Zulip is another open source alternative to Slack. It is written in Python and uses the Django framework and provides almost all the features provided by Slack. It supports both 1 to 1 messaging as well as group messaging. Zulip also supports fast search, drag-and-drop file uploads, image previews, group private messages, audible notifications, missed-message emails, desktop apps, and much more. Desktop and Mobile apps are also available for Zulip client.

Requirements

To install Zulip server, you will need a server with at least 2GB RAM and 1 CPU. The recommended configuration is 4 GB RAM and 2 CPU which increases as the number of users increases. Zulip only supports ubuntu version 14.04 and ubuntu 16.04. To follow this tutorial you will need a ubuntu 16.04 minimal installation with root access on it. If you are logged in as non root user, you will need to run sudo -i to switch to root user. Additionally, you will need a domain name pointed at your server to generate SSL certificates for your domain and enable google authentication.

Installing Zulip

Before installing any packages it is recommended to update the server, run the following command to see the list of available updates.

apt-get update

To actually update the server, run the following command.

apt-get -y upgrade

Zulip only works on HTTPS connection, hence it is required to obtain the SSL certificates before installing Zulip. There are three methods of obtaining the SSL certificates. First is a commercial SSL certificate provider after paying the required fees or free certificates from Let’s Encrypt certificate authority or self-signed certificate. If you use a self-signed certificate then the users will get a warning about the non-trusted SSL certificates when they will browse the site.

Generate An SSL Certificate

Self-Signed SSL

Self Signed certificates are also secured but as the browsers do not recognize them thus they show a warning to the users. Self-signed certificates can be easily generated by openssl utility. Run the following command to install openssl.

apt-get -y install openssl

Now run the following command to generate RSA key of 4096 bits.

openssl genrsa -des3 -passout pass:x -out server.pass.key 4096

Run the following command to write RSA private key into zulip.key file.

openssl rsa -passin pass:x -in server.pass.key -out zulip.key

Now remove the first key generated.

rm server.pass.key

Now generate the code signing request using the following command.

openssl req -new -key zulip.key -out server.csr

It will now ask you about some information which is required to generate the CSR. You will be asked about your country code in two letters, for example for India, it should be IN. The next field is to enter the full name of state or province. Next provide Locality name and organization name. Next is organization unit name and common name, which can be left by simply pressing the enter button. Finally provide your email address which is used with CSR. A challenge password can also be provided but can be left blank also.

Once CSR is generated, run the following command to generate the certificate files.

openssl x509 -req -days 365 -in server.csr -signkey zulip.key -out zulip.combined-chain.crt

The above command will generate a certificate valid for one year using the CSR and key, the certificate generated will be stored in zulip.combined-chain.crt file. Now remove the CSR and move the certificate and key using the following commands.

rm server.csr
cp zulip.key /etc/ssl/private/zulip.key
cp zulip.combined-chain.crt /etc/ssl/certs/zulip.combined-chain.crt

This certificate and key is good for installation of Zulip, but for deploying Zulip for the production environment you would want to use properly signed SSL certificates. You can also go with Let’s Encrypt SSL as it’s properly signed and free to obtain and use.

Let’s Encrypt SSL

Let’s Encrypt CA let’s provides you free SSL certificates valid for 3 months, which you can always renew when the expiry date near. The only requirement is that you must have the domain pointing towards your server. If you have a domain, you can easily create an A record to point your domain towards the server IP address in DNS management panel of your domain. The default repository of ubuntu provides a very older version of Let’s Encrypt client so instead of installing through apt, it is recommended to download the installer script from their website.

cd /opt
wget https://dl.eff.org/certbot-auto

Now provide the appropriate execution permission to the script using the following command.

chmod a+x certbot-auto

Now you can run the following command to obtain the SSL certificates from Let’s Encrypt. Make sure that your domain is pointed at the server, the Let’s Encrypt will check the domain authority before providing the certificates.

./certbot-auto certonly --standalone -d yourdomain.com

This command will run Let’s Encrypt client to obtain the certificates only but not to install it. --apache tells the client to use Apache web server for authentication of domain authority. -d yourdomain.com tells the domain name for which the certificates needs to be obtained. It may ask you which SSL configuration to use during authentication, choose ssl.conf. All the changes made to the file will be automatically restored. Finally provide your email address and accept the terms and condition. Once the certificates are generated, they are likely to be stored in the following directory.

/etc/letsencrypt/live/yourdomain.com

Now you will need to create two soft links to the private key and full certificate chain so that the Zulip can use the certificates.

ln -s /etc/letsencrypt/live/yourdomain.com/privkey.pem /etc/ssl/private/zulip.key
ln -s /etc/letsencrypt/live/yourdomain.com/fullchain.pem /etc/ssl/certs/zulip.combined-chain.crt

Let’s Encrypt SSL expires in 90 days, so it is recommended to set an automatic renewal for your certificates. Before that move your certbot-auto file to /etc location using the following command.

mv certbot-auto /etc/

Run the following command to open your crontab file.

crontab -e

Enter the following line into the crontab file.

30 1 * * 1 /etc/certbot-auto renew >> /var/log/le-renew.log

The above cron job will automatically run every Monday at 1:30 AM and if your certificates are due for expiry, it will automatically renew them.

As our SSL certificates are now generated we can proceed further to download the Zulip archive.

Installing Zulip

Run the following commands to download the latest version of Zulip in your server.

cd /root
wget https://www.zulip.com/dist/releases/zulip-server-latest.tar.gz

Now create a new directory to install Zulip files and extract the Zulip files using the following commands.

mkdir /root/zulip
tar -xf zulip-server-latest.tar.gz --directory=/root/zulip --strip-components=1

You can now run the installer which automatically installs Zulip but takes a while as it installs a large number of dependencies.

/root/zulip/scripts/setup/install

If the setup fails you can always check installation log at /var/log/zulip/install.log. Correct the errors and run the installer script again and it will successfully installed.

Once the installer completes you will need to edit the /etc/zulip/settings.py file to provide the mandatory settings values. These values are mandatory for the production environment. Open /etc/zulip/settings.py using your favorite editor.

nano /etc/zulip/settings.py

If you don’t have nano installed, you can simply run apt-get -y install nano. Scroll down to find the following line.

EXTERNAL_HOST = 'zulip.example.com'

Change the value according to your domain name, if you are using the self-signed certificate, you can use IP address also. Next, scroll down to find the following line.

ZULIP_ADMINISTRATOR = 'zulip-admin@example.com'

Change the above parameter with your email address. Next find the following lines.

AUTHENTICATION_BACKENDS = (
#    'zproject.backends.EmailAuthBackend', # Email and password; see SMTP setup below
#    'zproject.backends.GoogleMobileOauth2Backend', # Google Apps, setup below
#    'zproject.backends.GitHubAuthBackend', # GitHub auth, setup below
#    'zproject.backends.ZulipLDAPAuthBackend', # LDAP, setup below
#    'zproject.backends.ZulipRemoteUserBackend', # Local SSO, setup docs on readthedocs
    )

Zulip supports five different types of authentication mechanism. The first one the basic email and password authentication. Next is Google authentication and Github authentication. Further, it supports LDAP and SSO type authentication. You need to enable at least one of the above supported authentication by uncommenting the line by removing #. Further whatever authentication you choose, according to that you will need to configure the settings. For now, you can simply uncomment the first authentication method which is Email and password. Further, scroll down and find the following lines.

EMAIL_HOST = 'smtp.gmail.com'
EMAIL_HOST_USER = ''
EMAIL_PORT = 587
EMAIL_USE_TLS = True

Change the email hostname, username and port according to the SMTP settings of your email server. You can use Gmail or another commercial email services or you can simply create your own email server in CentOS 7 using Postfix, Dovecot, and Squirrelmail. The password for the EMAIL_HOST_USER needs to be provided in /etc/zulip/zulip-secrets.conf file. Add the password in email_password option. Further change the following values also.

DEFAULT_FROM_EMAIL = "Zulip <zulip@example.com>"

Change the Default email from to the email address from which the emails will be sent to the user. Provide the name of the sender in place of Zulip and the email address in angle brackets. Next, scroll down to find the following line.

NOREPLY_EMAIL_ADDRESS = "noreply@example.com"

Change this address to a noreply address for your server, emails sent to this address will not be saved anywhere. Finally find the following line.

ALLOWED_HOSTS = ['*']

Change the * to the full qualified domain name of your server. This is a Django security features which enable the web server to serve only those requests that match the hostname of your server.

Now initialize the PostgreSQL database using the following command.

su zulip -c /home/zulip/deployments/current/scripts/setup/initialize-database

If you have an error in the mandatory settings of zulip, then the script will report it before initialization. If not, it will write the database. At this step, Zulip is installed, further, you will need to create and organization and an admin user.

To create the first organization, run the following commands.

su zulip
cd /home/zulip/deployments/current
./manage.py generate_realm_creation_link

This will generate one-time organization creation link, which you can use to create an organization and the admin user. SMTP must be working for this, you can run the following command to check if SMTP is working.

./manage.py send_test_email username@example.com

Copy the URL generated using generate_realm_creation_link command and paste it in your favorite web browser and it will ask you your email address, click create organization button to proceed further. Then it will send you a link to create the administrator user. You do not need to create an organization again, all the other users can simply click on register link to signup.

Conclusion

In this tutorial, we have learned how to install Zulip chat server on Ubuntu 16.04. Zulip provides many features which you can use to increase the productivity of your organization.