Mattermost

From ArchWiki
Jump to: navigation, search

From Mattermost's homepage:

Mattermost is an open source, self-hosted Slack-alternative. As an alternative to proprietary SaaS messaging, Mattermost brings all your team communication into one place, making it searchable and accessible anywhere.

This article describes how to install and configure the Mattermost server.

Installation

The Mattermost server can be installed in two ways:

An Electron-based desktop client is provided by the mattermost-desktopAUR package.

With Docker

By using Docker, you do not need to manually install a database server and configure Mattermost dependencies. Since the docker image comes with all the dependencies automatically bundled, this is less work for you.

However, the tradeoff is that you cannot choose the database back-end or web server you want, but only those provided in the docker images, unless you make your own.

$ git clone https://github.com/mattermost/mattermost-docker.git 
  • For Team edition, edit the docker-compose.yml file by commenting out the line: dockerfile: Dockerfile-enterprise
  • Build and start the docker container:
$ cd mattermost-docker
$ docker-compose build
$ docker-compose up -d
$ docker run --name mattermost-preview -d --publish 8065:8065 mattermost/mattermost-preview

Please refer to the official guide for how to configure TLS, email, enable Enterprise features and use several server nodes using Docker Compose.

There are also some Docker images provided on the official Mattermost Docker Hub page. Please also refer to the repository of the Mattermost Docker images.

With AUR

Install the mattermostAUR package, or mattermost-gitAUR for the development version.

  • The installation will create the mattermost user and group.
  • The mattermost directory is located at /var/lib/mattermost and is owned by mattermost:root.

Continue with #Database setup.

Database setup

Mattermost requires a database back-end. If you plan to run it on the same machine, first install either MySQL/MariaDB or PostgreSQL as database. Follow one of the following sections and then proceed with #Configuring Mattermost.

While MySQL is officially supported, please note the official guide goes through the PostgreSQL steps only.

MySQL/MariaDB

$ mysql -u root -p
CREATE DATABASE mattermostdb;
CREATE USER mmuser IDENTIFIED BY 'mmuser_password';
GRANT ALL ON mattermostdb.* TO mmuser;

PostgreSQL

1. Install PostgreSQL.

2. Connect to the server as user postgres:

sudo -u postgres psql

3. Create the Mattermost database:

CREATE DATABASE mattermostdb;
CREATE USER mmuser WITH PASSWORD 'mmuser_password';
GRANT ALL PRIVILEGES ON DATABASE mattermostdb to mmuser;

4. Exit out of psql with \q.

Note: When Mattermost and PostgreSQL are on the same machine, you should use a Unix socket, as it is faster and more secure.

With TCP socket

5. PostgreSQL#Configure PostgreSQL to be accessible from remote hosts

6. Verify it works:

$ psql --host=ip_address --dbname=mattermostdb --username=mmuser --password

With Unix socket

5. Map the mattermost Unix user to the mmuser PostgreSQL user by adding the following line to /var/lib/postgres/data/pg_ident.conf:

mattermap    mattermost    mmuser

6. Setup the Unix socket by adding the following line to /var/lib/postgres/data/pg_hba.conf:

local    mattermostdb    mattermost    peer    map=mattermap

7. Restart postgresql.service.

8. Verify it works:

$ sudo -u mattermost psql --dbname=mattermostdb --username=mattermost

Continue with #Setting up Mattermost.

Configuring Mattermost

Mattermost is configured in /etc/webapps/mattermost/config.json. Strings need to be quoted.

There are two settings you need to adapt to your database.

The DriverName setting: mysql for MySQL and postgres for PostgreSQL.

The DataSource:

  • For MySQL, set it to mmuser:mmuser_password@unix(/run/mysqld/mysqld.sock)/mattermostdb?charset=utf8mb4,utf8.
  • For PostgreSQL
    • TCP socket: postgres://mmuser:mmuser_password@127.0.0.1:5432/mattermostdb?sslmode=disable&connect_timeout=10
    • Unix socket: postgres:///mattermostdb?host=/run/postgresql ; make sure there are 3 slashes after postgres:, mattermostdb is the name of the database and /run/postgresql is the directory containing the Unix socket
Note: Be sure to replace mmuser_password with the password of the user.

Start/enable mattermost.service and open http://localhost:8065/.

Setting up Mattermost

1. Navigate to your Matterost install and create a team and user.

2. The first user in the system is automatically granted the system_admin role, which gives you access to the System Console.

3. From the town-square channel click the dropdown and choose the System Console option.

4. Update Notification > Email settings to setup an SMTP email service. The example below assumes AmazonSES.

  • Set Send Email Notifications to true
  • Set Require Email Verification to true
  • Set Feedback Name to No-Reply
  • Set Feedback Email to mattermost@example.com
  • Set SMTP Username to [YOUR_SMTP_USERNAME]
  • Set SMTP Password to [YOUR_SMTP_PASSWORD]
  • Set SMTP Server to email-smtp.us-east-1.amazonaws.com
  • Set SMTP Port to 465
  • Set Connection Security to TLS
  • Save the Settings

5. Update File > Storage settings by changing Local Directory Location from ./data/ to /mattermost/data.

6. Update General > Logging settings by setting Log to The Console to false.

7. Feel free to modify other settings.

8. Restart mattermost.service.

Useful tips

Valid HTTPS via reverse web-proxy

To securely access your Mattermost server from the Android and iOS apps, which do not support self-signed TLS certificates, you can setup a reverse web proxy.

The main benefits of a proxy are:

  • SSL termination
  • HTTP to HTTPS redirect
  • Port mapping 80 to 8065
  • Standard request logs

Proxying can be achieved with most web servers.

nginx

1. Install and run nginx, preferably nginx-mainline.

2. Point your domain name eg. mattermost.example.com to the server.

3. Configure nginx to proxy connections from the internet to the Mattermost Server. Create and edit the nginx configuration file /etc/nginx/sites-available/mattermost.

upstream backend {
    server 127.0.0.1:8065;
}

proxy_cache_path /var/cache/nginx levels=1:2 keys_zone=mattermost_cache:10m max_size=3g inactive=120m use_temp_path=off;

server {
    listen 80;
    server_name    mattermost.example.com;

    location ~ /api/v[0-9]+/(users/)?websocket$ {
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection "upgrade";
        client_max_body_size 50M;
        proxy_set_header Host $http_host;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header X-Forwarded-Proto $scheme;
        proxy_set_header X-Frame-Options SAMEORIGIN;
        proxy_buffers 256 16k;
        proxy_buffer_size 16k;
        proxy_read_timeout 600s;
        proxy_pass http://backend;
    }

    location / {
        client_max_body_size 50M;
        proxy_set_header Connection "";
        proxy_set_header Host $http_host;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header X-Forwarded-Proto $scheme;
        proxy_set_header X-Frame-Options SAMEORIGIN;
        proxy_buffers 256 16k;
        proxy_buffer_size 16k;
        proxy_read_timeout 600s;
        proxy_cache mattermost_cache;
        proxy_cache_revalidate on;
        proxy_cache_min_uses 2;
        proxy_cache_use_stale timeout;
        proxy_cache_lock on;
        proxy_pass http://backend;
    }
}

4. Enable the mattermost server:

# mkdir /etc/nginx/servers-enabled
# ln -s /etc/nginx/servers-available/mattermost /etc/nginx/server-enabled/mattermost

5. Restart nginx.service.

6. Verify you can access Mattermost through the proxy:

curl http://localhost/
You should see a page titled Mattermost.

7. Set up Let’s Encrypt.

Lighttpd2

A configuration sample for lighttpd2-gitAUR to act as a proxy for Mattermost, assuming you have a certificate at /etc/lighttpd2/certs/lighttpd2.pem.

See mod_vhost if you want to transfer the proxy into a virtual host.

/etc/lighttpd2/lighttpd.conf
setup {

    module_load [
        "mod_accesslog",
        "mod_proxy",
        "mod_openssl"
    ];

    openssl [
        "listen" => "0.0.0.0:443",
        "listen" => "[::]:443",
        "pemfile" => "/etc/lighttpd2/certs/lighttpd2.pem",
        "options" => ["ALL", "NO_TICKET"],
        "verify" => true,
        "verify-any" => true,
        "verify-depth" => 9
    ];

    listen "0.0.0.0:80";
    listen "[::]:80";

    log ["debug" => "", default => "/var/log/lighttpd2/error.log"];
    accesslog "/var/log/lighttpd2/access.log";
    accesslog.format "%h %V %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}\"";

    static.exlude_extensions [ ".php", ".pl", ".fcgi", "~", ".inc" ];

}

openssl.setenv "client-cert";
keepalive.timeout 360;

docroot "/srv/http";
index [ "index.php", "index.html", "index.htm" ];

include "/etc/lighttpd2/mimetypes.conf";

proxy "127.0.0.1:8065";

Testing translations and pull requests

You can use the unofficial script mattermost-prepare-pkgbuild to test languages and pull requests.