Server/Mattermost: Unterschied zwischen den Versionen

Aus Wiki StuRa HTW Dresden
Zur Navigation springen Zur Suche springen
Keine Bearbeitungszusammenfassung
 
(2 dazwischenliegende Versionen desselben Benutzers werden nicht angezeigt)
Zeile 394: Zeile 394:


: <code>fetch http://localhost:80 && cat localhost:80 && rm localhost:80</code>
: <code>fetch http://localhost:80 && cat localhost:80 && rm localhost:80</code>
==== Installation Certbot ====
in Anlehnung an https://certbot.eff.org/lets-encrypt/freebsd-nginx
----
: <code>pkg ins -y py27-certbot</code>
<pre></pre>
<!--
<pre>
Message from python27-2.7.15:
===========================================================================                                       
Note that some standard Python modules are provided as separate ports                                             
as they require additional dependencies. They are available as:                                                   
bsddb          databases/py-bsddb
gdbm            databases/py-gdbm
sqlite3        databases/py-sqlite3
tkinter        x11-toolkits/py-tkinter
===========================================================================                                       
Message from py27-urllib3-1.22,1:
Be careful, support of IPv6 is broken with PySocks 1.5.7.
</pre>
!-->
<pre>
Message from py27-certbot-0.27.1_1,1:
===========================================================================                                       
This port installs the "standalone" client only, which does not use and                                           
is not the certbot-auto bootstrap/wrapper script.
The simplest form of usage to obtain certificates is:
# sudo certbot certonly --standalone -d <domain>, [domain2, ... domainN]>                                         
NOTE:
The client requires the ability to bind on TCP port 80 or 443 (depending                                           
on the --preferred-challenges option used). If a server is running on that                                         
port, it will need to be temporarily stopped so that the standalone server                                         
can listen on that port to complete the challenge authentication process.                                         
For more information on the 'standalone' mode, see:
  https://certbot.eff.org/docs/using.html#standalone
The certbot plugins to support apache and nginx certificate installation                                           
will be made available in the following ports:
* Apache plugin: security/py-certbot-apache
* Nginx plugin: security/py-certbot-nginx
===========================================================================                                       
</pre>
: <code>pkg ins -y py27-certbot-nginx</code>
<pre></pre>
<!--
<pre>
Message from py27-pip-9.0.3:
============================== !!!! WARNING !!!! ==========================                                       
pip MUST ONLY be used:
* With the --user flag, OR
* To install or manage Python packages in virtual environments                                                   
Failure to follow this warning can and will result in an inconsistent                                             
system-wide Python environment (LOCALBASE/lib/pythonX.Y/site-packages) and                                         
cause errors.
Avoid using pip as root unless you know what you're doing.                                                         
============================== !!!! WARNING !!!! ==========================                                       
</pre>
!-->
==== Erstellung Zertifikat ====
: <s><code>certbot certonly --standalone --test-cert --agree-tos -m cert@stura.htw-dresden.de -n -d domain.stura.htw-dresden.de</code></s>
: <code>certbot certonly --standalone --agree-tos -m cert@stura.htw-dresden.de -n -d domain.stura.htw-dresden.de</code>
<pre>
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Plugins selected: Authenticator standalone, Installer None                                                         
Obtaining a new certificate
Performing the following challenges:
http-01 challenge for domain.stura.htw-dresden.de
Waiting for verification...
Cleaning up challenges
IMPORTANT NOTES:
- Congratulations! Your certificate and chain have been saved at:                                                 
  /usr/local/etc/letsencrypt/live/domain.stura.htw-dresden.de/fullchain.pem                                             
  Your key file has been saved at:
  /usr/local/etc/letsencrypt/live/domain.stura.htw-dresden.de/privkey.pem                                               
  Your cert will expire on 2019-03-17. To obtain a new or tweaked                                                 
  version of this certificate in the future, simply run certbot                                                   
  again. To non-interactively renew *all* of your certificates, run                                               
  "certbot renew"
- If you like Certbot, please consider supporting our work by:                                                   
  Donating to ISRG / Let's Encrypt:  https://letsencrypt.org/donate                                             
  Donating to EFF:                    https://eff.org/donate-le                                                   
</pre>
==== Anpassung Webserver ====
: <code>$EDITOR /usr/local/etc/nginx/nginx.conf</code>
<pre></pre>
<pre>
</pre>
<pre></pre>
: <code>$EDITOR /usr/local/etc/nginx/nginx.conf</code>
==== Anpassungen Mattermost ====
* Mail-Adresse (die als absendende Adresse für Mails zur Einladung & Co verwendet wird)
* Domain (die als Adresse für Verweise bei Mails zur Einladung & Co verwendet wird)


== Sonstiges ==
== Sonstiges ==

Aktuelle Version vom 17. Dezember 2018, 21:08 Uhr

Installation[Bearbeiten]

Installation Mattermost[Bearbeiten]


Installation vom Dienst (Server) Mattermost

Installieren vom Paket mattermost-server

pkg ins -y mattermost-server

===> Creating groups.
Creating group 'mattermost' with gid '889'.
===> Creating users
Creating user 'mattermost' with uid '889'.
===> Creating groups.
Using existing group 'mattermost'.
===> Creating users
Using existing user 'mattermost'.

(optionales) Begutachten vom Verzeichnis vom Dienst mattermost

ls /usr/local/www/mattermost
client		fonts		i18n		templates

Aktivieren vom Dienst mattermost (für jeden Neustart)

sysrc mattermostd_enable=YES
mattermostd_enable:  -> YES

Starten vom Dienst mattermost

service mattermostd start
Starting mattermostd.

Anzeigen (lassen) vom Status vom Dienst mattermost

service mattermostd status
mattermostd is not running.

cp /usr/local/etc/mattermost/config.json.sample /usr/local/etc/mattermost/config.json
less /usr/local/etc/mattermost/config.json.sample /usr/local/etc/mattermost/config.json

    "SqlSettings": {
        "DriverName": "mysql",
        "DataSource": "mmuser:mostest@tcp(dockerhost:3306)/mattermost_test?charset=utf8mb4,utf8&readTimeout=30s&writeTimeout=30s",
        "DataSourceReplicas": [],
        "DataSourceSearchReplicas": [],
        "MaxIdleConns": 20,
        "MaxOpenConns": 300,
        "Trace": false,
        "AtRestEncryptKey": "",
        "QueryTimeout": 30
    },

Installation Datenbank[Bearbeiten]


Installation vom Dienst Datenbank
Mattermost benennt (aktuell (2018-11-24)) als mögliche Programme als Dienst Datenbank (zum lokalen selbst Betreiben)
  • MySQL
    • 5.6
    • 5.7
    • 8
  • PostgreSQL
    • 9.4+
Wie bevorzugen PostgreSQL und die aktuellste Version ist die Version 10.

Installieren vom Paket postgresql10-server

pkg ins -y postgresql10-server

===> Creating groups.
Creating group 'postgres' with gid '770'.
===> Creating users
Creating user 'postgres' with uid '770'.

  =========== BACKUP YOUR DATA! =============
  As always, backup your data before
  upgrading. If the upgrade leads to a higher
  minor revision (e.g. 8.3.x -> 8.4), a dump
  and restore of all databases is
  required. This is *NOT* done by the port!
  ===========================================
Message from postgresql10-server-10.5:

For procedural languages and postgresql functions, please note that
you might have to update them when updating the server.

If you have many tables and many clients running, consider raising
kern.maxfiles using sysctl(8), or reconfigure your kernel
appropriately.

The port is set up to use autovacuum for new databases, but you might
also want to vacuum and perhaps backup your database regularly. There
is a periodic script, /usr/local/etc/periodic/daily/502.pgsql, that
you may find useful. You can use it to backup and perform vacuum on all
databases nightly. Per default, it performs `vacuum analyze'. See the
script for instructions. For autovacuum settings, please review
~pgsql/data/postgresql.conf.

If you plan to access your PostgreSQL server using ODBC, please
consider running the SQL script /usr/local/share/postgresql/odbc.sql
to get the functions required for ODBC compliance.

Please note that if you use the rc script,
/usr/local/etc/rc.d/postgresql, to initialize the database, unicode
(UTF-8) will be used to store character data by default.  Set
postgresql_initdb_flags or use login.conf settings described below to
alter this behaviour. See the start rc script for more info.

To set limits, environment stuff like locale and collation and other
things, you can set up a class in /etc/login.conf before initializing
the database. Add something similar to this to /etc/login.conf:
---
postgres:\
	:lang=en_US.UTF-8:\
	:setenv=LC_COLLATE=C:\
	:tc=default:
---
and run `cap_mkdb /etc/login.conf'.
Then add 'postgresql_class="postgres"' to /etc/rc.conf.

======================================================================

To initialize the database, run

  /usr/local/etc/rc.d/postgresql initdb

You can then start PostgreSQL by running:

  /usr/local/etc/rc.d/postgresql start

For postmaster settings, see ~pgsql/data/postgresql.conf

NB. FreeBSD's PostgreSQL port logs to syslog by default
    See ~pgsql/data/postgresql.conf for more info

NB. If you're not using a checksumming filesystem like ZFS, you might
    wish to enable data checksumming. It can only be enabled during
    the initdb phase, by adding the "--data-checksums" flag to
    the postgres_initdb_flags rcvar.  Check the initdb(1) manpage
    for more info and make sure you understand the performance
    implications.

======================================================================

To run PostgreSQL at startup, add
'postgresql_enable="YES"' to /etc/rc.conf

Installieren vom Paket postgresql10-contrib

pkg ins -y postgresql10-contrib

Message from postgresql10-contrib-10.5:

The PostgreSQL contrib utilities have been installed. Please see
/usr/local/share/doc/postgresql/contrib/README
for more information.

Aktivieren vom Dienst postgresql (für jeden Neustart)

sysrc postgresql_enable=YES
postgresql_enable:  -> YES

Starten vom Dienst postgresql

service postgresql initdb
The files belonging to this database system will be owned by user "postgres".
This user must also own the server process.

The database cluster will be initialized with locale "C".
The default text search configuration will be set to "english".

Data page checksums are disabled.

creating directory /var/db/postgres/data10 ... ok
creating subdirectories ... ok
selecting default max_connections ... 100
selecting default shared_buffers ... 128MB
selecting dynamic shared memory implementation ... posix
creating configuration files ... ok
running bootstrap script ... ok
performing post-bootstrap initialization ... ok
syncing data to disk ... ok

WARNING: enabling "trust" authentication for local connections
You can change this by editing pg_hba.conf or using the option -A, or
--auth-local and --auth-host, the next time you run initdb.

Success. You can now start the database server using:

    /usr/local/bin/pg_ctl -D /var/db/postgres/data10 -l logfile start

service postgresql start
yyyy-mm-dd HH:MM:SS.123 UTC [12345] LOG:  could not create IPv6 socket for address "::1": Protocol not supported
yyyy-mm-dd HH:MM:SS.123 UTC [12345] LOG:  listening on IPv4 address "127.0.0.1", port 5432
yyyy-mm-dd HH:MM:SS.123 UTC [12345] LOG:  listening on Unix socket "/tmp/.s.PGSQL.5432"
yyyy-mm-dd HH:MM:SS.123 UTC [12345] LOG:  ending log output to stderr
yyyy-mm-dd HH:MM:SS.123 UTC [12345] HINT:  Future log output will go to log destination "syslog".
service postgresql status
pg_ctl: server is running (PID: 12345)
/usr/local/bin/postgres "-D" "/var/db/postgres/data10"

Erstellung Datenbank[Bearbeiten]

Erstellung der Datenbank für den Dienst mattermost:

su postgres
cat ~/data10/postgresql.conf

psql

CREATE DATABASE mattermostuserdatabase;
CREATE DATABASE
CREATE USER mattermostuser WITH PASSWORD 'mattermostuserdatabasepassword';
CREATE ROLE
GRANT ALL PRIVILEGES ON DATABASE mattermostuserdatabase to mattermostuser;
GRANT
\q

$EDITOR /usr/local/etc/mattermost/config.json

    "SqlSettings": {


        "DriverName": "postgres",
        "DataSource": "postgres://mattermostuser:mattermostuserdatabasepassword@127.0.0.1:5432/mattermostuserdatabase?sslmode=disable&connect_timeout=10",

service mattermostd restart
fetch http://localhost:8065 && cat localhost:8065 && rm localhost:8065
localhost:8065                                100% of 3242  B   49 MBps 00m00s
<!DOCTYPE html> <html lang=en> <head> 

</body> </html>

Installation Webserver[Bearbeiten]


pkg ins -y nginx

===> Creating groups.
Using existing group 'www'.
===> Creating users
Using existing user 'www'.

Message from nginx-1.14.1,2:

===================================================================
Recent version of the NGINX introduces dynamic modules support.  In
FreeBSD ports tree this feature was enabled by default with the DSO
knob.  Several vendor's and third-party modules have been converted
to dynamic modules.  Unset the DSO knob builds an NGINX without
dynamic modules support.

To load a module at runtime, include the new `load_module'
directive in the main context, specifying the path to the shared
object file for the module, enclosed in quotation marks.  When you
reload the configuration or restart NGINX, the module is loaded in.
It is possible to specify a path relative to the source directory,
or a full path, please see
https://www.nginx.com/blog/dynamic-modules-nginx-1-9-11/ and
http://nginx.org/en/docs/ngx_core_module.html#load_module for
details.

Default path for the NGINX dynamic modules is

/usr/local/libexec/nginx.
===================================================================
sysrc nginx_enable=YES
service nginx start
fetch http://localhost:80 && cat localhost:80 && rm localhost:80

Installation Certbot[Bearbeiten]

in Anlehnung an https://certbot.eff.org/lets-encrypt/freebsd-nginx


pkg ins -y py27-certbot

Message from py27-certbot-0.27.1_1,1:

===========================================================================                                         

This port installs the "standalone" client only, which does not use and                                             
is not the certbot-auto bootstrap/wrapper script.

The simplest form of usage to obtain certificates is:

 # sudo certbot certonly --standalone -d <domain>, [domain2, ... domainN]>                                          

NOTE:

The client requires the ability to bind on TCP port 80 or 443 (depending                                            
on the --preferred-challenges option used). If a server is running on that                                          
port, it will need to be temporarily stopped so that the standalone server                                          
can listen on that port to complete the challenge authentication process.                                           

For more information on the 'standalone' mode, see:

  https://certbot.eff.org/docs/using.html#standalone

The certbot plugins to support apache and nginx certificate installation                                            
will be made available in the following ports:

 * Apache plugin: security/py-certbot-apache
 * Nginx plugin: security/py-certbot-nginx

===========================================================================                                         
pkg ins -y py27-certbot-nginx

Erstellung Zertifikat[Bearbeiten]

certbot certonly --standalone --test-cert --agree-tos -m cert@stura.htw-dresden.de -n -d domain.stura.htw-dresden.de
certbot certonly --standalone --agree-tos -m cert@stura.htw-dresden.de -n -d domain.stura.htw-dresden.de
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Plugins selected: Authenticator standalone, Installer None                                                          
Obtaining a new certificate
Performing the following challenges:
http-01 challenge for domain.stura.htw-dresden.de
Waiting for verification...
Cleaning up challenges

IMPORTANT NOTES:
 - Congratulations! Your certificate and chain have been saved at:                                                  
   /usr/local/etc/letsencrypt/live/domain.stura.htw-dresden.de/fullchain.pem                                              
   Your key file has been saved at:
   /usr/local/etc/letsencrypt/live/domain.stura.htw-dresden.de/privkey.pem                                                
   Your cert will expire on 2019-03-17. To obtain a new or tweaked                                                  
   version of this certificate in the future, simply run certbot                                                    
   again. To non-interactively renew *all* of your certificates, run                                                
   "certbot renew"
 - If you like Certbot, please consider supporting our work by:                                                     

   Donating to ISRG / Let's Encrypt:   https://letsencrypt.org/donate                                               
   Donating to EFF:                    https://eff.org/donate-le                                                    

Anpassung Webserver[Bearbeiten]

$EDITOR /usr/local/etc/nginx/nginx.conf



$EDITOR /usr/local/etc/nginx/nginx.conf

Anpassungen Mattermost[Bearbeiten]

  • Mail-Adresse (die als absendende Adresse für Mails zur Einladung & Co verwendet wird)
  • Domain (die als Adresse für Verweise bei Mails zur Einladung & Co verwendet wird)

Sonstiges[Bearbeiten]

Weblinks[Bearbeiten]