@@ -43,9 +43,9 @@ These settings are related to the Iframe Integration, please se the [Iframe inte
- __Use Default Blocked Domains List__: Will block the email domains listed on this [file](https://github.com/RocketChat/Rocket.Chat/blob/develop/packages/rocketchat-lib/server/lib/defaultBlockedDomainsList.js)
- __Use DNS Domain Check__: When this is set to true, users wont be able to register with invalid domains.
- __Registration Form__: This will change how the registration form is presented. Currently there are 3 options:
- Public: The form will be public and anyone will be able to access;
- Disabled: The form will be disable and users wont be able to register through it;
- Secret URL: The form will be only accessible using a specific URL;
- Public: The form will be public and anyone will be able to access;
- Disabled: The form will be disable and users wont be able to register through it;
- Secret URL: The form will be only accessible using a specific URL;
- __Registration Form Secret URL__: String to be added to the secret URL. Is recommended to use a random string for that. Example: `https://open.rocket.chat/register/[secret_hash]`.
- __Registration Form Link Replacement Text__: Text to be shown in place of the registration form when the registration form is disabled.
- __Registration with Authentication Services__: Set this to true to allow registration with third party authentication services like Google or Twitter.
Central Authentication Service (CAS) allows users to use one set of credentials to sign into many sites. Rocket.Chat comes preloaded with an easy to use method of integrating with an existing CAS server.
Central Authentication Service (CAS) allows users to use one set of credentials to sign into many sites. Rocket.Chat comes preloaded with an easy to use method of integrating with an existing CAS server.
## Setup
These settings are in the `CAS` setting page under `Administration`.
NOTE: CAS by ja-sig requires ssl/tls for all connections.
* SSO Base URL: `https://<<CAS_website_url>>/cas`
- SSO Base URL: `https://<<CAS_website_url>>/cas`
The SSO base URL should point to the url of the CAS service, if in doubt navigate to the CAS service and remove 'login' (if present) from the end of the url.
@@ -48,6 +52,7 @@ When you enable LDAP the login form will login users via LDAP instead the intern
### LDAPS - SSL Connection
Use stunnel to create a secure connection to the LDAP server. Create a new configuration file /etc/stunnel/ldaps.conf with following content:
```.ini
options = NO_SSLv2
...
...
@@ -56,15 +61,18 @@ client = yes
accept = 389
connect = your_ldap_server.com:636
```
To enable Stunnel automatic startup change the ``ENABLED`` variable in /etc/default/stunnel4 to ``1``:
```.sh
# Change to one to enable stunnel automatic startup
ENABLED=1
```
Finally on the Rocket.Chat server under /admin/LDAP set
* LDAP_Url = localhost
* LDAP_Port = 389
- LDAP_Url = localhost
- LDAP_Port = 389
## Work in Progress
...
...
@@ -73,8 +81,9 @@ We're not experts on LDAP, so there might be lots of features we don't know abou
## Troubleshooting
### I cannot login even everything looks good
If you cannot login without getting any error messages (the last thing in log you see is `Attempt to bind <correct dn of user>`), make sure the username of your ldap account does not match any username of a local account. For example if you created a local user with username `joe`, then enable ldap and try to login with username `joe` (who exists on your ldap server), it will silently fail without any error message in your log simply saying username or password do not match. You cannot login with `joe` by your ldap password nor by your local password any more.
## References
MS LDAP Info: https://msdn.microsoft.com/en-us/library/windows/desktop/aa746475(v=vs.85).aspx
MS LDAP Info: <https://msdn.microsoft.com/en-us/library/windows/desktop/aa746475(v=vs.85).aspx>
Go to your [Application Settings](https://github.com/settings/applications), and under the "Developer applications" tab, click the "Register new application" button. Fill in the form, taking care to make sure you use the correct callback url. _**Note: If your callback url is wrong, GitHub will not display an error, instead you will fail to log in with a "No matching login attempt found." error.**_
...
...
@@ -20,15 +20,15 @@ Go to your [Application Settings](https://github.com/settings/applications), and
Go to the [Google Developer Console](https://console.developers.google.com) and create a new project. Setup your project by creating an "OAuth 2.0 client ID" (under "APIs & auth" and "Credentials"). After that, make sure you setup a "Product name" in the OAuth consent screen.
This is the unique name for your application as a Service Provider (SP) for SAML. Whatever you enter here will produce a metadata XML file you will need in order to populate the metadata your IdP (Identity Provider) requires. For example, if you put 'my-app', then your metadata will be at:
@@ -14,22 +14,21 @@ This is the URL provided by your IdP for logging in. In SAML-terminology, the is
### IDP SLO Redirect URL
This is the URL provided by your IdP for logging out. In SAML-terminology, the is the location (URL) of the SingleSignOnService with the Redirect binding (urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect).
This is the URL provided by your IdP for logging out. In SAML-terminology, the is the location (URL) of the SingleSignOnService with the Redirect binding (urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect).
### Custom Issuer (SP entityID)
The URI that is the unique identifier of your service. By convention, this is also URL of your (unedited) metadata, again, where you set Custom Provider to 'my-app' this will be:
This is the idp providers public certificate that is used to verify the SAML requests. Format for this is PEM without BEGIN CERTIFICATE and END CERTIFICATE
### Public Cert Contents (SP Signing Certificate)
The public part of the self-signed certificate you created for encrypting your SAML transactions. [Example of self-signed certificate on the SimpleSAMLphp website here.](https://simplesamlphp.org/docs/stable/simplesamlphp-sp#section_1_1)
The public part of the self-signed certificate you created for encrypting your SAML transactions. [Example of self-signed certificate on the SimpleSAMLphp website here.](https://simplesamlphp.org/docs/stable/simplesamlphp-sp#section_1_1)
### Private Key Contents (SP Signing Private Key)
...
...
@@ -37,13 +36,13 @@ The private key matching the self-signed certificate you created as PKCS#1 PEM.
### SAML assertion
You will have to send email field in your assertion or it will not work. If the email matches existing user it will overwrite the users username with username value if that is in your assertion.
You will have to send email field in your assertion or it will not work. If the email matches existing user it will overwrite the users username with username value if that is in your assertion.
## SimpleSAMLphp IdP Configuration
As a popular open source IdP, SimpleSAMLphp can be used to provide an authentication endpoint for Rocket.Chat and the built in SAML support. Assuming you have a SimpleSAMLphp IdP up and running - [quickstart intructions here](https://simplesamlphp.org/docs/stable/simplesamlphp-idp) - you can find the metadata for the Rocket.Chat SAML Service Provider (SP) here, where 'my-app' is whatever you put in the 'Custom Provider' box in the Rocket.Chat SAML admin page:
Copy the XML on this page, open the metadata converter page in your SimpleSAMLphp admin UI (which you'll find at `/admin/metadata-converter.php`), paste the XML and submit.
...
...
@@ -52,6 +51,7 @@ Copy the resulting PHP output to the file in your SimpleSAMLphp installation und
You should now see your SP on the SimpleSAMLphp Federation page, listed as a trusted SAML 2.0 SP at: `module.php/core/frontpage_federation.php`
## IdP Attribute Mapping
The following attribute are required when returning the user information to Rocket Chat:
Minio is an object storage server built for cloud applications and DevOps. Minio is S3 compatible and provides an open source
alternative to AWS S3. You can [download and install](https://minio.io/downloads) Minio pretty quickly. Minio also provides [official Docker image](https://hub.docker.com/r/minio/minio/). For further details, check out [Minio documentation website](https://docs.minio.io/).
### AccessKey and SecretKey
## AccessKey and SecretKey
Once you install and deploy Minio server, you can get the AccessKey and SecretKey from the startup message.
Once you install and deploy Minio server, you can get the AccessKey and SecretKey from the startup message.
@@ -29,9 +31,11 @@ Once you install and deploy Minio server, you can get the AccessKey and SecretKe
2017-01-24T19:53:21.142027614Z
2017-01-24T19:53:21.142030994Z Drive Capacity: 262 GiB Free, 303 GiB Total
```
To override Minio's auto-generated keys, you may pass secret and access keys explicitly as environment variables. Explained [here](https://docs.minio.io/docs/minio-docker-quickstart-guide)
### Setup Rocket.Chat to use Minio
## Setup Rocket.Chat to use Minio
To setup Minio as the file storage server in Rocket.Chat, go to `File Uploads` section under `administration`, then set `Storage Type: GridFS (default)` to `AmazonS3`. Next, access the AmazonS3 menu and update the following details:
| Configuration Name | Description |
...
...
@@ -40,12 +44,12 @@ To setup Minio as the file storage server in Rocket.Chat, go to `File Uploads` s
| Signature Version | v2 (This may not be needed if using ssl) |
| Force Path Style | true (this may not be needed if using ssl) |
| URLs expiration time | 0 (if you want that your files don't have an expiry date) |
### Production setup
## Production setup
In production you can use a reverse proxy with Minio server. Check out the documentation for [Nginx](https://docs.minio.io/docs/setup-nginx-proxy-with-minio#main), [Apache](https://docs.minio.io/docs/setup-apache-http-proxy-with-minio-server) and [Apache2](https://www.digitalocean.com/community/tutorials/how-to-use-apache-http-server-as-reverse-proxy-using-mod_proxy-extension).
We have a couple of ways for you to get up and started with the hubot:
*[Docker](#Docker)
*[Manual](#Manual)
-[Docker](#Docker)
-[Manual](#Manual)
## Docker
...
...
@@ -11,31 +11,31 @@ You can quickly spin up a docker image with:
```
docker run -it -e ROCKETCHAT_URL=<your rocketchat instance>:<port> \
-e ROCKETCHAT_ROOM='' \
-e LISTEN_ON_ALL_PUBLIC=true \
-e ROCKETCHAT_USER=bot \
-e ROCKETCHAT_PASSWORD=bot \
-e ROCKETCHAT_AUTH=password \
-e BOT_NAME=bot \
-e EXTERNAL_SCRIPTS=hubot-pugme,hubot-help \
rocketchat/hubot-rocketchat
-e ROCKETCHAT_ROOM='' \
-e LISTEN_ON_ALL_PUBLIC=true \
-e ROCKETCHAT_USER=bot \
-e ROCKETCHAT_PASSWORD=bot \
-e ROCKETCHAT_AUTH=password \
-e BOT_NAME=bot \
-e EXTERNAL_SCRIPTS=hubot-pugme,hubot-help \
rocketchat/hubot-rocketchat
```
#### Custom Scripts
### Custom Scripts
If you want to include your own custom scripts you can by doing:
```
docker run -it -e ROCKETCHAT_URL=<your rocketchat instance>:<port> \
-e ROCKETCHAT_ROOM='' \
-e LISTEN_ON_ALL_PUBLIC=true \
-e ROCKETCHAT_USER=bot \
-e ROCKETCHAT_PASSWORD=bot \
-e ROCKETCHAT_AUTH=password \
-e BOT_NAME=bot \
-e EXTERNAL_SCRIPTS=hubot-pugme,hubot-help \
-v $PWD/scripts:/home/hubot/scripts \
rocketchat/hubot-rocketchat
-e ROCKETCHAT_ROOM='' \
-e LISTEN_ON_ALL_PUBLIC=true \
-e ROCKETCHAT_USER=bot \
-e ROCKETCHAT_PASSWORD=bot \
-e ROCKETCHAT_AUTH=password \
-e BOT_NAME=bot \
-e EXTERNAL_SCRIPTS=hubot-pugme,hubot-help \
-v $PWD/scripts:/home/hubot/scripts \
rocketchat/hubot-rocketchat
```
### Docker-compose
...
...
@@ -64,7 +64,7 @@ hubot:
```
If you wish that your bot listen to all public rooms and all private rooms he is joined to let the env "ROCKETCHAT_ROOM" empty like in the example above and set the env "LISTEN_ON_ALL_PUBLIC" to true.
Please take attention to some external scripts that are in the example above, some of them need your Google-API-Key in the docker compose file.
### Manual
...
...
@@ -145,25 +145,31 @@ You will want to set the environment variable: `LISTEN_ON_ALL_PUBLIC` to true
** Note: This will also listen for commands in any private room that the bot has been added. But will only be able to do so after its added.
### Verify your bot is working
Try:
```
rocketbot ping
```
And:
```
rocketbot help
```
The example bot under `scripts` directory respeonds to:
The example bot under `scripts` directory responds to:
```
rocketbot report status
```
## Developers
If you're interested in helping expand the adapter please check out the repo: https://github.com/RocketChat/hubot-rocketchat
If you're interested in helping expand the adapter please check out the repo: <https://github.com/RocketChat/hubot-rocketchat>
### Additional details
#### Additional details
Look under the `scripts` directory, you will find a very basic bot there.
Just add your own script in the directory to have it loaded. If you are new to hubot script writing, find out more [here](https://hubot.github.com/docs/scripting/).
The CSV importer allows you to import your own plain text files, however it does require the zip file to be in a specific format for the importer to understand.
## The Zip File
The zip file must be a **flat zip**, which means there can **not** be a "root" or "sub" folder in which the items reside in the zip file. The importer looks for the files `channels.csv` and `users.csv` immediately inside the zip and not inside of any folder. If you have any questions about this, please ask in [#support channel on the Community server](https://open.rocket.chat/channel/support).
```
fileToImport.zip
├── channels.csv
...
...
@@ -23,12 +25,14 @@ fileToImport.zip
```
## channels.csv Format
The `channels.csv` requires a **very** specifc structure and layout. Each line contains information about one channel. Each line must include the channel name, the creator, whether it is private or public, and the members in the channel separated by a semicolon `;`. Quotes are ***required***.
The `channels.csv` requires a **very** specific structure and layout. Each line contains information about one channel. Each line must include the channel name, the creator, whether it is private or public, and the members in the channel separated by a semicolon `;`. Quotes are ***required***.
1. Channel name
2. Username of the channel creator
3. Whether the channel is public or private. If the last argument is not `private` it is assumed the channel is public.
4. List of users in the channel, separated by semicolons. If only the creator is in the channel, then there must be empty quotes.
```csv
"general","bradley.hilton","public",""
"otherChannelName","billy.bob","public",""
...
...
@@ -37,11 +41,13 @@ The `channels.csv` requires a **very** specifc structure and layout. Each line c
```
## users.csv Format
The `users.csv` is a file which contains the user details, each line containing a new user and the user details is:
The message csv files require a **very** specific format. Each line contains a new message, every piece of information is **requires** quotes to surround it, there can not be any spaces between the commas. The details required are:
1. Username who sent the message
2. The timestamp in milliseconds
3. The message, quotes are highly recommended especially if the message text contains a comma.
```csv
"bradley.hilton","1479162481336","this is a test message"
"billy.bob","1479162481654","this is a another message, a test message"
```
## Importing
Once you have that all set up and zipped, then you can start the import process.
1. Go to https://[your_rocketchat]/admin/import/prepare/csv
1. Go to <https://[your_rocketchat]/admin/import/prepare/csv>
2. Choose your `.zip` file and wait until Rocket.Chat can read it (it can take a few minutes, depending on the size of the file)
3. Deselect any items you **don't** want to import
4. At the top of the page, click on Start Importing
To import your current data from HipChat Enterprise into Rocket.Chat, please do the following.
## Export from HipChat Enterprise
This is a copy from the HipChat Enterprise Documentation:
1. Browse to the fully qualified domain name you've configured for your HipChat Server, for example `https://hipchat.yourcompany.com/`.
2. Log into the web user interface (UI) using your administrator email and password.
2. Log into the web user interface (UI) using your administrator email and password.
3. Click **Server admin > Export.**
4. To include files and one-to-one chat history in the export, select the check boxes.
5. In the **Password** and **Confirm Password** fields, create a password to protect your archive file. You're required to provide this password when you import your data into HipChat Server. We don't store this password, so be sure to remember it.
...
...
@@ -14,6 +15,7 @@ This is a copy from the HipChat Enterprise Documentation:
7. When you receive the email, click the link in the email to download the archive file.
## Import into Rocket.Chat
1. Decrypt the exported file: `openssl aes-256-cbc -d -in path_to_encrypted_file.tar.gz.aes -out path_to_decrypted_file.tar.gz -pass pass:your_password` See the table below for descriptions of the command line arguments.
2. Ensure the file generated is a `tar.gz` file, otherwise Rocket.Chat won't accept it.
3. Go to `https://[your_rocketchat]/admin/import/prepare/hipchatenterprise`
...
...
@@ -22,6 +24,7 @@ This is a copy from the HipChat Enterprise Documentation:
6. At the top of the page, click on **Start Importing**
### OpenSSL Command Arguments
| Argument | Notes |
| --- | --- |
| `aes-256-cbc` | This is the cipher to use to decrypt the file. |
