Unverified Commit eaf76d2d authored by Gabriel Engel's avatar Gabriel Engel
Browse files

Restructuring into Directories

parent 35aa697c
# Contributing
First of all, thanks! It's really awesome that you're interested in contributing to Rocket Chat. If this is the first Open Source project you will contribute to, it'd be cool if you read GitHub's excellent guide ["Contributing to Open Source"](https://guides.github.com/activities/contributing-to-open-source/).
## Getting Started
First of all, thanks! It's really awesome that you're interested in contributing to Rocket Chat. If this is the first Open Source project you will contribute to, it'd be cool if you read GitHub's excellent guide ["Contributing to Open Source"](https://guides.github.com/activities/contributing-to-open-source/).
## Getting Started
You can find Rocket.Chat repositories [here](https://github.com/RocketChat). If you see some issue you are willing to work on, just comment on it. We will add an [In Progress label](https://github.com/RocketChat/Rocket.Chat/labels/stat%3A%20in%20progress), and that's it! Want a simple task to get you started? [We maintain a list of those](https://github.com/RocketChat/Rocket.Chat/labels/contrib%3A%20easy)!
**You don't have to write code to contribute!**
We are always looking for help with creating or updating documentation, testing our apps (web, desktop and mobile) and reporting bugs.
**You don't have to write code to contribute!**
We are always looking for help with creating or updating documentation, testing our apps (web, desktop and mobile) and reporting bugs.
**Submitting Pull Requests**
**Submitting Pull Requests**
For contributions to code or documentation, you can fork the material, apply your contribution, and submit a [Pull Request](https://help.github.com/articles/using-pull-requests/).
**Submitting Bug Reports**
We appreciate any & all bug reports! Did you find a bug? Reporting is easy! Simply open an [Issue](https://github.com/RocketChat/Rocket.Chat/issues) in the applicable repository.
**Submitting Bug Reports**
We appreciate any & all bug reports! Did you find a bug? Reporting is easy! Simply open an [Issue](https://github.com/RocketChat/Rocket.Chat/issues) in the applicable repository.
Here are some suggested things to include, when applicable, which may help us troubleshoot a problem:
* Operating System / Version / Architecture (64 bit?)
* Browser type & Version (if web app), any browser add-ons which may be involved (e.g. AdBlocker, NoScript, etc.)
* Desktop Environment (if desktop app) / Version
* Desktop Environment (if desktop app) / Version
* Rocket.Chat edition / Version or [build number](/2. Getting%20Support)
* Expected behavior vs. Actual behavior (In other words, the "bug")
* Can it be reproduced? If yes, how?
......@@ -25,9 +30,10 @@ Here are some suggested things to include, when applicable, which may help us tr
* Screen shots if helpful to communicate the problem
## Rocket.Chat At-A-Glance
* [issues](https://github.com/RocketChat/Rocket.Chat/issues) categorize bug reports.
* [labels](https://github.com/RocketChat/Rocket.Chat/labels) organize what we're doing.
* [issues](https://github.com/RocketChat/Rocket.Chat/issues) categorize bug reports.
* [labels](https://github.com/RocketChat/Rocket.Chat/labels) organize what we're doing.
* [milestones](https://github.com/RocketChat/Rocket.Chat/milestones) control priority.
## Need Priority Features or Bug fixes?
You can place a bounty on an issue you care about: https://www.bountysource.com/teams/rocketchat
\ No newline at end of file
## Need Priority Features or Bug fixes?
You can place a bounty on an issue you care about: https://www.bountysource.com/teams/rocketchat
# Help promote Rocket.Chat
# Promoting
Help promote Rocket.Chat
If you are not a developer (or even if you are), you can still contribute to the project, a lot, by helping us promote it. As we are a free open source project, the community is our most important asset, so here are some ways that you can help the project continue to grow.
......@@ -44,4 +46,4 @@ Here are some nice blog posts about our project for you to get some inspiration:
* http://slides.com/gabrielengel/meteordevshop#/
## Deployed in Websites
* Investment and Trading Chat Room http://seekingoptions.com
\ No newline at end of file
* Investment and Trading Chat Room http://seekingoptions.com
......@@ -8,4 +8,8 @@ If you are a blogger or news writer, please [promote us](/1.%20How%20can%20I%20h
If you have found a security issue, [report it](/1.%20How%20can%20I%20help%2FReporting%20Security%20Issues.md) so we can make Rocket.Chat better and more secure for everyone.
If you want to help with documentation in this project, please visit [Rocket.Chat.Docs](https://github.com/RocketChat/Rocket.Chat.Docs).
\ No newline at end of file
If you want to help with documentation in this project, please visit [Rocket.Chat.Docs](https://github.com/RocketChat/Rocket.Chat.Docs).
## Code of Conduct
This project adheres to the [Contributor Covenant](http://contributor-covenant.org) code of conduct. By participating, you are expected to uphold this code. Please report unacceptable behavior to team@rocket.chat
# Contributing
First of all, thanks! It's really awesome that you're interested in contributing to Rocket Chat. If this is the first Open Source project you will contribute to, it'd be cool if you read GitHub's excellent guide ["Contributing to Open Source"](https://guides.github.com/activities/contributing-to-open-source/).
## Getting Started
You can find Rocket.Chat repositories [here](https://github.com/RocketChat). If you see some issue you are willing to work on, just comment on it. We will add an [In Progress label](https://github.com/RocketChat/Rocket.Chat/labels/stat%3A%20in%20progress), and that's it! Want a simple task to get you started? [We maintain a list of those](https://github.com/RocketChat/Rocket.Chat/labels/contrib%3A%20easy)!
**You don't have to write code to contribute!**
We are always looking for help with creating or updating documentation, testing our apps (web, desktop and mobile) and reporting bugs.
**Submitting Pull Requests**
For contributions to code or documentation, you can fork the material, apply your contribution, and submit a [Pull Request](https://help.github.com/articles/using-pull-requests/).
**Submitting Bug Reports**
We appreciate any & all bug reports! Did you find a bug? Reporting is easy! Simply open an [Issue](https://github.com/RocketChat/Rocket.Chat/issues) in the applicable repository.
Here are some suggested things to include, when applicable, which may help us troubleshoot a problem:
* Operating System / Version / Architecture (64 bit?)
* Browser type & Version (if web app), any browser add-ons which may be involved (e.g. AdBlocker, NoScript, etc.)
* Desktop Environment (if desktop app) / Version
* Rocket.Chat edition / Version or [build number](/2. Getting%20Support)
* Expected behavior vs. Actual behavior (In other words, the "bug")
* Can it be reproduced? If yes, how?
* Relevant snippets from your error logs
* Screen shots if helpful to communicate the problem
## Rocket.Chat At-A-Glance
* [issues](https://github.com/RocketChat/Rocket.Chat/issues) categorize bug reports.
* [labels](https://github.com/RocketChat/Rocket.Chat/labels) organize what we're doing.
* [milestones](https://github.com/RocketChat/Rocket.Chat/milestones) control priority.
## Need Priority Features or Bug fixes?
You can place a bounty on an issue you care about: https://www.bountysource.com/teams/rocketchat
# Security
First of all, thanks in advance for taking the time and effort to help us improve the security of Rocket.Chat! We are committed to delivering an awesome and secure chat solution for, and aided by, our community.
Given the nature of Chat, we understand each person using Rocket.Chat has some expectation about their data being secure and private. It's clear how important this is to everyone, and we work to the best of our abilities to ensure your expectations are met.
## If you find a Security Issue
> __Please email the details to Rocket.Chat's security team at [security@rocket.chat](security@rocket.chat)__
Our security team will respond to confirm receipt of your message, review and plan the mitigation of the issue appropriately, as well as set a timeline for a new release or patch.
......@@ -18,6 +20,7 @@ We follow responsible disclosure and will credit researchers when a security iss
- We will not bring any lawsuit or begin law enforcement investigation into you if you follow these parameters.
## What details should you include when reporting a Security Issue
Please provide as many relevant details as you can. In particular:
- What versions of software are involved
......@@ -25,6 +28,7 @@ Please provide as many relevant details as you can. In particular:
- Any patches or steps to mitigate the problem
## WhiteHat Hall-of-Fame
Rocket.Chat is very grateful for the following people who have responsibly disclosed vulnerabilities to us:
- [Matt Austin](http://m-austin.com), October/2015.
......@@ -33,4 +37,4 @@ Rocket.Chat is very grateful for the following people who have responsibly discl
- [Dennis Brakhane](https://inoio.de), February/2016.
- [Jeandre Le Roux](http://theblazehen.com), April/2016.
Thank you all very much!
\ No newline at end of file
Thank you all very much!
# Deploying Rocket.Chat to Amazon Web Services
This guide covers the following:
1. Hosting rocket.chat on an Amazon EC2 instance
2. Hosting a domain name with Amazon Route 53
3. Securing your server with a free SSL certificate from Let's Encrypt
### Table of Contents
[1. Launch an EC2 Instance](#1-launch-an-ec2-instance)
[2. Allocate an Elastic IP](#2-allocate-an-elastic-ip)
[3. Configure DNS with AWS Route 53](#3-configure-dns-w-aws-route-53)
[4. Get an SSL Certificate from Let's Encrypt](#4-get-an-ssl-certificate-from-lets-encrypt)
[5. Configure Nginx with TLS/SSL](#5-configure-nginx-web-server-with-tlsssl)
[6. Install Docker & Docker Compose](#6-install-docker--docker-compose)
[7. Set up Docker Containers](#7-set-up-docker-containers)
[8. Automatic start with Upstart](#8-automatic-start--restarting-with-upstart)
[9. Reboot & Test](#9-reboot--test)
[10. Use it!](#10-use-it)
### 1. Launch an EC2 instance.
#### In AWS Services, go to **EC2**, **Instances**, and **Launch Instance**
1. Choose an AMI
* Select **Ubuntu Server 14.04 LTS** AMI
2. Choose an Instance Type
* Select Type: **t2.micro** and click **Next**
3. Configure Instance Details
* Leave as defaults or change if needed and click **Next**
4. Add Storage
* Adjust the size, or add a second encrypted volume if needed and click **Next**
5. Tag Instance
* Add a Value to the **Name** Key and click **Next**
6. Configure Security group
* Create a new Security group if you would like to restrict traffic to a certain IP address range. **Note: If you will be using letsencrypt in Step 4 to get an SSL certificate, you will need to allow traffic to the server on port 80 until your certificate is created. After this, you may remove that security group and restrict access to a specific IP range.**
7. Review Instance Launch
* Click **Launch**
8. Key Pairs
* Choose an existing key pair or create a new one and **Launch Instance**
### 2. Allocate an Elastic IP
#### In AWS Services, go to **EC2** and **Elastic IPs**
1. Select **Allocate New Address**
2. Search for your instance, and click **Associate**
3. In the details below, copy the **Public DNS** value. You will need it in the DNS step. (It should be in this format: ec2-11-222-33-44.us-west-2.compute.amazonaws.com)
### 3. Configure DNS w/ AWS Route 53
#### In AWS Services, go to **Route 53**
* **Create Hosted Zone**
* Enter Domain Name and select Type: **Public Hosted Zone**, then **Create**
* Select your new Hosted Zone and **Create Record Set**
* Enter the subdomain (if desired), select Type **CNAME**, enter the Public DNS name from the above step to the value field and click **Create**
### 4. Get an SSL certificate from Let's Encrypt
#### We will use **letsencrypt** to get a free & open-source SSL certificate
1. SSH to your instance
`ssh -i <path_to_key_file.pem> ubuntu@<public_ip_address>`
Note: You may replace <public_ip_address> with domain name if your DNS has resolved.
2. Clone the **letsencrypt** repository from github. (If it is available via a package manager, you may use that).
`sudo git clone https://github.com/letsencrypt/letsencrypt /opt/letsencrypt`
This will copy the **letsencypt** repository to `/opt/letsencrypt`
3. Confirm no applications are listening to port 80:
`netstat -na | grep ':80.*LISTEN'`
If any processes are returned, kill them.
4. Get Certificate from Let's Encrypt
Change to Let's Encrypt repository location
`cd /opt/letsencrypt`
Run the Standalone plugin. (This will open a web server listening on port 80 to validate the server).
```
./letsencrypt-auto certonly --standalone --email <emailaddress@email.com> -d <domain.com> -d <subdomain.domain.com>
```
Note: Second (or more) domain is optional.
5. If you would like to restrict traffic to your instance on AWS, you may now restrict the security groups. Make sure you allow **TCP/22** from your current location for the SSH connection, as well as **TCP/443** from the location you wish to use to access from.
6. Check for certificates and keys
The following files will be created in `/etc/letsencrypt/archive` with symbolic links placed in `/etc/letsencrypt/live/<domain.com>`
* **cert.pem** - domain certificate
* **chain.pem** - Let's Encrypt chain certificate
* **fullchain.pem** - both the above certs (This will be your **certificate file**)
* **privkey.pem** - certificate's private key (This will be your **certificate key file**).
Confirm by listing the following directory
`sudo ls /etc/letsencrypt/live/<domain.com>`
### 5. Configure Nginx web server with TLS/SSL
1. Install Nginx web server.
`sudo apt-get install nginx`
2. Edit the Nginx configuration file.
* Backup the default config file for reference:
`cd /etc/nginx/sites-available`
`sudo mv default default.reference`
* Create a new file with the following contents. Replace <ABC.DOMAIN.COM> with your domain (it appears 4 times below). Make sure to update it in the path to your key files as well.
`sudo nano /etc/nginx/sites-available/default`
```
server {
listen 443 ssl;
server_name <ABC.DOMAIN.COM>;
ssl_certificate /etc/letsencrypt/live/<ABC.DOMAIN.COM>/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/<ABC.DOMAIN.COM>/privkey.pem;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_prefer_server_ciphers on;
ssl_ciphers 'EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH';
root /usr/share/nginx/html;
index index.html index.htm;
# Make site accessible from http://localhost/
server_name localhost;
location / {
proxy_pass http://<ABC.DOMAIN.COM>:3000/;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_set_header Host $http_host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forward-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forward-Proto http;
proxy_set_header X-Nginx-Proxy true;
proxy_redirect off;
}
}
server {
listen 80;
server_name <domain.com>;
return 301 https://$host$request_uri;
}
```
* Explanation: remove the listen to port 80 by default and replace with port 443 ssl as well as giving the path to the certificate. Restrict to certain SSL protocols and ciphers (you may add more if you like). In the location section, use Nginx as a proxy to forward to port 3000 (where rocketchat is set up. Create a second server block listening on port 80 that will redirect to https."
* Write & exit
* Stop Nginx:
`sudo service nginx stop`
* Test starting Nginx to make sure there are no syntax errors in your configuration file. If there are errors in your file, it will give you a clue as to the issue.
`sudo nginx -t`
* If the syntax test is successful, Start Nginx:
`sudo service nginx start`
* Confirm that it is running properly by opening a web browser and going to your domain name. You will get a page stating **502 Bad Gateway** This is expected. Look above, next to the domain name, you should see a lock icon. If you click this, you should be able to see the certificates, where your browser will verify that Let's Encrypt Authority X1 issued this website's certificate, as well as a report of which cipher is being used.
* Note: The certificate will expire in 90 days
* ** TODO: Add script for auto-renewal of certificate.
### 6. Install Docker & Docker Compose
1. SSH to your instance
`ssh -i <path_to_key_file.pem> ubuntu@<public_ip_address>`
Note: You may replace <public_ip_address> with domain name if your DNS has resolved.
2. Install Docker (and any dependencies)
`sudo wget -qO- https://get.docker.com/ | sh`
3. Add ubuntu user to docker group to use Docker as a non-root user.
`sudo usermod -aG docker ubuntu`
4. Install Docker Compose:
`sudo -i`
`curl -L https://github.com/docker/compose/releases/download/1.4.2/docker-compose-Linux-x86_64 > /usr/local/bin/docker-compose`
`chmod +x /usr/local/bin/docker-compose`
`exit`
5. Logout, and log back in again.
`exit`
6. SSH to your instance again following the directions above
### 7. Set up Docker Containers
1. Create local directories
`sudo mkdir -p /var/www/rocket.chat/data/runtime/db`
`sudo mkdir -p /var/www/rocket.chat/data/dump`
2. Create docker-compose.yml, **replacing the ROOT_URL of ABC.DOMAIN.COM with your site**
`sudo nano /var/www/rocket.chat/docker-compose.yml`
```
db:
image: mongo
volumes:
- ./data/runtime/db:/data/db
- ./data/dump:/dump
command: mongod --smallfiles
rocketchat:
image: rocketchat/rocket.chat:latest
environment:
- MONGO_URL=mongodb://db:27017/rocketchat
- ROOT_URL=https://<ABC.DOMAIN.COM>
links:
- db:db
ports:
- 3000:3000
```
* Write & Exit
### 8. Automatic start & restarting with Upstart
1. Create upstart job for MongoDB
`sudo nano /etc/init/rocketchat_mongo.conf`
```
description "MongoDB service manager for rocketchat"
# Start MongoDB after docker is running
start on (started docker)
stop on runlevel [!2345]
# Automatically Respawn with finite limits
respawn
respawn limit 99 5
# Path to our app
chdir /var/www/rocket.chat
script
# Showtime
exec /usr/local/bin/docker-compose up db
end script
```
2. Save and Exit.
3. Create the upstart job for Rocketchat
`sudo nano /etc/init/rocketchat_app.conf`
```
description "Rocketchat service manager"
# Start Rocketchat only after mongo job is running
start on (started rocketchat_mongo)
stop on runlevel [!2345]
# Automatically Respawn with finite limits
respawn
respawn limit 99 5
# Path to our app
chdir /var/www/rocket.chat
script
# Bring up rocketchat app
exec /usr/local/bin/docker-compose up rocketchat
end script
```
### 9. Reboot & Test
1. Restart
`sudo reboot`
2. Wait a minute or so and login with SSH again
`ssh -i <path_to_key_file.pem> ubuntu@<public_ip_address>`
3. Check status of docker
`sudo docker ps -a`
* When it's up and running, you should see 2 images, one for rocket.chat and one for mongo.
* If you don't see the containers yet, don't panic. It may take a few minutes to download and setup the containers. If you still don't see the images listed with the above `docker` command, check the logs of your upstart jobs.
`sudo cat /var/log/upstart/rocketchat_mongo.log`
`sudo cat /var/log/upstart/rocketchat_app.log`
* While the services are starting and downloading, the end of the logs (particularly rocketchat_app.log) will likely show the status of Download/Extract/Pull. If there are other errors, you will likely see this information in the log.
### 10. Use it!
1. Login to your site at https://ABC.DOMAIN.COM
* Note: the first user to login will be an administrator
2. You can then use the native apps to connect to your rocketchat server.
{
"project": "rocketchat",
"services": [{
"id": "frontend",
"apps": [{
"id": "rocket",
"domain": {
"type": "HTTP",
"uri": "$URI"
},
"mem": 512,
"image": "rocketchat/rocket.chat",
"instances": 1,
"port_mappings": [{
"container_port": 80
}],
"env": {
"MONGO_URL": "mongodb://mongodb.backend.rocketchat.$USERNAME/rocketchat",
"ROOT_URL": "http://$URI"
},
"dependencies": [
"../../backend/mongodb"
]
}]
}, {
"id": "backend",
"apps": [{
"id": "mongodb",
"mem": 512,
"image": "mongo",
"instances": 1,
"volumes": [{
"container_path": "/data/db",
"mode": "RW",
"size": "4000MB"
}]
}]
}]
}
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment