安装部署
部署环境
- OS: CentOS7.6
- CPU: 8core
- MEM: 16G
- Nodejs: v12.14.0
- MongoDB: v3.6.19
- Rocket.Chat 3.7.0
所有文件可在这里下载:
链接:https://pan.baidu.com/s/1VhVnWlkb9efQ4ynJucQXoA
提取码:ix3b
安装操作系统时最好最小化安装,并将最大的数据盘挂载分配给/srv目录
关闭系统防火墙和SElinux
service firewalld stop
service iptables stop
chkconfig iptables off
chkconfig firewalld off
setenforce 0
sed -i 's/SELINUX=enforcing/SELINUX=disabled/' /etc/selinux/config
内核优化
net.ipv4.ip_forward = 0
net.ipv4.conf.default.rp_filter = 1
net.ipv4.conf.default.accept_source_route = 0
kernel.sysrq = 0
kernel.core_uses_pid = 1
kernel.threads-max=65535
kernel.msgmni = 16384
kernel.msgmnb = 65535
kernel.msgmax = 65535
kernel.shmmax = 68719476736
kernel.shmall = 4294967296
kernel.shmmni = 4096
kernel.sem = 5010 641280 5010 128
net.ipv4.tcp_max_tw_buckets = 6000000
net.ipv4.tcp_sack = 1
net.ipv4.tcp_window_scaling = 1
net.ipv4.tcp_rmem = 4096 87380 16777216
net.ipv4.tcp_wmem = 4096 65536 16777216
net.core.wmem_default = 8388608
net.core.rmem_default = 8388608
net.core.rmem_max = 16777216
net.core.wmem_max = 16777216
net.core.netdev_max_backlog = 200000
net.ipv4.tcp_no_metrics_save = 1
net.core.somaxconn = 65535
net.core.optmem_max = 10000000
net.ipv4.tcp_max_orphans = 32768
net.ipv4.tcp_max_syn_backlog = 655360
net.ipv4.tcp_syncookies = 1
net.ipv4.tcp_timestamps = 0
net.ipv4.tcp_synack_retries = 2
net.ipv4.tcp_syn_retries = 2
net.ipv4.tcp_tw_recycle = 1
net.ipv4.tcp_tw_reuse = 1
net.ipv4.tcp_mem = 94500000 915000000 927000000
net.ipv4.tcp_fin_timeout = 10
net.ipv4.tcp_keepalive_time = 300
net.ipv4.tcp_keepalive_probes=10
net.ipv4.tcp_keepalive_intvl=2
net.ipv4.ip_local_port_range = 10000 65535
net.ipv4.route.gc_timeout = 100
net.ipv4.tcp_congestion_control=cubic
net.ipv4.conf.lo.arp_ignore = 1
net.ipv4.conf.lo.arp_announce = 2
net.ipv4.conf.all.arp_ignore = 1
net.ipv4.conf.all.arp_announce = 2
fs.aio-max-nr = 1024000
fs.file-max = 1024000
kernel.pid_max=327680
vm.swappiness = 0
vm.max_map_count=655360
sysctl -p后建议重启系统
MongoDB安装
这里我用的老版本,官网上我看都直接用4版本了, 反正也没啥大问题,先用这个吧,毕竟我这儿只下载了这个版本的安装包。
- 创建所需要的目录和用户
mkdir -p /srv/{app,data,logs,backup}/mongodb
useradd -r -M -s /sbin/nologin mongod
将百度云里面的mongodb安装包sftp到服务器并解压
tar -zxf mongodb-3.6.19.tar.gz -C /srv/app/mongodb/
创建mongodb服务器的配置:
[root@localhost ~]# cat /srv/app/mongodb/conf/mongod.conf
systemLog:
destination: file
logAppend: true
path: /srv/logs/mongodb/mongod.log
storage:
dbPath: /srv/data/mongodb
journal:
enabled: true
engine: mmapv1
wiredTiger:
engineConfig:
cacheSizeGB: 2
processManagement:
fork: true
pidFilePath: /run/mongodb/mongod.pid
timeZoneInfo: /usr/share/zoneinfo
net:
port: 27017
bindIp: 127.0.0.1
replication:
replSetName: rs01
#security:
# authorization: enabled
添加mongodb的systemd服务启动配置(开机启动)
[root@localhost ~]# cat /etc/systemd/system/mongod.service
[Unit]
Description=MongoDB Database Server
Documentation=https://docs.mongodb.org/manual
After=network.target
[Service]
User=mongod
Group=mongod
Environment="OPTIONS=-f /srv/app/mongodb/conf/mongod.conf"
EnvironmentFile=-/etc/sysconfig/mongod
ExecStart=/srv/app/mongodb/bin/mongod $OPTIONS
ExecStartPre=/usr/bin/mkdir -p /var/run/mongodb
ExecStartPre=/usr/bin/chown mongod:mongod /var/run/mongodb
ExecStartPre=/usr/bin/chmod 0755 /var/run/mongodb
PermissionsStartOnly=true
PIDFile=/var/run/mongodb/mongod.pid
Type=forking
LimitFSIZE=infinity
LimitCPU=infinity
LimitAS=infinity
LimitNOFILE=64000
LimitNPROC=64000
LimitMEMLOCK=infinity
TasksMax=infinity
TasksAccounting=false
[Install]
WantedBy=multi-user.target
进行服务启动
chown -Rf mongod:mongod /srv/{app,data,logs,backup}/mongodb
systemctl enable mongod.servie
systemctl start mongod.service
sleep 10s; /srv/app/mongodb/bin/mongo --eval "printjson(rs.initiate())"
安装Rocket.Chat
将rocketchat服务安装包和nodejs安装包导入服务器
#第一步,准备文件和nodejs环境
tar -zxf rocket.chat-3.7.0.tgz
mv bundle /srv/app/Rocket.Chat
mkdir -p /opt/nodejs
xz -d node-v12.14.0-linux-x64.tar.xz
tar -zxf node-v12.14.0-linux-x64.tar -C /opt/nodejs/
ln -s /opt/nodejs/node-v12.14.0-linux-x64/node /usr/bin/
ln -s /opt/nodejs/node-v12.14.0-linux-x64/npm /usr/bin/
npm config set registry https://registry.npm.taobao.org
npm install -g inherits n
# 第二步,正式安装rocket.chat
cd /srv/app/Rocket.Chat/programs/server && npm install
#添加用户并修改权限
useradd -r -M -s /sbin/nologin rocketchat
chown -Rf rocketchat:rocketchat /srv/app/Rocket.Chat
添加服务启动配置:
[root@localhost ~]# cat /etc/systemd/system/rocketchat.service
[Unit]
Description=The Rocket.Chat server
After=network.target mongod.target
[Service]
Type=simple
Environment="MONGO_URL=mongodb://localhost:27017/rocketchat?replicaSet=rs01"
Environment="MONGO_OPLOG_URL=mongodb://localhost:27017/local?replicaSet=rs01"
Environment="ROOT_URL=http://localhost:3000/"
Environment="PORT=3000"
ExecStart=/usr/bin/node /srv/app/Rocket.Chat/main.js
Restart=on-failure
StandardOutput=syslog
StandardError=syslog
SyslogIdentifier=rocketchat
User=rocketchat
[Install]
WantedBy=multi-user.target
启动服务:
systemctl enable rocketchat
systemctl start rocketchat
这样服务就能启动了, 不过也有可能会有一些报错,就需要看/var/log/message日志进行解决了
访问 http://ip:3000就能看到界面了。
nginx代理
这里nginx的安装就不多说了,相信各位道友都有很好的解决办法,实在嫌麻烦的朋友可以用yum安装搞定;不多说,直接上配置:
server {
listen 80 default_server;
listen [::]:80 default_server;
listen 443 default_server ssl http2;
listen [::]:443 default_server ssl http2;
server_name _;
return 444;
include /srv/app/tengine/conf/ssl_xxx.top.conf;
}
# Upstreams
upstream backend {
server 127.0.0.1:3000;
}
server {
listen 80;
server_name chat.xxx.top;
return 301 https://$host$request_uri;
access_log /srv/logs/nginx/rocketchat_access.log nginxjson;
error_log /srv/logs/nginx/rocketchat_error.log;
}
server {
listen 443 ssl http2;
server_name chat.xxx.top;
client_max_body_size 200M;
access_log /srv/logs/nginx/rocketchat_access.log;
error_log /srv/logs/nginx/rocketchat_error.log;
ssl on;
ssl_certificate /srv/app/tengine/cert/xxx.top/nginx.crt;
ssl_certificate_key /srv/app/tengine/cert/xxx.top/nginx.key;
ssl_dhparam /srv/app/tengine/cert/xxx.top/dhparams.pem;
ssl_protocols TLSv1.2 TLSv1.1 TLSv1;
ssl_ciphers ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256;
ssl_prefer_server_ciphers on;
ssl_session_cache shared:SSL:10m;
ssl_session_timeout 10m;
location / {
proxy_pass http://backend;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_set_header Host $http_host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto https;
proxy_set_header X-Nginx-Proxy true;
proxy_redirect off;
}
}