mirror of https://github.com/zulip/zulip.git
180 lines
7.4 KiB
Markdown
180 lines
7.4 KiB
Markdown
# Production Installation
|
|
|
|
Make sure you want to install a Zulip production server; if you'd
|
|
instead like to test or develop a new feature, we recommend the
|
|
[Zulip server development environment](dev-overview.html#requirements) instead.
|
|
|
|
You will need an Ubuntu system that satisfies
|
|
[the installation requirements](prod-requirements.html). In short,
|
|
you should have an Ubuntu 14.04 Trusty or Ubuntu 16.04 Xenial 64-bit
|
|
server instance, with at least 4GB RAM, 2 CPUs, and 10 GB disk space.
|
|
You should also have a domain name available and have updated its DNS
|
|
record to point to your server.
|
|
|
|
## Step 0: Subscribe
|
|
|
|
Please subscribe to low-traffic [the Zulip announcements Google
|
|
Group](https://groups.google.com/forum/#!forum/zulip-announce) to get
|
|
announcements about new releases, security issues, etc.
|
|
|
|
## Step 1: Install SSL Certificates
|
|
|
|
Zulip runs over https only and requires ssl certificates in order to
|
|
work. It looks for the certificates in `/etc/ssl/private/zulip.key`
|
|
and `/etc/ssl/certs/zulip.combined-chain.crt`. Note that Zulip uses
|
|
`nginx` as its webserver and thus [expects a chained certificate
|
|
bundle](http://nginx.org/en/docs/http/configuring_https_servers.html)
|
|
|
|
If you need an SSL certificate, see [our SSL certificate
|
|
documentation](ssl-certificates.html). If you already have an SSL
|
|
certificate, just install (or symlink) them into place at the above
|
|
paths, and move on to the next step.
|
|
|
|
## Step 2: Download and install latest release
|
|
|
|
If you haven't already, download and unpack [the latest built server
|
|
tarball](https://www.zulip.org/dist/releases/zulip-server-latest.tar.gz)
|
|
with the following commands:
|
|
|
|
```
|
|
sudo -i # If not already root
|
|
cd /root
|
|
wget https://www.zulip.org/dist/releases/zulip-server-latest.tar.gz
|
|
rm -rf /root/zulip && mkdir /root/zulip
|
|
tar -xf zulip-server-latest.tar.gz --directory=/root/zulip --strip-components=1
|
|
```
|
|
|
|
Then, run the Zulip install script:
|
|
```
|
|
/root/zulip/scripts/setup/install
|
|
```
|
|
|
|
This may take a while to run, since it will install a large number of
|
|
dependencies. It also creates `zulip` user, which will be used to run
|
|
the various Zulip servers.
|
|
|
|
The Zulip install script is designed to be idempotent, so if it fails,
|
|
you can just rerun it after correcting the issue that caused it to
|
|
fail. Also note that it automatically logs a transcript to
|
|
`/var/log/zulip/install.log`; please include a copy of that file in
|
|
any bug reports.
|
|
|
|
## Step 3: Configure Zulip
|
|
|
|
Configure the Zulip server instance by editing `/etc/zulip/settings.py` and
|
|
providing values for the mandatory settings, which are all found under the
|
|
heading `### MANDATORY SETTINGS`.
|
|
|
|
These settings include:
|
|
|
|
- `EXTERNAL_HOST`: the user-accessible Zulip domain name for your
|
|
Zulip installation (aka what users will type in their web
|
|
browser). This should of course match the DNS name you configured to
|
|
point to your server and for which you configured SSL certificates.
|
|
If you plan to use multiple domains, add the others to
|
|
`ALLOWED_HOSTS`.
|
|
|
|
- `ZULIP_ADMINISTRATOR`: the email address of the person or team
|
|
maintaining this installation and who will get support and error
|
|
emails.
|
|
|
|
- `EMAIL_*`, `DEFAULT_FROM_EMAIL`, and `NOREPLY_EMAIL_ADDRESS`:
|
|
credentials for an outgoing SMTP server so Zulip can send emails
|
|
when needed (don't forget to set `email_password` in the
|
|
`zulip-secrets.conf` file!). We highly recommend reading our
|
|
[production email docs](prod-email.html) and following the test
|
|
procedure discussed there to make sure you've setup outgoing email
|
|
correctly, since outgoing email is the most common configuration
|
|
problem.
|
|
|
|
- `AUTHENTICATION_BACKENDS`: a list of enabled authentication
|
|
mechanisms. You'll need to enable at least one authentication
|
|
mechanism by uncommenting its corresponding line, and then also do
|
|
any additional configuration required for that backend as documented
|
|
in the `settings.py` file (the email backend requires no extra
|
|
configuration). See the
|
|
[section on Authentication](prod-authentication-methods.html) for
|
|
more detail on the available authentication backends and how to
|
|
configure them.
|
|
|
|
## Step 4: Initialize Zulip database
|
|
|
|
At this point, you are done doing things as root. The remaining
|
|
commands are run as the `zulip` user using `su zulip`. To initialize
|
|
the Zulip database for your production install, run:
|
|
|
|
```
|
|
su zulip -c /home/zulip/deployments/current/scripts/setup/initialize-database
|
|
```
|
|
|
|
The `initialize-database` script will report an error if you did not
|
|
fill in all the mandatory settings from `/etc/zulip/settings.py`. It
|
|
is safe to rerun it after correcting the problem if that happens.
|
|
|
|
This completes the process of installing Zulip on your server.
|
|
However, in order to use Zulip, you'll need to create an organization
|
|
in your Zulip installation.
|
|
|
|
## Step 5: Create a Zulip organization and login
|
|
|
|
* If you haven't already, verify that your
|
|
[outgoing email configuration works](prod-email.html#testing-and-troubleshooting).
|
|
The organization creation process will fail if outgoing email is not
|
|
configured properly.
|
|
|
|
* Run the organization (realm) creation [management
|
|
command](prod-maintain-secure-upgrade.html#management-commands) :
|
|
|
|
```
|
|
su zulip # If you weren't already the zulip user
|
|
/home/zulip/deployments/current/manage.py generate_realm_creation_link
|
|
```
|
|
|
|
This will print out a secure 1-time use link that allows creation of a
|
|
new Zulip organization on your server. For most servers, you will
|
|
only ever do this once, but you can run `manage.py
|
|
generate_realm_creation_link` again if you want to host another
|
|
organization on your Zulip server.
|
|
|
|
* Open the link generated with your web browser. You'll see the create
|
|
organization page ([screenshot here](_static/zulip-create-realm.png)).
|
|
Enter your email address and click *Create organization*.
|
|
|
|
* Check your email to find the confirmation email and click the
|
|
link. You'll be prompted to finish setting up your organization and
|
|
initial administrator user ([screenshot
|
|
here](_static/zulip-create-user-and-org.png)). Complete this form and
|
|
log in!
|
|
|
|
**Congratulations!** You are logged in as an organization
|
|
administrator for your new Zulip organization. After getting
|
|
oriented, we recommend visiting the "Organization settings" UI (linked
|
|
from the upper-right gear menu in the Zulip webapp) to configure
|
|
important policy settings like how users can join your new
|
|
organization. By default, your organization will be configured as
|
|
follows depending on what type of organization you selected:
|
|
|
|
Community Organization:
|
|
* `restricted_to_domain=False`: No restriction on user email addresses.
|
|
* `invite_required=True`: A user must be invited to join.
|
|
|
|
Corporate Organization:
|
|
* `restricted_to_domain=True`: New users must have an email address in the same domain (e.g. @acme.com) as yours.
|
|
* `invite_required=False`: No invitation is required to join.
|
|
|
|
Next, you'll likely want to do one of the following:
|
|
|
|
* [Customize your Zulip organization](prod-customize.html).
|
|
* [Learn about managing a production Zulip server](prod-maintain-secure-upgrade.html).
|
|
|
|
## Troubleshooting
|
|
|
|
If you get an error after `scripts/setup/install` completes, check
|
|
`/var/log/zulip/errors.log` for a traceback, and consult the
|
|
[troubleshooting section](prod-troubleshooting.html) for advice on how
|
|
to debug. If that doesn't help, please visit
|
|
[#production help](https://chat.zulip.org/#narrow/stream/production.20help)
|
|
in the [Zulip developerment community server](chat-zulip-org.html) for
|
|
realtime help or email zulip-help@googlegroups.com with the full
|
|
traceback and we'll try to help you out!
|