线上rocket.chat代码

老司机 · 发表于 2025-5-3 19:23:01

docker-compose.yml代码如下

services:
  # 构建 Rocket.Chat
  rocketchat-builder:
build:
   context: .
   dockerfile: ./rocketchat-builder/Dockerfile
container_name: rocketchat-builder
volumes:
   - ./rocketchat-builder/scripts:/scripts
   - ./rocketchat-src:/app
   - ./rocketchat-build:/build
working_dir: /app
networks:
   - rocketchat_net
environment:
   - NODE_ENV=production
command: ["bash", "/usr/local/bin/build-rocketchat.sh"]

  # MongoDB 服务
  mongodb:
image: mongo:6.0
container_name: mongodb
restart: always
volumes:
   - ./data/mongo:/data/db
   - ./data/log:/var/log/mongodb
   - ./data/mongodb-keyfile:/opt/mongo-keyfile
environment:
   MONGO_INITDB_ROOT_USERNAME: rocketchat
   MONGO_INITDB_ROOT_PASSWORD: f78gwiN4ZZIC9k
command: >
   mongod
   --replSet rs0
   --keyFile /opt/mongo-keyfile
   --auth
   --bind_ip_all
networks:
   - rocketchat_net
healthcheck:
   test: echo 'db.runCommand("ping").ok' | mongosh localhost:27017/test --quiet | grep 1
   interval: 10s
   timeout: 10s
   retries: 10

  mongo-init:
image: mongo:6.0
container_name: mongo-init
depends_on:
   mongodb:
      condition: service_healthy
restart: "no"
environment:
   MONGO_INITDB_ROOT_USERNAME: rocketchat
   MONGO_INITDB_ROOT_PASSWORD: f78gwiN4ZZIC9k
entrypoint: >
   sh -c "
      echo '等待 MongoDB 启动...';
      until mongosh --host mongodb -u rocketchat -p f78gwiN4ZZIC9k --authenticationDatabase admin --eval 'db.runCommand({ ping: 1 })' >/dev/null 2>&1;    do
      sleep 5;
      done;

      echo '初始化 MongoDB 复制集...';
      mongosh --host mongodb -u rocketchat -p f78gwiN4ZZIC9k --authenticationDatabase admin --eval '
      try {
         rs.initiate({
            _id: \"rs0\",
            members: [ { _id: 0, host: \"mongodb:27017\" } ]
         });
      } catch (e) { print(e); }
      ';

      echo '创建 rocketchat 用户...';
      mongosh --host mongodb -u rocketchat -p f78gwiN4ZZIC9k --authenticationDatabase admin --eval '
      try {
         const dbname = "rocketchat";
         const username = "rocketchat";
         const db = db.getSiblingDB(dbname);
         const user = db.getUser(username);
         if (!user) {
            print("用户不存在，正在创建...");
            db.createUser({
            user: username,
            pwd: "'f78gwiN4ZZIC9k'",
            roles: [
               { role: "readWrite", db: dbname },
               { role: "clusterMonitor", db: "admin" },
               { role: "read", db: "local" }
            ]
            });
         } else {
            print("用户已存在，跳过创建。");
         }
      } catch (err) {
         print("创建用户时出错：", err);
      }
      ';
   "
networks:
   - rocketchat_net

  # Rocket.Chat 服务
  rocketchat:
image: registry.rocket.chat/rocketchat/rocket.chat:7.5.1
container_name: rocketchat
restart: always
depends_on:
   mongodb:
      condition: service_healthy
environment:
   MONGO_URL: "mongodb://rocketchat:f78gwiN4ZZIC9k@mongodb:27017/rocketchat?replicaSet=rs0&authSource=admin"
   MONGO_OPLOG_URL: "mongodb://rocketchat:f78gwiN4ZZIC9k@mongodb:27017/local?replicaSet=rs0&authSource=admin"
   ROOT_URL: https://chat.chaoren.group
   PORT: 3000
   APP_ID: rocketchat
   APP_SECRET: secret_key
   LOGIN_URL: https://chat.chaoren.group
networks:
   - rocketchat_net
ports:
   - "3000:3000"

  # Redis 服务
  redis:
image: redis:6
container_name: redis
restart: always
networks:
   - rocketchat_net

networks:
  rocketchat_net:
name: rocketchat_net
driver: bridge

老司机 · 发表于 2025-5-3 19:24:48

Dockerfile文件代码如下

# 使用指定版本的 Node.js
FROM node:22.13.1

# 启用核心工具（Yarn 现代版本支持）
RUN corepack enable && corepack prepare yarn@3.6.4 --activate

# 设置工作目录
WORKDIR /app

# 复制源码（rocketchat-src 是源码根目录，包含 yarn.lock 等）
COPY ./rocketchat-src/ ./

# 安装依赖（使用 Yarn 支持 monorepo 和 workspace）
RUN yarn install --immutable

# 执行构建脚本（可选，根据你有无脚本）
COPY ./rocketchat-builder/scripts/build-rocketchat.sh /usr/local/bin/build-rocketchat.sh
RUN chmod +x /usr/local/bin/build-rocketchat.sh

# 运行构建脚本（如果有需要）
CMD ["/usr/local/bin/build-rocketchat.sh"]

老司机 · 发表于 2025-5-3 19:27:47

build-rocketchat.sh文件如下：

#!/bin/bash

set -e

echo "Starting Rocket.Chat build process..."

# 检查源码是否存在
if [ ! -d "/app/.git" ]; then
echo "Error: /app directory does not contain a git repo. Please clone Rocket.Chat source code into ./rocketchat-src before building."
exit 1
fi

cd /app

# 安装依赖（使用 yarn）
echo "Installing dependencies..."
yarn install --frozen-lockfile

# 构建生产版本
echo "Building Rocket.Chat for production..."
yarn build

# 拷贝构建产物
echo "Copying build artifacts to /build..."
mkdir -p /build
cp -r . /build

echo "Build completed successfully."

老司机 · 发表于 2025-5-3 19:30:38

nginx的conf文件

proxy_cache_path /www/wwwroot/chat.chaoren.group/proxy_cache_dir levels=1:2 keys_zone=chat_chaoren_group_cache:20m inactive=1d max_size=5g;

server {
listen 80;

listen 443 ssl http2 ;
listen [::]:80;

listen [::]:443 ssl http2 ;

server_name chat.chaoren.group;
index index.php index.html index.htm default.php default.htm default.html;
root /www/wwwroot/chat.chaoren.group;

#CERT-APPLY-CHECK--START
# 用于SSL证书申请时的文件验证相关配置 -- 请勿删除
include /www/server/panel/vhost/nginx/well-known/chat.chaoren.group.conf;
#CERT-APPLY-CHECK--END

#SSL-START SSL相关配置，请勿删除或修改下一行带注释的404规则
#error_page 404/404.html;
ssl_certificate /www/server/panel/vhost/cert/chat.chaoren.group/fullchain.pem;
ssl_certificate_key /www/server/panel/vhost/cert/chat.chaoren.group/privkey.pem;
ssl_protocols TLSv1.1 TLSv1.2 TLSv1.3;
ssl_ciphers EECDH+CHACHA20:EECDH+CHACHA20-draft:EECDH+AES128:RSA+AES128:EECDH+AES256:RSA+AES256:EECDH+3DES:RSA+3DES:!MD5;
ssl_prefer_server_ciphers on;
ssl_session_cache shared:SSL:10m;
ssl_session_timeout 10m;
add_header Strict-Transport-Security "max-age=31536000";
error_page 497  https://$host$request_uri;
#SSL-END
#REDIRECT START

#REDIRECT END

#ERROR-PAGE-START  错误页配置，可以注释、删除或修改
#error_page 404 /404.html;
#error_page 502 /502.html;
#ERROR-PAGE-END

#PHP-INFO-START  PHP引用配置，可以注释或修改

include enable-php-00.conf;
#PHP-INFO-END

#IP-RESTRICT-START 限制访问ip的配置，IP黑白名单

#IP-RESTRICT-END

#BASICAUTH START

#BASICAUTH END

#SUB_FILTER START

#SUB_FILTER END

#GZIP START

#GZIP END

#GLOBAL-CACHE START

#GLOBAL-CACHE END

#WEBSOCKET-SUPPORT START
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
#WEBSOCKET-SUPPORT END

#PROXY-CONF-START
location / {
      proxy_pass http://127.0.0.1:3000;  # 或127.0.0.1，视你的部署而定
      proxy_http_version 1.1;
      proxy_set_header Upgrade $http_upgrade;
      proxy_set_header Connection "upgrade";
      proxy_set_header Host $http_host;
      proxy_set_header X-Real-IP $remote_addr;
      proxy_set_header X-Real-Port $remote_port;
      proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
      proxy_set_header X-Forwarded-Proto $scheme;
      proxy_set_header X-Forwarded-Host $host;
      proxy_set_header X-Forwarded-Port $server_port;
      proxy_set_header REMOTE-HOST $remote_addr;
      proxy_set_header X-Forward-Proto http;
      proxy_set_header X-Nginx-Proxy true;
      proxy_redirect off;
   # 不缓存 WebSocket
      proxy_buffering off;

      proxy_connect_timeout 60s;
      proxy_send_timeout 600s;
      proxy_read_timeout 600s;

                     #禁用对关键路径的缓存
      set $nocache 0;
      if ($request_uri ~* "^/sockjs/") {
         set $nocache 1;
      }
      if ($request_uri ~* "^/meteor_runtime_config\.js") {
         set $nocache 1;
      }

      proxy_no_cache    $nocache;
      proxy_cache_bypass $nocache;

      # 只对非关键请求启用缓存
      proxy_cache chat_chaoren_group_cache;
      proxy_cache_key $host$uri$is_args$args;
      proxy_ignore_headers Set-Cookie Cache-Control Expires X-Accel-Expires;
      proxy_cache_valid 200 301 302 304 1d;
      proxy_cache_valid 404 1m;
}

#PROXY-CONF-END

#SERVER-BLOCK START

#SERVER-BLOCK END

#禁止访问的文件或目录
location ~ ^/(\.user.ini|\.htaccess|\.git|\.env|\.svn|\.project|LICENSE|README.md)
{
      return 404;
}

#一键申请SSL证书验证目录相关设置
location /.well-known{
      allow all;
}

#禁止在证书验证目录放入敏感文件
if ( $uri ~ "^/\.well-known/.*\.(php|jsp|py|js|css|lua|ts|go|zip|tar\.gz|rar|7z|sql|bak)$" ) {
      return 403;
}

#LOG START

access_log  /www/wwwlogs/chat.chaoren.group.log;
error_log  /www/wwwlogs/chat.chaoren.group.error.log;

#LOG END
}

老司机 · 发表于 2025-5-3 19:32:12

目录结构如下：

chat.chaoren.group/
├── docker-compose.yml
├── rocketchat-builder/
│ ├── Dockerfile
│ └── scripts/
│ └── build-rocketchat.sh
├── rocketchat-src/
│ ├── package.json
│ ├── .yarnrc.yml
│ ├── .yarn/
│ ├── apps/
│ └── packages/

老司机 · 发表于 2025-5-3 19:37:33

chown -R 999:999 /www/wwwroot/chat.chaoren.group/rocketchat-docker/data/db
chmod -R 755 /www/wwwroot/chat.chaoren.group/rocketchat-docker/data/db
# 关闭以前错误的容器
# 停止并删除所有容器、卷、网络（不清缓存）
docker-compose down -v

# 重新启动
docker-compose up -d

Location5579201: Unable to acquire security key
chown 999:999 ./data/mongodb-keyfile
MongoDB 5.0 不要求强制启用加密机制，不会有 Location5579201 错误。

docker-compose logs mongodb
docker-compose logs rocketchat
sudo systemctl restart nginx
docker network ls
docker volume prune
# 使用缓存构建（更快）
docker-compose build rocketchat-builder

# apps/meteor 缺失依赖

yarn workspace @rocket.chat/meteor add -D @testing-library/dom
yarn workspace @rocket.chat/meteor add react-virtuoso
yarn workspace @rocket.chat/meteor add -D webpack
yarn workspace @rocket.chat/meteor add react-i18next
yarn workspace @rocket.chat/meteor add @rocket.chat/fuselage-hooks
yarn workspace @rocket.chat/meteor add @rocket.chat/fuselage-polyfills
yarn workspace @rocket.chat/meteor add @rocket.chat/icons
yarn workspace @rocket.chat/meteor add react

curl -L https://raw.githubusercontent.com/tj/n/master/bin/n -o /usr/local/bin/n
chmod +x /usr/local/bin/n

# 然后用 n 直接下载并安装 Node.js v22.13.1（含 npm）
n 22.13.1

手动清除旧的 Meteor 缓存、构建目录和可能残留的依赖内容
# 进入你的 Rocket.Chat 项目根目录
cd /你/docker-compose.yml 所在目录

# 删除 Meteor 缓存目录
rm -rf ./meteor-cache

# 删除之前构建产物（bundle 包）
rm -rf ./rocketchat-build

# 可选：删除临时 NPM/Yarn 缓存（视情况保留）
rm -rf ./npm-cache
rm -rf ./yarn-cache

docker exec -it <rocketchat-builder-container-id> bash
rm -rf /home/meteoruser/.meteor

git clone --recurse-submodules https://github.com/RocketChat/Rocket.Chat.git rocketchat-src

# 强制重建镜像，确保用的是新脚本
docker-compose build --no-cache rocketchat-builder

使用以下命令来清理 Docker 的无用资源：
docker system prune -a

你可以先检查磁盘空间使用情况：
df -h

老司机 · 发表于 2025-5-3 19:43:17

安装 Node.js v22.13.1（使用 n 工具，最稳最通用）
# 安装 n 管理器
npm install -g n

# 安装 Node.js v22.13.1
n 22.13.1

如果你当前系统没有 npm，可以先用以下方式快速装一下：
curl -fsSL https://deb.nodesource.com/setup_20.x | bash -
dnf install -y nodejs

node -v # 应该是 v22.13.1
npm -v

老司机 · 发表于 2025-5-4 10:36:28

nginx配置去掉缓存proxy_cache

#proxy_cache_path /www/wwwroot/chat.chaoren.group/proxy_cache_dir levels=1:2 keys_zone=chat_chaoren_group_cache:20m inactive=1d max_size=5g;

server {
listen 80;

listen 443 ssl http2 ;
listen [::]:80;

listen [::]:443 ssl http2 ;

server_name chat.chaoren.group;
index index.php index.html index.htm default.php default.htm default.html;
root /www/wwwroot/chat.chaoren.group;

#CERT-APPLY-CHECK--START
# 用于SSL证书申请时的文件验证相关配置 -- 请勿删除
include /www/server/panel/vhost/nginx/well-known/chat.chaoren.group.conf;
#CERT-APPLY-CHECK--END

#SSL-START SSL相关配置，请勿删除或修改下一行带注释的404规则
#error_page 404/404.html;
ssl_certificate /www/server/panel/vhost/cert/chat.chaoren.group/fullchain.pem;
ssl_certificate_key /www/server/panel/vhost/cert/chat.chaoren.group/privkey.pem;
ssl_protocols TLSv1.1 TLSv1.2 TLSv1.3;
ssl_ciphers EECDH+CHACHA20:EECDH+CHACHA20-draft:EECDH+AES128:RSA+AES128:EECDH+AES256:RSA+AES256:EECDH+3DES:RSA+3DES:!MD5;
ssl_prefer_server_ciphers on;
ssl_session_cache shared:SSL:10m;
ssl_session_timeout 10m;
add_header Strict-Transport-Security "max-age=31536000";
error_page 497  https://$host$request_uri;
#SSL-END
#REDIRECT START

#REDIRECT END

#ERROR-PAGE-START  错误页配置，可以注释、删除或修改
#error_page 404 /404.html;
#error_page 502 /502.html;
#ERROR-PAGE-END

#PHP-INFO-START  PHP引用配置，可以注释或修改

include enable-php-00.conf;
#PHP-INFO-END

#IP-RESTRICT-START 限制访问ip的配置，IP黑白名单

#IP-RESTRICT-END

#BASICAUTH START

#BASICAUTH END

#SUB_FILTER START

#SUB_FILTER END

#GZIP START

#GZIP END

#GLOBAL-CACHE START

#GLOBAL-CACHE END

#WEBSOCKET-SUPPORT START
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
#WEBSOCKET-SUPPORT END

# location ~* \.(css|js|jpe?g|gif|png|webp|woff|eot|ttf|svg|ico|css\.map|js\.map)$
# {
#    expires 1d;
#    error_log off;
#    access_log off;
#    proxy_cache chat_chaoren_group_cache;
# }

#PROXY-CONF-START
location / {
      proxy_pass http://127.0.0.1:3000;  # 或127.0.0.1，视你的部署而定
      proxy_http_version 1.1;
      proxy_set_header Upgrade $http_upgrade;
      proxy_set_header Connection "upgrade";
      proxy_set_header Host $http_host;
      proxy_set_header X-Real-IP $remote_addr;
      proxy_set_header X-Real-Port $remote_port;
      proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
      proxy_set_header X-Forwarded-Proto $scheme;
      proxy_set_header X-Forwarded-Host $host;
      proxy_set_header X-Forwarded-Port $server_port;
      proxy_set_header REMOTE-HOST $remote_addr;
      proxy_set_header X-Forward-Proto http;
      proxy_set_header X-Nginx-Proxy true;
      proxy_redirect off;

      # 不缓存 WebSocket
      proxy_buffering off;

      proxy_connect_timeout 60s;
      proxy_send_timeout 600s;
      proxy_read_timeout 600s;

      # proxy_cache chat_chaoren_group_cache;
      # proxy_cache_key $host$uri$is_args$args;
      # proxy_ignore_headers Set-Cookie Cache-Control Expires X-Accel-Expires;
      # proxy_cache_valid 200 301 302 304 1d;
      # proxy_cache_valid 404 1m;
      #  禁用对关键路径的缓存
      #set $nocache 0;
      #if ($request_uri ~* "^/sockjs/") {
      # set $nocache 1;
      #}
      #if ($request_uri ~* "^/meteor_runtime_config\.js") {
      # set $nocache 1;
      #}

      #proxy_no_cache    $nocache;
      #proxy_cache_bypass $nocache;

      # 只对非关键请求启用缓存
      #proxy_cache chat_chaoren_group_cache;
      #proxy_cache_key $host$uri$is_args$args;
      #proxy_ignore_headers Set-Cookie Cache-Control Expires X-Accel-Expires;
      #proxy_cache_valid 200 301 302 304 1d;
      #proxy_cache_valid 404 1m;
}

#PROXY-CONF-END

#SERVER-BLOCK START

#SERVER-BLOCK END

#禁止访问的文件或目录
location ~ ^/(\.user.ini|\.htaccess|\.git|\.env|\.svn|\.project|LICENSE|README.md)
{
      return 404;
}

#一键申请SSL证书验证目录相关设置
location /.well-known{
      allow all;
}

#禁止在证书验证目录放入敏感文件
if ( $uri ~ "^/\.well-known/.*\.(php|jsp|py|js|css|lua|ts|go|zip|tar\.gz|rar|7z|sql|bak)$" ) {
      return 403;
}

#LOG START

access_log  /www/wwwlogs/chat.chaoren.group.log;
error_log  /www/wwwlogs/chat.chaoren.group.error.log;

#LOG END
}

# server {
#    listen 80;
#    server_name chat.chaoren.group;
#    return 301 https://$server_name$request_uri;
# }

# server {
#    listen 443 ssl;
#    server_name chat.chaoren.group;

#    ssl_certificate /www/server/panel/vhost/cert/chat.chaoren.group/fullchain.pem;
#    ssl_certificate_key /www/server/panel/vhost/cert/chat.chaoren.group/privkey.pem;

#    location / {
#       proxy_pass http://127.0.0.1:3000/;
#       proxy_http_version 1.1;
#       proxy_set_header Upgrade $http_upgrade;
#       proxy_set_header Connection "upgrade";
#       proxy_set_header Host $host;
#       proxy_set_header X-Real-IP $remote_addr;
#       proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
#       proxy_set_header X-Forwarded-Proto $scheme;
#       proxy_read_timeout 90;
#    }
# }

		自动登录	找回密码
密码			立即注册