mattermost可以使用mysql和PostgreSQL两种数据库,本网站使用mysql数据库,主要配置如下:
"SqlSettings": {
"DriverName": "mysql",
"DataSource": "mmuser:<mmuser-password>@tcp(<host-name-or-IP>:3306)/mattermost?charset=utf8mb4,utf8&readTimeout=30s&writeTimeout=30s",
"DataSourceReplicas": [],
"DataSourceSearchReplicas": [],
"MaxIdleConns": 20,
"ConnMaxLifetimeMilliseconds": 3600000,
"MaxOpenConns": 300,
"Trace": false,
"AtRestEncryptKey": "7k9c5cgyn9mdurhmdnbtsn8b57b9go6c",
"QueryTimeout": 30,
"DisableDatabaseSearch": false
}
需要配置的是DriverName
和DataSource
,由于本服务器使用mysql,因此我们需要在DriverName
填入mysql
,而DataSource
的格式如下:
"<mmuser>:<mmuser-password>@tcp(<host-name-or-IP>:3306)/mattermost?charset=utf8mb4,utf8&readTimeout=30s&writeTimeout=30s"
mmuser
: 用户名mmuser-password
: 密码<host-name-or-IP>:3306
:mysql/mariadb服务器地址mattermost
: Mattermost数据库名字,需要先行创建
设置SMTP邮件服务器
本服务器支持邮件功能,因此必须设置如下配置:
"EmailSettings": {
"EnableSignUpWithEmail": true,
"EnableSignInWithEmail": true,
"EnableSignInWithUsername": true,
"SendEmailNotifications": true,
"UseChannelInEmailNotifications": false,
"RequireEmailVerification": true,
"FeedbackName": "mattermost",
"FeedbackEmail": "mattermost@example.cn",
"ReplyToAddress": "mattermost@example.cn",
"FeedbackOrganization": "",
"EnableSMTPAuth": true,
"SMTPUsername": "username",
"SMTPPassword": "password",
"SMTPServer": "",
"SMTPPort": "465",
"SMTPServerTimeout": 10,
"ConnectionSecurity": "TLS",
"SendPushNotifications": true,
"PushNotificationServer": "https://push-test.mattermost.com",
"PushNotificationContents": "full",
"PushNotificationBuffer": 1000,
"EnableEmailBatching": false,
"EmailBatchingBufferSize": 256,
"EmailBatchingInterval": 30,
"EnablePreviewModeBanner": false,
"SkipServerCertificateVerification": false,
"EmailNotificationContentsType": "full",
"LoginButtonColor": "#0000",
"LoginButtonBorderColor": "#2389D7",
"LoginButtonTextColor": "#2389D7"
}
要配置的项目有:
EnableSignUpWithEmail
:是否使用邮件地址创建帐号EnableSignInWithEmail
:是否使用邮件地址登入EnableSignInWithUsername
:是否使用用户名登录FeedbackName
:电子邮件显示的名字FeedbackEmail
:通过什么邮件地址发送邮件ReplyToAddress
:回复的电子邮件地址EnableSMTPAuth
:是否激活SMTP认证,一般情况下必须激活SMTPUsername
:smtp的用户名SMTPPassword
:smtp的密码SMTPServer
:smtp的服务器SMTPPort
:smtp的端口ConnectionSecurity
:安全链接
详细配置详见链接。
进行测试
执行如下命令测试:
cd /opt/mattermost
sudo -u mattermost ./bin/mattermost
创建服务文件
[Unit]
Description=Mattermost
After=syslog.target network.target
[Service]
Type=notify
WorkingDirectory=/opt/mattermost
User=mattermost
ExecStart=/opt/mattermost/bin/mattermost
PIDFile=/var/spool/mattermost/pid/master.pid
TimeoutStartSec=3600
LimitNOFILE=49152
[Install]
WantedBy=multi-user.target
执行命令:
sudo systemctl enable mattermost
设置nginx反向代理
upstream mattermost {
dynamic_resolve fallback=stale fail_timeout=120s;
server service1.kvm.qhjack.cn:8065 max_fails=10 fail_timeout=120s;
server localhost:8065 max_fails=10 fail_timeout=120s backup;
keepalive 32;
}
server {
listen 80;
listen [::]:80;
listen 443 ssl http2;
listen [::]:443 ssl http2;
server_name mattermost.qhjack.cn;
ssl_certificate /etc/letsencrypt/live/qhjack.cn/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/qhjack.cn/privkey.pem;
ssl_session_cache shared:SSL:1m;
ssl_session_timeout 5m;
ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE:ECDH:AES:HIGH:!NULL:!aNULL:!MD5:!ADH:!RC4:!DH:!DHE;
ssl_protocols TLSv1.1 TLSv1.2 TLSv1.3;
ssl_prefer_server_ciphers on;
ssl_stapling on;
ssl_stapling_verify on;
ssl_early_data on;
ssl_trusted_certificate /etc/letsencrypt/live/qhjack.cn/fullchain.pem;
if ($scheme = https) {
return 301 http://mattermost.qhjack.cn$request_uri;
}
location ~ \.(gif|jpg|jpeg|png|bmp|swf|js|css|pdf|doc)$ { #指定缓存文件类型
expires 7d; #设置浏览器过期时间
root /www/services/nginx/cache/proxy_store/mattermost;
proxy_pass http://mattermost;
proxy_set_header Host $host;
proxy_next_upstream error timeout invalid_header http_500 http_502 http_503 http_504;
proxy_next_upstream_tries 5;
proxy_store on; # 开启镜像加速功能
proxy_store_access user:rw group:rw all:rw; #缓存读写规则
trim on;
trim_js on;
trim_css on;
}
location ~ /api/v[0-9]+/(users/)?websocket$ {
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_pass http://mattermost;
}
location / {
proxy_set_header Connection "";
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_cache mattermost_cache;
proxy_cache_revalidate on;
proxy_cache_min_uses 2;
proxy_cache_use_stale timeout;
proxy_cache_lock on;
proxy_http_version 1.1;
proxy_redirect off;
proxy_pass http://mattermost;
}
charset utf-8;
error_log "pipe:rollback /www/log/mattermost/proxy/error.log interval=1d baknum=3 adjust=1m";
access_log "pipe:rollback /www/log/mattermost/proxy/access.log interval=1d baknum=3 adjust=1m" access buffer=1k;
}
我的架构不是单机,而是集群。有A、B、C、D四台机,A机运行nginx,B(service1)、C(service2)、D(service3)各运行一个mattermost服务器,客户端连接的是A机的nginx,nginx再分别反代到B、C、D三台机的mattermost服务器上。说是集群,其实也是假集群,因为B、C、D三台机的mattermost服务器之间是不互通的(免费版本不提供集群功能),只不过他们用同一个数据库。
由于三台mattermost服务器之间是不互通的,所以如果两个人被反代到不同的mattermost服务器上,那么对方将无法收到即时消息。什么意思呢?假设张三通过mattermost发消息给李四,张三被nginx负载均衡分配到B机的mattermost,李四被nginx负载均衡分配到C机的mattermost,那么张三发到B机的消息李四对应的C机是收不到的(虽然消息都存到同一个数据库,但是即时消息推送是通过websocket直接推送的,并不会走数据库,只有刷新页面才会从数据库加载),所以nginx无法直接对三台机做负载均衡。
为了解决这个问题,我们不在nginx的upstream里使用负载均衡模式,而是用双机主备方式,默认只会反向代理连接到第一个,即B机(service1),只有B机宕机了,才会连接localhost:8065
,注意localhost:8065
既不是C机(service2)也不是D机(service3),而是本机的一个tcp代理端口,配置如下:
upstream mattermost-backup {
server service2.kvm.qhjack.cn:8065 max_fails=10 fail_timeout=120s;
server service3.kvm.qhjack.cn:8065 max_fails=10 fail_timeout=120s backup;
}
server{
listen 8065;
listen [::]:8065;
proxy_pass mattermost-backup;
proxy_next_upstream_tries 5;
}
这里又回到了像前面一样的情况,它只会连接C机(service2),只有当C机宕机了,它才会连D机(service3),当然,service1永远优先,如果service1宕机后恢复了,那么不管service2有没有宕机,都会马上连回service1。
设置mattermost过程
第一次启动会创建数据表,并且要求设置第一个帐号和密码,登录后由于服务器没有团队,必须先创建一个服务器团队,默认一个团队存在以下默认频道:
- 公共频道(英文则town-square)
- 闲聊频道(英文则off-topic)
好了,到这里,享受您的私人聊天室之旅把,邀请一些朋友入驻您的聊天室,一起交谈畅玩把,此外还可以写些自己的集成机器人进入聊天室,吸引朋友们来聊天和完善,作为qq之外的辅助聊天室,和朋友们使用mattermost交流把