宝塔面板安装Mattermost团队聊天工具

1.服务器内存为1GB，先安装宝塔。

2.安装环境：nginx 1.19

MySQL 10.2.33-MariaDB

MySQL性能调整：

3.宝塔新建网站，申请证书，并开启强制https访问。

4.新建数据库：

开始安装：

一条一条执行下去就可以安装成功。

1）下载服务端文件（需要官网查看最新版）：

wget https://releases.mattermost.com/5.33.0/mattermost-5.33.0-linux-amd64.tar.gz

2）解压文件：

tar -xvzf mattermost*.gz

3）移动到 /opt文件夹：

sudo mv mattermost /opt

4）创建数据文件夹

sudo mkdir /opt/mattermost/data

5）创建名为mattermost的用户和组:

sudo useradd --system --user-group mattermost

6）设置用户和组mattermost为mattermost文件的所有者:

sudo chown -R mattermost:mattermost /opt/mattermost

7）给mattermost的组赋予写权限:

sudo chmod -R g+w /opt/mattermost

8）修改配置文件：

vim /opt/mattermost/config/config.json

修改 "DriverName" 后面值为 "mysql"

修改 "DataSource" 后面值为

"mattermost:rweypGcdTp7bjt3S@tcp(localhost:3306)/mattermost?charset=utf8mb4,utf8&readTimeout=30s&writeTimeout=30s"

注意红色的部分为用户与密码和数据库名字

9）定位到/opt/mattermost文件夹：

cd /opt/mattermost

使用用户Mattermost启动Mattermost服务器：

sudo -u mattermost ./bin/mattermost

查看是否有报错，这是关键的地方如果报错，需要找出原因，一般是数据库填的不对。这时可以打开IP:8065,查看页面，需要提前打开8065端口。

10）新建一个系统服务，可以使用nano

vim /lib/systemd/system/mattermost.service

将下面的粘贴进去

[Unit]

Description=Mattermost

After=network.target

After=mysqld.service

BindsTo=mysqld.service

[Service]

Type=notify

ExecStart=/opt/mattermost/bin/mattermost

TimeoutStartSec=3600

Restart=always

RestartSec=10

WorkingDirectory=/opt/mattermost

User=mattermost

Group=mattermost

LimitNOFILE=49152

[Install]

WantedBy=mysqld.service

输入 :wq，保存退出。

11）让systemd加载新单元。

sudo systemctl daemon-reload

12）检查确保已加载。

sudo systemctl status mattermost.service

13）启动服务。

sudo systemctl start mattermost.service

14）设置开机启动服务

sudo systemctl enable mattermost.service

15）最后修改网站的配置文件，红色的修改好为自己的域名，将下面的粘贴进去覆盖完。

upstream backend {

server 127.0.0.1:8065;

keepalive 32;

}

proxy_cache_path /var/cache/nginx levels=1:2 keys_zone=mattermost_cache:10m max_size=3g inactive=120m use_temp_path=off;

server {

listen 80;

server_name   chat,tell.com;

#一键申请SSL证书验证目录相关设置

location ~ \.well-known{

allow all;

}

return 301 https://$server_name$request_uri;

}

server {

listen 443 ssl http2;

server_name    chat,tell.com;

http2_push_preload on; # Enable HTTP/2 Server Push

#   ssl on;

ssl_certificate /www/server/panel/vhost/cert/chat,tell.com/fullchain.pem;

ssl_certificate_key /www/server/panel/vhost/cert/chat,tell.com/privkey.pem;

ssl_session_timeout 1d;

# Enable TLS versions (TLSv1.3 is required upcoming HTTP/3 QUIC).

ssl_protocols TLSv1.2 TLSv1.3;

# Enable TLSv1.3's 0-RTT. Use $ssl_early_data when reverse proxying to

# prevent replay attacks.

#

# @see: https://nginx.org/en/docs/http/ngx_http_ssl_module.html#ssl_early_data

ssl_early_data on;

ssl_ciphers 'ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256';

ssl_prefer_server_ciphers on;

ssl_session_cache shared:SSL:50m;

# HSTS (ngx_http_headers_module is required) (15768000 seconds = 6 months)

add_header Strict-Transport-Security max-age=15768000;

# OCSP Stapling ---

# fetch OCSP records from URL in ssl_certificate and cache them

ssl_stapling on;

ssl_stapling_verify on;

add_header X-Early-Data $tls1_3_early_data;

location ~ /api/v[0-9]+/(users/)?websocket$ {

proxy_set_header Upgrade $http_upgrade;

proxy_set_header Connection "upgrade";

client_max_body_size 50M;

proxy_set_header Host $http_host;

proxy_set_header X-Real-IP $remote_addr;

proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;

proxy_set_header X-Forwarded-Proto $scheme;

proxy_set_header X-Frame-Options SAMEORIGIN;

proxy_buffers 256 16k;

proxy_buffer_size 16k;

client_body_timeout 60;

send_timeout 300;

lingering_timeout 5;

proxy_connect_timeout 90;

proxy_send_timeout 300;

proxy_read_timeout 90s;

proxy_http_version 1.1;

proxy_pass http://backend;

}

location / {

client_max_body_size 50M;

proxy_set_header Connection "";

proxy_set_header Host $http_host;

proxy_set_header X-Real-IP $remote_addr;

proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;

proxy_set_header X-Forwarded-Proto $scheme;

proxy_set_header X-Frame-Options SAMEORIGIN;

proxy_buffers 256 16k;

proxy_buffer_size 16k;

proxy_read_timeout 600s;

proxy_cache mattermost_cache;

proxy_cache_revalidate on;

proxy_cache_min_uses 2;

proxy_cache_use_stale timeout;

proxy_cache_lock on;

proxy_http_version 1.1;

proxy_pass http://backend;

}

}

# This block is useful for debugging TLS v1.3. Please feel free to remove this

# and use the `$ssl_early_data` variable exposed by NGINX directly should you

# wish to do so.

map $ssl_early_data $tls1_3_early_data {

"~." $ssl_early_data;

default "";

}

最后就可以正常使用了，管理员后台和聊天界面都是英文的，其它用户可以设置为中文。

设置语言：