Debian Jessie搭建Mattermost

作者:Secer 发布时间:July 21, 2016 分类:精品软件

Websocket聊天,不支持xmpp

 

Install Debian Jessie (x64)


1. Set up 3 machines with Debian Jessie with 2GB of RAM or more. The servers will be used for the Load Balancer, Mattermost (this must be x64 to use pre-built binaries), and Database.
2. This can also be set up all on a single server for small teams:• I have a Mattermost instance running on a single Debian Jessie server with 1GB of ram and 30 GB SSD
• This has been working in production for ~20 users without issue.
• The only difference in the below instructions for this method is to do everything on the same server
• Make sure the system is up to date with the most recent security patches.• sudo apt-get update
• sudo apt-get upgrade

Set up Database Server


1. For the purposes of this guide we will assume this server has an IP address of 10.10.10.1
2. Install PostgreSQL 9.3+ (or MySQL 5.6+)• sudo apt-get install postgresql postgresql-contrib
• PostgreSQL created a user account called postgres. You will need to log into that account with:• sudo -i -u postgres
• You can get a PostgreSQL prompt by typing:• psql
• Create the Mattermost database by typing:• postgres=# CREATE DATABASE mattermost;
• Create the Mattermost user by typing:• postgres=# CREATE USER mmuser WITH PASSWORD 'mmuser_password';
• Grant the user access to the Mattermost database by typing:• postgres=# GRANT ALL PRIVILEGES ON DATABASE mattermost to mmuser;
• You can exit out of PostgreSQL by typing:• postgre=# \q
• You can exit the postgres account by typing:• exit
• Allow Postgres to listen on all assigned IP Addresses• sudo vi /etc/postgresql/9.3/main/postgresql.conf
• Uncomment ‘listen_addresses’ and change ‘localhost’ to ‘*’
• Alter pg_hba.conf to allow the mattermost server to talk to the postgres database• sudo vi /etc/postgresql/9.3/main/pg_hba.conf
• Add the following line to the ‘IPv4 local connections’
• host all all 10.10.10.2/32 md5
• Reload Postgres database• sudo /etc/init.d/postgresql reload
• Attempt to connect with the new created user to verify everything looks good• psql --host=10.10.10.1 --dbname=mattermost --username=mmuser --password
• mattermost=> \q

Set up Mattermost Server


1. For the purposes of this guide we will assume this server has an IP address of 10.10.10.1
2. Download the latest Mattermost Server by typing:
• wget https://github.com/mattermost/platform/releases/download/vX.X.X/mattermost.tar.gz
• Where vX.X.X is the latest Mattermost release version. For example, v2.0.0
• Install Mattermost under /opt
• Unzip the Mattermost Server by typing:
• tar -xvzf mattermost.tar.gz
• sudo mv mattermost /opt
• Create the storage directory for files. We assume you will have attached a large drive for storage of images and files. For this setup we will assume the directory is located at /opt/mattermost/data.
• Create the directory by typing:
• sudo mkdir -p /opt/mattermost/data
• Create a system user and group called mattermost that will run this service
• sudo useradd -r mattermost -U
• Set the mattermost account as the directory owner by typing:
• sudo chown -R mattermost:mattermost /opt/mattermost
• sudo chmod -R g+w /opt/mattermost
• Add yourself to the mattermost group to ensure you can edit these files:
• sudo usermod -aG mattermost USERNAME
• Configure Mattermost Server by editing the config.json file at /opt/mattermost/config
• cd /opt/mattermost/config
• Edit the file by typing:
• vi config.json
• replace DriverName": "mysql" with DriverName": "postgres"
• replace "DataSource": "mmuser:[email protected](dockerhost:3306)/mattermost_test?charset=utf8mb4,utf8"with "DataSource": "postgres://mmuser:[email protected]:5432/mattermost?sslmode=disable&connect_timeout=10"• Assuming a default IP address of 10.10.10.1
• Optionally you may continue to edit configuration settings in config.json or use the System Console described in a later section to finish the configuration.
• Test the Mattermost Server
• cd /opt/mattermost/bin
• Run the Mattermost Server by typing:
• ./platform
• You should see a console log like Server is listening on :8065 letting you know the service is running.
• Stop the server for now by typing ctrl-c
• Setup Mattermost to use the systemd init daemon which handles supervision of the Mattermost process
• sudo touch /etc/init.d/mattermost
• sudo vi /etc/init.d/mattermost
• Copy the following lines into /etc/init.d/mattermost


#! /bin/sh
### BEGIN INIT INFO
# Provides: mattermost
# Required-Start: $network $syslog
# Required-Stop: $network $syslog
# Default-Start: 2 3 4 5
# Default-Stop: 0 1 6
# Short-Description: Mattermost Group Chat
# Description: Mattermost: An open-source Slack
### END INIT INFO
PATH=/sbin:/usr/sbin:/bin:/usr/bin
DESC="Mattermost"
NAME=mattermost
MATTERMOST_ROOT=/opt/mattermost
MATTERMOST_GROUP=mattermost
MATTERMOST_USER=mattermost
DAEMON="$MATTERMOST_ROOT/bin/platform"
PIDFILE=/var/run/$NAME.pid
SCRIPTNAME=/etc/init.d/$NAME
. /lib/lsb/init-functions
do_start() {
# Return
# 0 if daemon has been started
# 1 if daemon was already running
# 2 if daemon could not be started
start-stop-daemon --start --quiet \
--chuid $MATTERMOST_USER:$MATTERMOST_GROUP --chdir $MATTERMOST_ROOT --background \
--pidfile $PIDFILE --exec $DAEMON --test > /dev/null \
|| return 1
start-stop-daemon --start --quiet \
--chuid $MATTERMOST_USER:$MATTERMOST_GROUP --chdir $MATTERMOST_ROOT --background \
--make-pidfile --pidfile $PIDFILE --exec $DAEMON \
|| return 2
}
#
# Function that stops the daemon/service
#
do_stop() {
# Return
# 0 if daemon has been stopped
# 1 if daemon was already stopped
# 2 if daemon could not be stopped
# other if a failure occurred
start-stop-daemon --stop --quiet --retry=TERM/30/KILL/5 \
--pidfile $PIDFILE --exec $DAEMON
RETVAL="$?"
[ "$RETVAL" = 2 ] && return 2
# Wait for children to finish too if this is a daemon that forks
# and if the daemon is only ever run from this initscript.
# If the above conditions are not satisfied then add some other code
# that waits for the process to drop all resources that could be
# needed by services started subsequently. A last resort is to
# sleep for some time.
start-stop-daemon --stop --quiet --oknodo --retry=0/30/KILL/5 \
--exec $DAEMON
[ "$?" = 2 ] && return 2
# Many daemons don't delete their pidfiles when they exit.
rm -f $PIDFILE
return "$RETVAL"
}
case "$1" in
start)
[ "$VERBOSE" != no ] && log_daemon_msg "Starting $DESC" "$NAME"
do_start
case "$?" in
0|1) [ "$VERBOSE" != no ] && log_end_msg 0 ;;
2) [ "$VERBOSE" != no ] && log_end_msg 1 ;;
esac
;;
stop)
[ "$VERBOSE" != no ] && log_daemon_msg "Stopping $DESC" "$NAME"
do_stop
case "$?" in
0|1) [ "$VERBOSE" != no ] && log_end_msg 0 ;;
2) [ "$VERBOSE" != no ] && log_end_msg 1 ;;
esac
;;
status)
status_of_proc "$DAEMON" "$NAME" && exit 0 || exit $?
;;
restart|force-reload)
#
# If the "reload" option is implemented then remove the
# 'force-reload' alias
#
log_daemon_msg "Restarting $DESC" "$NAME"
do_stop
case "$?" in
0|1)
do_start
case "$?" in
0) log_end_msg 0 ;;
1) log_end_msg 1 ;; # Old process is still running
*) log_end_msg 1 ;; # Failed to start
esac
;;
*)
# Failed to stop
log_end_msg 1
;;
esac
;;
*)
echo "Usage: $SCRIPTNAME {start|stop|status|restart|force-reload}" >&2
exit 3
;;
esac
exit 0


• Make sure that /etc/init.d/mattermost is executable
• sudo chmod +x /etc/init.d/mattermost
• On reboot, systemd will generate a unit file from the headers in this init script and install it in/run/systemd/generator.late/
Note: This setup can also be done using a systemd unit, usable for non-Debian systems, such as Arch Linux. The unit file is as follows:
# cat /etc/systemd/system/mattermost.service


[Unit]
Description=Mattermost
After=network.target
[Service]
User=mattermost
ExecStart=/home/mattermost/mattermost/bin/platform
WorkingDirectory=/home/mattermost/mattermost
Restart=always
RestartSec=30
[Install]
WantedBy=multi-user.target

# systemctl start mattermost
# systemctl enable mattermost

Set up Nginx Server


1. For the purposes of this guide we will assume this server has an IP address of 10.10.10.3
2. We use Nginx for proxying request to the Mattermost Server. The main benefits are:
• SSL termination
• http to https redirect
• Port mapping :80 to :8065
• Standard request logs
• Install Nginx on Debian with
• sudo apt-get install nginx
• Verify Nginx is running
• curl http://10.10.10.3
• You should see a Welcome to nginx! page
• You can manage Nginx with the following commands
• sudo service nginx stop
• sudo service nginx start
• sudo service nginx restart
• Map a FQDN (fully qualified domain name) like mattermost.example.com to point to the Nginx server.
• Configure Nginx to proxy connections from the internet to the Mattermost Server
• Create a configuration for Mattermost
• sudo touch /etc/nginx/sites-available/mattermost
• Below is a sample configuration with the minimum settings required to configure Mattermost


server {
server_name mattermost.example.com;
location / {
client_max_body_size 50M;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_set_header Host $http_host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Frame-Options SAMEORIGIN;
proxy_pass http://10.10.10.2:8065;
}
}


• Remove the existing file with
• sudo rm /etc/nginx/sites-enabled/default
• Link the mattermost config by typing:
• sudo ln -s /etc/nginx/sites-available/mattermost /etc/nginx/sites-enabled/mattermost
• Restart Nginx by typing:
• sudo service nginx restart
• Verify you can see Mattermost thru the proxy by typing:
• curl http://localhost
• You should see a page titles Mattermost - Signup

Set up Nginx with SSL (Recommended)


1. You can use a free and an open certificate security like let’s encrypt, this is how to proceed
• sudo apt-get install git
• git clone https://github.com/letsencrypt/letsencrypt
• cd letsencrypt
• Be sure that the port 80 is not use by stopping nginx
• sudo service nginx stop
• netstat -na | grep ':80.*LISTEN'
• ./letsencrypt-auto certonly --standalone
• This command will download packages and run the instance, after that you will have to give your domain name
• You can find your certificate in /etc/letsencrypt/live
• Modify the file at /etc/nginx/sites-available/mattermost and add the following lines:


server {
listen 80;
server_name mattermost.example.com;
return 301 https://$server_name$request_uri;
}
server {
listen 443 ssl;
server_name mattermost.example.com;
ssl on;
ssl_certificate /etc/letsencrypt/live/yourdomainname/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/yourdomainname/privkey.pem;
ssl_session_timeout 5m;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers 'EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH';
ssl_prefer_server_ciphers on;
ssl_session_cache shared:SSL:10m;
location / {
gzip off;
proxy_set_header X-Forwarded-Ssl on;
client_max_body_size 50M;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_set_header Host $http_host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Frame-Options SAMEORIGIN;
proxy_pass http://10.10.10.2:8065;
}
}


• Be sure to restart nginx
• sudo service nginx start
• Add the following line to cron so the cert will renew every month
• crontab -e
• @monthly /home/YOURUSERNAME/letsencrypt/letsencrypt-auto certonly --reinstall -d yourdomainname&& sudo service nginx reload

Finish Mattermost Server setup


1. Navigate to https://mattermost.example.com and create a team and user.
2. The first user in the system is automatically granted the system_admin role, which gives you access to the System Console.
3. From the town-square channel click the dropdown and choose the System Console option
4. Update Email Settings. We recommend using an email sending service. The example below assumes AmazonSES.• Set Send Email Notifications to true
• Set Require Email Verification to true
• Set Feedback Name to No-Reply
• Set Feedback Email to [email protected]
• Set SMTP Username to AFIADTOVDKDLGERR
• Set SMTP Password to DFKJoiweklsjdflkjOIGHLSDFJewiskdjf
• Set SMTP Server to email-smtp.us-east-1.amazonaws.com
• Set SMTP Port to 465
• Set Connection Security to TLS
• Save the Settings
• Update File Settings• Change Local Directory Location from ./data/ to /mattermost/data
• Update Log Settings.• Set Log to The Console to false
• Update Rate Limit Settings.• Set Vary By Remote Address to false
• Set Vary By HTTP Header to X-Real-IP
• Feel free to modify other settings.
• Restart the Mattermost Service by typing:• sudo restart mattermost

http://docs.mattermost.com/install/prod-debian.html

团队笔记共享程序Leanote安装及配置

作者:Secer 发布时间:September 18, 2015 分类:精品软件

测试日志

win7+leanote+mongodb+nginx+php

1、安装数据库Mongodb

下载地址https://fastdl.mongodb.org/win32/mongodb-win32-x86_64-2008plus-ssl-3.0.5-signed.msi

 

Mongodb安装服务
D:\MongoDB>mongod --install --logpath=d:\MongoDB\logs --auth --bind_ip 127.0.0.1 --port 59983 --dbpath=d:\MongoDB\data
安装好服务之后,先不启动,用命令行无验证启动下,

D:\MongoDB>mongod --logpath=d:\MongoDB\logs --bind_ip 127.0.0.1 --port 59983 --dbpath=d:\MongoDB\data

连接数据库添加权限
D:\MongoDB>mongo --host 127.0.0.1 --port 59983
2015-08-19T00:37:38.351+0800 I CONTROL  Hotfix KB2731284 or later update is not
installed, will zero-out data files
MongoDB shell version: 3.0.5
connecting to: 127.0.0.1:59983/test
Welcome to the MongoDB shell.
For interactive help, type "help".
For more comprehensive documentation, see
http://docs.mongodb.org/
Questions? Try the support group
http://groups.google.com/group/mongodb-user
>

 

2、安装leanote

官网 http://leanote.org/

下载leanote http://pan.baidu.com/s/1nt7mONB

解压

导入leanote数据
mongorestore -h 127.0.0.1 --port 59983 -d leanote --dir d:\leanote\mongodb_backup\leanote_install_data

    导入成功的数据已经包含2个用户

    user1 username: admin, password: abc123 (管理员, 只有该用户可以管理后台) 
    user2 username: [email protected], password: [email protected] (仅供体验使用)

添加mongo数据库用户,使用mongoVUE或者命令行
leanote
OhyesGo4Mo

db.createUser({
    user: 'leanote',
    pwd: 'Oh',
    roles: [{role: 'dbOwner', db: 'leanote'}]
});

最后
d:\leanote\bin>run.bat
listen 9000

即运行成功

 

 

3、nginx反代及401 Basic认证配置

 

修改nginx配置

    server {
        listen       80;
        server_name  tra.cker.in ;

        location / {

             proxy_redirect off ;
             #proxy_set_header Host $host;
             proxy_set_header X-Real-IP $remote_addr;
             proxy_set_header REMOTE-HOST $remote_addr;
             proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
             client_max_body_size 50m;
             client_body_buffer_size 256k;
             proxy_connect_timeout 30;
             proxy_send_timeout 30;
             proxy_read_timeout 60;
             proxy_buffer_size 256k;
             proxy_buffers 4 256k;
             proxy_busy_buffers_size 256k;
             proxy_temp_file_write_size 256k;
             proxy_next_upstream error timeout invalid_header http_500 http_503 http_404;
             proxy_max_temp_file_size 128m;
            proxy_pass    http://127.0.0.1:9000;
            proxy_set_header Host "godblind.xicp.net";

            auth_basic            "Auth Restricted";
            auth_basic_user_file  webpass;        }
        }

 

 

webpass文件放在nginx\conf\目录下,存储的是htpasswd加密的用户密文,

htpasswd -dmbc webpass 用户名 密码。

2014 新增热门软件排行榜 TOP 100(开源中国)

作者:Secer 发布时间:January 31, 2015 分类:精品软件

2014 过去了,在这一年里,OSC 总共收录了 5448 款开源软件,其中包括 1502 个国人开发的开源软件。从这些数据可以看出,国内的开源气氛越来越好,国内的开源正在蓬勃发展!

这里,在开源中国 2014 年最新收录的软件基础上,我们根据该软件的访问、收藏、交流分享和项目本身的更新频度等诸多角度角度,从而得出前 100 名最受欢迎的开源软件,仅供参考。希望以下列表能给大家一些启示和帮助,欢迎大家在评论中分享你的看法和想法~

1. Amaze UI

Amaze UI 是中国首个开源 HTML5 跨屏前端框架。Amaze UI 是一个轻量级、Mobile first的前端框架, 基于开源社区流行前端框架编写。作者:@云适配

2. CrossApp

CrossApp 是一款完全开源、免费、跨平台的移动应用开发引擎 。CrossApp 采用 C++ 开发(即将支持 JS 和 Lua 编写),可直接导出 iOS 和 Android 原生应用,拥有高性能,多控件,开发速度快的优势。作者:@大鸡蛋

3. TeamTalk

TeamTalk 是由蘑菇街开发的开源即时通讯解决方案,适用于中小型企业,提供可靠的消息传递机制;支持文字、图片、语音等富文本信息;文件收发等。作者:@TeamTalk

4. ZUI

zui 是禅道项目管理软件团队在完善自己产品过程中形成的一个开源前端实践方案,帮助你快速构现代跨屏应用。简单美观,易于使用,快速构建简洁大方的现代web应用。作者:@春哥_禅道蝉知然之

5. WebCollector

WebCollector 是一个无须配置、便于二次开发的JAVA爬虫框架(内核),它提供精简的的API,只需少量代码即可实现一个功能强大的爬虫。作者:@CrawlScript

阅读剩余部分...

Kali Linux系列教程之OpenVas安装

作者:Secer 发布时间:August 20, 2014 分类:Linux笔记,精品软件

本文转载,http://www.xuanhun521.com/Blog/2014/8/19/kali-linux%E7%B3%BB%E5%88%97%E6%95%99%E7%A8%8B%E4%B9%8Bopenvas%E5%AE%89%E8%A3%85

文 /玄魂

目录

Kali Linux系列教程之OpenVas安装

前言

1、服务器层组件

2、客户层组件

安装过程

Initial setup

初始管理员密码

从浏览器访问后台

更新数据

管理用户

扫描器配置信息查看

修复安装错误

创建证书

更新 NVT

客户端证书错误

前言

OpenVAS是一款开放式的漏洞评估工具,主要用来检测目标网络或主机的安全性。与安全焦点的X-Scan工具类似,OpenVAS系统也采用了Nessus较早版本的一些开放插件。OpenVAS能够基于C/S(客户端/服务器),B/S(浏览器/服务器)架构进行工作,管理员通过浏览器或者专用客户端程序来下达扫描任务,服务器端负载授权,执行扫描操作并提供扫描结果。

一套完整的OpenVAS系统包括服务器端,客户端的多个组件。

1、 服务器层组件

openvas-scanner(扫描器):负责调用各种漏洞检测插件,完成实际的扫描操作。

openvas-manager(管理器):负责分配扫描任务,并根据扫描结果生产评估报告。

openvas-administrator(管理者):负责管理配置信息,用户授权等相关工作。

2、客户层组件

openvas-cli(命令行接口):负责提供从命令行访问OpenVAS服务层程序。

greenbone-security-assistant(安装助手):负责提供访问OpenVAS服务层的web接口,便于通过浏览器来执行扫描任务,是使用最简便的客户层组件。

Greenbone-Desktop-Suite(桌面套件):负责提供访问OpenVAS服务层的图形程序界面,主要允许在Windows客户机中。

除了上述各工作组件以外,还有一个核心环节,那就是漏洞测试插件更新。OpenVAS系统的插件来源有两个途径,一、官方提供的NVT免费插件,二、Greenbone Sec公司提供的商业插件。

本文主要介绍如何在kali Linux下对openvas 的初始安装。

安装过程

从kali 的应用菜单中找到openvas。

clip_image001

为确保过程顺利,我们先执行openvas-stop。如果已经启动服务,会出现下面的界面:

clip_image002

Initial setup

如下图,找到openvas-initial-setup,打开进行初始安装过程。

clip_image003

开始安装。

如果出现需要合并NVT的选项,选择y。

clip_image004

接下来可能会连接到网络下载NVT资源,可能需要等待一段时间。

clip_image005

如果网络环境不好可能会报错,但是不影响继续安装,安装之后我们可以继续更新NVT。

clip_image006

初始管理员密码

安装过程的最后,会提示输入管理员密码,默认的管理员是admin。

clip_image007

阅读剩余部分...