Installation Guide¶

1. Planning an Installation¶

• How to plan an installation
• Demo installation (trying functionality out)
• Production installation (persistent data, high-availability)

2. Version Requirements¶

• Version requirements
• Persistence

3. Dependencies on Operator’s Machine¶

• Dependencies on operator’s machine
• (Alternative) Installing dependencies using Direnv and Nix

4. Installing Kubernetes (Demo)¶

• How to install kubernetes (Demo)
• How to set up your hosts.ini file
• Passwordless authentication
• Minio setup
• How to install kubernetes

5. Installing Wire-Server using Helm (Demo)¶

• How to install wire-server using Helm (Demo)
• Introduction
• Prerequisites
• How to start installing charts from wire
• Watching changes as they happen
• How to install in-memory databases and external components
• How to install wire-server itself

6. Introduction¶

• Introduction
• What will be installed by following these parts?
• What will not be installed?
• What will not be installed by default?
• Getting support
• Next steps for high-available production installation

7. Installing Kubernetes and Databases¶

• How to install kubernetes and databases
• Introduction
• Assumptions
• Preparing to run ansible
• Running ansible to install software on your machines

8. Configuring AWS Services¶

• How to configure AWS services
• Introduction
• Using real AWS services for SNS
• Using real AWS services for SES / SQS
• Using real AWS services for S3

9. Installing Wire-Server using Helm¶

• How to install wire-server using Helm
• Introduction
• Prerequisites
• Preparing to install charts from the internet with Helm
• Watching changes as they happen
• General installation notes
• How to install charts that provide access to external databases
• How to install fake AWS services for SNS / SQS
• Preparing to install wire-server
• How to install RabbitMQ
• How to configure real SMTP (email) services
• How to install fake SMTP (email) services
• How to install wire-server itself
• DNS records

10. Infrastructure Configuration¶

• Infrastructure configuration
• Redirect some traffic through a http(s) proxy
• Enable push notifications using the public appstore / playstore mobile Wire clients
• Controlling the speed of websocket draining during cannon pod replacement
• Control nginz upstreams (routes) into the Kubernetes cluster
• Separate incoming websocket network traffic from the rest of the https traffic
• You may want
• Metrics/logging
• SMTP server
• Load balancer on bare metal servers
• Load Balancer on cloud-provider
• Real AWS services
• Persistence and high-availability
• Security
• 3rd-party proxying
• Routing traffic to other namespaces via nginz
• Marking an installation as self-hosted
• Configuring authentication cookie throttling
• S3 Addressing Style
• I have a team larger than 500 users

11. Monitoring Wire-Server¶

• How to monitor wire-server
• Dashboards

12. Centralized Logs for Wire-Server¶

• How to see centralized logs for wire-server
• Introduction
• Status
• Prerequisites
• Installing required helm charts
• Configuring fluent-bit
• Post-install kibana setup
• Usage after installation
• Nuking it all.
• Debugging

13. Ingress-Controller (Getting Traffic In)¶

• Ingress-controller (getting traffic in)
• Installing in a cloud-like environment
• Installing on bare-metal without dynamic load balancer support

14. Web App Settings¶

• Web app settings
• Enforce desktop application only
• Enforce constant bit rate
• Disable media plugins
• Enable extra entropy (only on Windows)

15. Installing Conference Calling 2.0 (aka SFT)¶

• Installing Conference Calling 2.0 (aka SFT)
• Background

16. Installing Restund¶

• Installing Restund
• Background
• Installation instructions

17. Configure TLS Ciphers¶

• Configure TLS ciphers
• Ingress Traffic (wire-server)
• Egress Traffic (wire-server/federation)
• SFTD (ansible)
• SFTD (kubernetes)
• Coturn (kubernetes)
• Restund (ansible)
• Restund (kubernetes)

18. Managing Authentication with Ansible¶

• Managing authentication with ansible
• How to use password authentication when you ssh to a machine with ansible
• Configuring SSH keys
• Sudo without password

19. Using Tinc¶

• Using tinc

20. Troubleshooting During Installation¶

• Troubleshooting during installation
• Problems with CSP on the web based applications (webapp, team-settings, account-pages)
• Problems with ansible and python versions
• Flaky issues with Cassandra (failed QUORUMs, etc.)
• I deployed demo-smtp but I’m not receiving any verification emails
• I deployed demo-smtp and I want to skip email configuration and retrieve verification codes directly
• Obtaining Brig logs, and the format of different team/user events
• Diagnosing and addressing bad network/disconnect issues
• Diagnosing issues with installation steps.
• Verifying correct deployment of DNS / DNS troubleshooting.

21. Verifying Your Installation¶

• Verifying your installation
• NTP Checks
• Logs and Data Protection checks
• Demo installation (trying functionality out)
• Production installation (persistent data, high-availability)