Server/Mattermost
Installation[Bearbeiten]
Installation Mattermost[Bearbeiten]
- Installation vom Dienst (Server) Mattermost
Installieren vom Paket mattermost-server
pkg ins -y mattermost-server
===> Creating groups. Creating group 'mattermost' with gid '889'. ===> Creating users Creating user 'mattermost' with uid '889'.
===> Creating groups. Using existing group 'mattermost'. ===> Creating users Using existing user 'mattermost'.
(optionales) Begutachten vom Verzeichnis vom Dienst mattermost
ls /usr/local/www/mattermost
client fonts i18n templates
Aktivieren vom Dienst mattermost (für jeden Neustart)
sysrc mattermostd_enable=YES
mattermostd_enable: -> YES
Starten vom Dienst mattermost
service mattermostd start
Starting mattermostd.
Anzeigen (lassen) vom Status vom Dienst mattermost
service mattermostd status
mattermostd is not running.
cp /usr/local/etc/mattermost/config.json.sample /usr/local/etc/mattermost/config.json
less /usr/local/etc/mattermost/config.json.sample /usr/local/etc/mattermost/config.json
"SqlSettings": { "DriverName": "mysql", "DataSource": "mmuser:mostest@tcp(dockerhost:3306)/mattermost_test?charset=utf8mb4,utf8&readTimeout=30s&writeTimeout=30s", "DataSourceReplicas": [], "DataSourceSearchReplicas": [], "MaxIdleConns": 20, "MaxOpenConns": 300, "Trace": false, "AtRestEncryptKey": "", "QueryTimeout": 30 },
Installation Datenbank[Bearbeiten]
- Installation vom Dienst Datenbank
- Mattermost benennt (aktuell (2018-11-24)) als mögliche Programme als Dienst Datenbank (zum lokalen selbst Betreiben)
- MySQL
- 5.6
- 5.7
- 8
- PostgreSQL
- 9.4+
- MySQL
- Wie bevorzugen PostgreSQL und die aktuellste Version ist die Version 10.
Installieren vom Paket postgresql10-server
pkg ins -y postgresql10-server
===> Creating groups. Creating group 'postgres' with gid '770'. ===> Creating users Creating user 'postgres' with uid '770'. =========== BACKUP YOUR DATA! ============= As always, backup your data before upgrading. If the upgrade leads to a higher minor revision (e.g. 8.3.x -> 8.4), a dump and restore of all databases is required. This is *NOT* done by the port! ===========================================
Message from postgresql10-server-10.5: For procedural languages and postgresql functions, please note that you might have to update them when updating the server. If you have many tables and many clients running, consider raising kern.maxfiles using sysctl(8), or reconfigure your kernel appropriately. The port is set up to use autovacuum for new databases, but you might also want to vacuum and perhaps backup your database regularly. There is a periodic script, /usr/local/etc/periodic/daily/502.pgsql, that you may find useful. You can use it to backup and perform vacuum on all databases nightly. Per default, it performs `vacuum analyze'. See the script for instructions. For autovacuum settings, please review ~pgsql/data/postgresql.conf. If you plan to access your PostgreSQL server using ODBC, please consider running the SQL script /usr/local/share/postgresql/odbc.sql to get the functions required for ODBC compliance. Please note that if you use the rc script, /usr/local/etc/rc.d/postgresql, to initialize the database, unicode (UTF-8) will be used to store character data by default. Set postgresql_initdb_flags or use login.conf settings described below to alter this behaviour. See the start rc script for more info. To set limits, environment stuff like locale and collation and other things, you can set up a class in /etc/login.conf before initializing the database. Add something similar to this to /etc/login.conf: --- postgres:\ :lang=en_US.UTF-8:\ :setenv=LC_COLLATE=C:\ :tc=default: --- and run `cap_mkdb /etc/login.conf'. Then add 'postgresql_class="postgres"' to /etc/rc.conf. ====================================================================== To initialize the database, run /usr/local/etc/rc.d/postgresql initdb You can then start PostgreSQL by running: /usr/local/etc/rc.d/postgresql start For postmaster settings, see ~pgsql/data/postgresql.conf NB. FreeBSD's PostgreSQL port logs to syslog by default See ~pgsql/data/postgresql.conf for more info NB. If you're not using a checksumming filesystem like ZFS, you might wish to enable data checksumming. It can only be enabled during the initdb phase, by adding the "--data-checksums" flag to the postgres_initdb_flags rcvar. Check the initdb(1) manpage for more info and make sure you understand the performance implications. ====================================================================== To run PostgreSQL at startup, add 'postgresql_enable="YES"' to /etc/rc.conf
Installieren vom Paket postgresql10-contrib
pkg ins -y postgresql10-contrib
Message from postgresql10-contrib-10.5: The PostgreSQL contrib utilities have been installed. Please see /usr/local/share/doc/postgresql/contrib/README for more information.
Aktivieren vom Dienst postgresql (für jeden Neustart)
sysrc postgresql_enable=YES
postgresql_enable: -> YES
Starten vom Dienst postgresql
service postgresql initdb
The files belonging to this database system will be owned by user "postgres". This user must also own the server process. The database cluster will be initialized with locale "C". The default text search configuration will be set to "english". Data page checksums are disabled. creating directory /var/db/postgres/data10 ... ok creating subdirectories ... ok selecting default max_connections ... 100 selecting default shared_buffers ... 128MB selecting dynamic shared memory implementation ... posix creating configuration files ... ok running bootstrap script ... ok performing post-bootstrap initialization ... ok syncing data to disk ... ok WARNING: enabling "trust" authentication for local connections You can change this by editing pg_hba.conf or using the option -A, or --auth-local and --auth-host, the next time you run initdb. Success. You can now start the database server using: /usr/local/bin/pg_ctl -D /var/db/postgres/data10 -l logfile start
service postgresql start
yyyy-mm-dd HH:MM:SS.123 UTC [12345] LOG: could not create IPv6 socket for address "::1": Protocol not supported yyyy-mm-dd HH:MM:SS.123 UTC [12345] LOG: listening on IPv4 address "127.0.0.1", port 5432 yyyy-mm-dd HH:MM:SS.123 UTC [12345] LOG: listening on Unix socket "/tmp/.s.PGSQL.5432" yyyy-mm-dd HH:MM:SS.123 UTC [12345] LOG: ending log output to stderr yyyy-mm-dd HH:MM:SS.123 UTC [12345] HINT: Future log output will go to log destination "syslog".
service postgresql status
pg_ctl: server is running (PID: 12345) /usr/local/bin/postgres "-D" "/var/db/postgres/data10"
Erstellung Datenbank[Bearbeiten]
- Erstellung der Datenbank für den Dienst mattermost:
su postgres
cat ~/data10/postgresql.conf
psql
CREATE DATABASE mattermostuserdatabase;
CREATE DATABASE
CREATE USER mattermostuser WITH PASSWORD 'mattermostuserdatabasepassword';
CREATE ROLE
GRANT ALL PRIVILEGES ON DATABASE mattermostuserdatabase to mattermostuser;
GRANT
\q
$EDITOR /usr/local/etc/mattermost/config.json
"SqlSettings": {
"DriverName": "postgres", "DataSource": "postgres://mattermostuser:mattermostuserdatabasepassword@127.0.0.1:5432/mattermostuserdatabase?sslmode=disable&connect_timeout=10",
service mattermostd restart
fetch http://localhost:8065 && cat localhost:8065 && rm localhost:8065
localhost:8065 100% of 3242 B 49 MBps 00m00s <!DOCTYPE html> <html lang=en> <head>
</body> </html>
Installation Webserver[Bearbeiten]
pkg ins -y nginx
===> Creating groups. Using existing group 'www'. ===> Creating users Using existing user 'www'.
Message from nginx-1.14.1,2: =================================================================== Recent version of the NGINX introduces dynamic modules support. In FreeBSD ports tree this feature was enabled by default with the DSO knob. Several vendor's and third-party modules have been converted to dynamic modules. Unset the DSO knob builds an NGINX without dynamic modules support. To load a module at runtime, include the new `load_module' directive in the main context, specifying the path to the shared object file for the module, enclosed in quotation marks. When you reload the configuration or restart NGINX, the module is loaded in. It is possible to specify a path relative to the source directory, or a full path, please see https://www.nginx.com/blog/dynamic-modules-nginx-1-9-11/ and http://nginx.org/en/docs/ngx_core_module.html#load_module for details. Default path for the NGINX dynamic modules is /usr/local/libexec/nginx. ===================================================================
sysrc nginx_enable=YES
service nginx start
fetch http://localhost:80 && cat localhost:80 && rm localhost:80
Installation Certbot[Bearbeiten]
in Anlehnung an https://certbot.eff.org/lets-encrypt/freebsd-nginx
pkg ins -y py27-certbot
Message from py27-certbot-0.27.1_1,1: =========================================================================== This port installs the "standalone" client only, which does not use and is not the certbot-auto bootstrap/wrapper script. The simplest form of usage to obtain certificates is: # sudo certbot certonly --standalone -d <domain>, [domain2, ... domainN]> NOTE: The client requires the ability to bind on TCP port 80 or 443 (depending on the --preferred-challenges option used). If a server is running on that port, it will need to be temporarily stopped so that the standalone server can listen on that port to complete the challenge authentication process. For more information on the 'standalone' mode, see: https://certbot.eff.org/docs/using.html#standalone The certbot plugins to support apache and nginx certificate installation will be made available in the following ports: * Apache plugin: security/py-certbot-apache * Nginx plugin: security/py-certbot-nginx ===========================================================================
pkg ins -y py27-certbot-nginx
Erstellung Zertifikat[Bearbeiten]
certbot certonly --standalone --test-cert --agree-tos -m cert@stura.htw-dresden.de -n -d domain.stura.htw-dresden.de
certbot certonly --standalone --agree-tos -m cert@stura.htw-dresden.de -n -d domain.stura.htw-dresden.de
Saving debug log to /var/log/letsencrypt/letsencrypt.log Plugins selected: Authenticator standalone, Installer None Obtaining a new certificate Performing the following challenges: http-01 challenge for domain.stura.htw-dresden.de Waiting for verification... Cleaning up challenges IMPORTANT NOTES: - Congratulations! Your certificate and chain have been saved at: /usr/local/etc/letsencrypt/live/domain.stura.htw-dresden.de/fullchain.pem Your key file has been saved at: /usr/local/etc/letsencrypt/live/domain.stura.htw-dresden.de/privkey.pem Your cert will expire on 2019-03-17. To obtain a new or tweaked version of this certificate in the future, simply run certbot again. To non-interactively renew *all* of your certificates, run "certbot renew" - If you like Certbot, please consider supporting our work by: Donating to ISRG / Let's Encrypt: https://letsencrypt.org/donate Donating to EFF: https://eff.org/donate-le
Anpassung Webserver[Bearbeiten]
$EDITOR /usr/local/etc/nginx/nginx.conf
$EDITOR /usr/local/etc/nginx/nginx.conf
Anpassungen Mattermost[Bearbeiten]
- Mail-Adresse (die als absendende Adresse für Mails zur Einladung & Co verwendet wird)
- Domain (die als Adresse für Verweise bei Mails zur Einladung & Co verwendet wird)