2016-12-07 02:34:41 +01:00
|
|
|
# Production Installation
|
2016-07-12 21:49:44 +02:00
|
|
|
|
2017-07-26 00:49:16 +02:00
|
|
|
Make sure you want to install a Zulip production server. If you'd
|
2016-12-07 02:34:41 +01:00
|
|
|
instead like to test or develop a new feature, we recommend the
|
|
|
|
[Zulip server development environment](dev-overview.html#requirements) instead.
|
|
|
|
|
|
|
|
You will need an Ubuntu system that satisfies
|
|
|
|
[the installation requirements](prod-requirements.html). In short,
|
2017-06-04 08:30:10 +02:00
|
|
|
you need:
|
2017-07-26 00:49:16 +02:00
|
|
|
* Either a dedicated machine, or a fresh VM on an existing machine.
|
|
|
|
* Ubuntu 14.04 Trusty or Ubuntu 16.04 Xenial, 64-bit.
|
2017-06-04 08:30:10 +02:00
|
|
|
* At least 2GB RAM and 10 GB disk space (4GB and 2 CPUs recommended for 100+ users).
|
|
|
|
* A DNS name, an SSL certificate, and credentials for sending email.
|
2016-07-28 01:38:02 +02:00
|
|
|
|
2016-08-25 06:04:01 +02:00
|
|
|
## Step 0: Subscribe
|
|
|
|
|
2017-07-26 00:49:16 +02:00
|
|
|
Please subscribe to the low-traffic [Zulip announcements Google
|
2016-08-25 06:04:01 +02:00
|
|
|
Group](https://groups.google.com/forum/#!forum/zulip-announce) to get
|
|
|
|
announcements about new releases, security issues, etc.
|
|
|
|
|
2016-07-28 01:38:02 +02:00
|
|
|
## Step 1: Install SSL Certificates
|
|
|
|
|
2017-07-26 00:49:16 +02:00
|
|
|
Zulip runs over `https` only, and requires SSL certificates in order to
|
2016-08-25 04:01:03 +02:00
|
|
|
work. It looks for the certificates in `/etc/ssl/private/zulip.key`
|
|
|
|
and `/etc/ssl/certs/zulip.combined-chain.crt`. Note that Zulip uses
|
|
|
|
`nginx` as its webserver and thus [expects a chained certificate
|
2017-07-26 00:49:16 +02:00
|
|
|
bundle](http://nginx.org/en/docs/http/configuring_https_servers.html).
|
2016-08-25 04:01:03 +02:00
|
|
|
|
2016-08-25 06:33:09 +02:00
|
|
|
If you need an SSL certificate, see [our SSL certificate
|
|
|
|
documentation](ssl-certificates.html). If you already have an SSL
|
2017-07-26 00:49:16 +02:00
|
|
|
certificate, just install (or symlink) it into place at the above
|
2016-08-25 06:33:09 +02:00
|
|
|
paths, and move on to the next step.
|
2016-07-28 01:38:02 +02:00
|
|
|
|
2016-08-25 06:36:07 +02:00
|
|
|
## Step 2: Download and install latest release
|
2016-07-28 01:38:02 +02:00
|
|
|
|
2016-08-25 06:36:07 +02:00
|
|
|
If you haven't already, download and unpack [the latest built server
|
2017-01-29 02:56:25 +01:00
|
|
|
tarball](https://www.zulip.org/dist/releases/zulip-server-latest.tar.gz)
|
2016-08-25 06:36:07 +02:00
|
|
|
with the following commands:
|
2016-07-28 01:38:02 +02:00
|
|
|
|
|
|
|
```
|
2016-08-25 06:36:07 +02:00
|
|
|
sudo -i # If not already root
|
2016-08-26 20:56:12 +02:00
|
|
|
cd /root
|
2017-01-29 02:56:25 +01:00
|
|
|
wget https://www.zulip.org/dist/releases/zulip-server-latest.tar.gz
|
2016-08-25 06:46:27 +02:00
|
|
|
rm -rf /root/zulip && mkdir /root/zulip
|
2016-08-25 06:33:30 +02:00
|
|
|
tar -xf zulip-server-latest.tar.gz --directory=/root/zulip --strip-components=1
|
2016-07-28 01:38:02 +02:00
|
|
|
```
|
|
|
|
|
2016-08-25 06:36:07 +02:00
|
|
|
Then, run the Zulip install script:
|
2016-07-28 01:38:02 +02:00
|
|
|
```
|
|
|
|
/root/zulip/scripts/setup/install
|
|
|
|
```
|
|
|
|
|
|
|
|
This may take a while to run, since it will install a large number of
|
2017-07-26 00:49:16 +02:00
|
|
|
dependencies. It also creates a `zulip` user, which will be used to run
|
2017-02-14 22:00:13 +01:00
|
|
|
the various Zulip servers.
|
2016-07-28 01:38:02 +02:00
|
|
|
|
2016-08-25 04:01:03 +02:00
|
|
|
The Zulip install script is designed to be idempotent, so if it fails,
|
|
|
|
you can just rerun it after correcting the issue that caused it to
|
|
|
|
fail. Also note that it automatically logs a transcript to
|
|
|
|
`/var/log/zulip/install.log`; please include a copy of that file in
|
|
|
|
any bug reports.
|
2016-07-28 01:38:02 +02:00
|
|
|
|
2016-08-25 06:36:07 +02:00
|
|
|
## Step 3: Configure Zulip
|
2016-07-28 01:38:02 +02:00
|
|
|
|
|
|
|
Configure the Zulip server instance by editing `/etc/zulip/settings.py` and
|
|
|
|
providing values for the mandatory settings, which are all found under the
|
|
|
|
heading `### MANDATORY SETTINGS`.
|
|
|
|
|
|
|
|
These settings include:
|
|
|
|
|
2017-02-22 06:15:11 +01:00
|
|
|
- `EXTERNAL_HOST`: the user-accessible Zulip domain name for your
|
2017-07-26 00:49:16 +02:00
|
|
|
Zulip installation (i.e., what users will type in their web
|
2017-02-16 23:03:14 +01:00
|
|
|
browser). This should of course match the DNS name you configured to
|
|
|
|
point to your server and for which you configured SSL certificates.
|
|
|
|
If you plan to use multiple domains, add the others to
|
2017-02-22 06:15:11 +01:00
|
|
|
`ALLOWED_HOSTS`.
|
|
|
|
|
|
|
|
- `ZULIP_ADMINISTRATOR`: the email address of the person or team
|
|
|
|
maintaining this installation and who will get support and error
|
|
|
|
emails.
|
2016-08-25 04:01:03 +02:00
|
|
|
|
2017-06-09 06:09:01 +02:00
|
|
|
- `EMAIL_*`:
|
2017-02-16 23:04:57 +01:00
|
|
|
credentials for an outgoing SMTP server so Zulip can send emails
|
|
|
|
when needed (don't forget to set `email_password` in the
|
2017-02-22 06:12:12 +01:00
|
|
|
`zulip-secrets.conf` file!). We highly recommend reading our
|
|
|
|
[production email docs](prod-email.html) and following the test
|
2017-07-26 00:49:16 +02:00
|
|
|
procedure discussed there to make sure you've set up outgoing email
|
2017-02-22 06:12:12 +01:00
|
|
|
correctly, since outgoing email is the most common configuration
|
2017-07-26 00:49:16 +02:00
|
|
|
problem. You may also want to update `NOREPLY_EMAIL_ADDRESS`.
|
2016-08-25 04:01:03 +02:00
|
|
|
|
2017-06-09 05:59:07 +02:00
|
|
|
- If desired, you can also configure additional
|
|
|
|
[authentication backends](prod-authentication-methods.html) while
|
|
|
|
you're editing /etc/zulip/settings.py. Note, however, that the
|
2017-07-26 00:49:16 +02:00
|
|
|
default (email) backend must be enabled when you complete Step 5
|
2017-06-09 05:59:07 +02:00
|
|
|
(creating an organization) below.
|
2017-02-16 23:04:57 +01:00
|
|
|
|
2016-08-25 06:36:07 +02:00
|
|
|
## Step 4: Initialize Zulip database
|
2016-07-28 01:38:02 +02:00
|
|
|
|
2017-02-14 22:00:13 +01:00
|
|
|
At this point, you are done doing things as root. The remaining
|
|
|
|
commands are run as the `zulip` user using `su zulip`. To initialize
|
|
|
|
the Zulip database for your production install, run:
|
2016-07-28 01:38:02 +02:00
|
|
|
|
|
|
|
```
|
|
|
|
su zulip -c /home/zulip/deployments/current/scripts/setup/initialize-database
|
|
|
|
```
|
|
|
|
|
2016-08-25 04:01:03 +02:00
|
|
|
The `initialize-database` script will report an error if you did not
|
|
|
|
fill in all the mandatory settings from `/etc/zulip/settings.py`. It
|
|
|
|
is safe to rerun it after correcting the problem if that happens.
|
2016-07-28 01:38:02 +02:00
|
|
|
|
2016-08-25 06:29:36 +02:00
|
|
|
This completes the process of installing Zulip on your server.
|
|
|
|
However, in order to use Zulip, you'll need to create an organization
|
|
|
|
in your Zulip installation.
|
|
|
|
|
2016-08-25 06:36:07 +02:00
|
|
|
## Step 5: Create a Zulip organization and login
|
2016-08-25 06:29:36 +02:00
|
|
|
|
2017-02-22 06:12:12 +01:00
|
|
|
* If you haven't already, verify that your
|
|
|
|
[outgoing email configuration works](prod-email.html#testing-and-troubleshooting).
|
|
|
|
The organization creation process will fail if outgoing email is not
|
|
|
|
configured properly.
|
2016-08-25 06:29:36 +02:00
|
|
|
|
|
|
|
* Run the organization (realm) creation [management
|
|
|
|
command](prod-maintain-secure-upgrade.html#management-commands) :
|
|
|
|
|
|
|
|
```
|
|
|
|
su zulip # If you weren't already the zulip user
|
2017-02-03 21:46:58 +01:00
|
|
|
/home/zulip/deployments/current/manage.py generate_realm_creation_link
|
2016-08-25 06:29:36 +02:00
|
|
|
```
|
|
|
|
|
2017-07-26 00:49:16 +02:00
|
|
|
This will print out a secure one-time-use link that allows creation of a
|
2016-08-25 06:29:36 +02:00
|
|
|
new Zulip organization on your server. For most servers, you will
|
|
|
|
only ever do this once, but you can run `manage.py
|
|
|
|
generate_realm_creation_link` again if you want to host another
|
|
|
|
organization on your Zulip server.
|
|
|
|
|
2017-07-26 00:49:16 +02:00
|
|
|
* Open the generated link with your web browser. You'll see the "Create
|
|
|
|
organization" page ([screenshot here](_static/zulip-create-realm.png)).
|
2016-08-25 06:29:36 +02:00
|
|
|
Enter your email address and click *Create organization*.
|
|
|
|
|
|
|
|
* Check your email to find the confirmation email and click the
|
|
|
|
link. You'll be prompted to finish setting up your organization and
|
|
|
|
initial administrator user ([screenshot
|
2016-10-11 20:04:56 +02:00
|
|
|
here](_static/zulip-create-user-and-org.png)). Complete this form and
|
2016-08-25 06:29:36 +02:00
|
|
|
log in!
|
|
|
|
|
|
|
|
**Congratulations!** You are logged in as an organization
|
|
|
|
administrator for your new Zulip organization. After getting
|
2017-04-07 21:39:58 +02:00
|
|
|
oriented, we recommend visiting the "Organization settings" UI (linked
|
|
|
|
from the upper-right gear menu in the Zulip webapp) to configure
|
2016-08-25 06:29:36 +02:00
|
|
|
important policy settings like how users can join your new
|
2016-09-16 19:05:14 +02:00
|
|
|
organization. By default, your organization will be configured as
|
|
|
|
follows depending on what type of organization you selected:
|
2016-08-25 06:29:36 +02:00
|
|
|
|
2016-09-16 19:05:14 +02:00
|
|
|
Community Organization:
|
|
|
|
* `restricted_to_domain=False`: No restriction on user email addresses.
|
|
|
|
* `invite_required=True`: A user must be invited to join.
|
|
|
|
|
|
|
|
Corporate Organization:
|
|
|
|
* `restricted_to_domain=True`: New users must have an email address in the same domain (e.g. @acme.com) as yours.
|
|
|
|
* `invite_required=False`: No invitation is required to join.
|
2016-08-25 06:29:36 +02:00
|
|
|
|
|
|
|
Next, you'll likely want to do one of the following:
|
|
|
|
|
2017-06-08 22:28:51 +02:00
|
|
|
* [Read our advice for new organization administrators][realm-admin-docs]
|
2017-07-26 00:49:16 +02:00
|
|
|
* [Customize your Zulip organization](prod-customize.html)
|
|
|
|
* [Learn about managing a production Zulip server](prod-maintain-secure-upgrade.html)
|
2016-08-25 06:29:36 +02:00
|
|
|
|
|
|
|
## Troubleshooting
|
|
|
|
|
|
|
|
If you get an error after `scripts/setup/install` completes, check
|
|
|
|
`/var/log/zulip/errors.log` for a traceback, and consult the
|
2017-02-13 01:55:54 +01:00
|
|
|
[troubleshooting section](prod-troubleshooting.html) for advice on how
|
|
|
|
to debug. If that doesn't help, please visit
|
2017-02-13 02:04:05 +01:00
|
|
|
[#production help](https://chat.zulip.org/#narrow/stream/production.20help)
|
2017-07-26 00:49:16 +02:00
|
|
|
in the [Zulip development community server](chat-zulip-org.html) for
|
2017-02-13 01:55:54 +01:00
|
|
|
realtime help or email zulip-help@googlegroups.com with the full
|
2017-07-26 00:49:16 +02:00
|
|
|
traceback, and we'll try to help you out!
|
2017-06-08 22:28:51 +02:00
|
|
|
|
|
|
|
[realm-admin-docs]: https://zulipchat.com/help/getting-your-organization-started-with-zulip
|