The Funtoo Linux project has transitioned to "Hobby Mode" and this wiki is now read-only.
Difference between revisions of "Package:Mattermost Server Binary"
m |
(Added working openRC script and updated docs to reflect the change.) |
||
(One intermediate revision by one other user not shown) | |||
Line 57: | Line 57: | ||
{{warning|Failing to set the correct permissions on the data folder will cause file uploads to fail, as well as forgetting to edit config.json to point to the right folder.}} | {{warning|Failing to set the correct permissions on the data folder will cause file uploads to fail, as well as forgetting to edit config.json to point to the right folder.}} | ||
{{ | Create the init script: | ||
{{file|name=/etc/init.d/mattermost|desc=openRC init script|body= | |||
#!/sbin/runscript | |||
command=./platform | |||
pidfile=/var/run/mattermost.pid | |||
depend() { | |||
cd /opt/mattermost/bin | need net | ||
start-stop-daemon --start --background --exec | use logger dns | ||
} | |||
make | |||
start(){ | |||
ebegin "starting mattermost" | |||
cd /opt/mattermost/bin | |||
start-stop-daemon --start --quiet --background --exec $command -u mattermost --make-pidfile --pidfile $pidfile | |||
eend $? | |||
} | |||
stop(){ | |||
ebegin "stopping mattermost" | |||
cd /opt/mattermost/bin | |||
start-stop-daemon --stop --quiet --exec $command --pidfile $pidfile | |||
cd /opt/mattermost/bin | eend $? | ||
start-stop-daemon --stop --exec | } | ||
}} | }} | ||
The openRC script needs to be enabled and started! This will be done after configuring MySQL and NGINX, | |||
and after editing main configuration file (/opt/mattermost/config/config.json). | |||
==Configuring MySQL== | ==Configuring MySQL== | ||
Line 100: | Line 97: | ||
}} | }} | ||
the % means to listen on any ip address. This should be changed to a more secure default, like | the % means to listen on any ip address. This should be changed to a more secure default, like | ||
127.0.0.1 for localhost. | 127.0.0.1 for localhost (because we're running Mattermost on the same server as mysql, it's safe | ||
to change % to 127.0.0.1). | |||
Substitute the values for 'mmuser' and 'mmuser-password' with your own values. | Substitute the values for 'mmuser' and 'mmuser-password' with your own values. | ||
Line 137: | Line 135: | ||
###i## sudo -u mattermost ./platform | ###i## sudo -u mattermost ./platform | ||
}} | }} | ||
When the server starts, it will show some log information and the text: | |||
{{console|body= | |||
###i## Server is listening on :8065 | |||
}} | |||
You can also verify that mattermost is running with curl (which will display the HTML returned by Mattermost): | |||
{{console|body= | |||
###i## curl localhost:8065 | |||
}} | |||
You can stop the server by typing CTRL+C in the console. If you're only doing development with Mattermost, | |||
you can skip configuring NGINX as a proxy in the next step and immediately enable the mattermost init script: | |||
{{console|body= | |||
###i## rc-update add mattermost default | |||
###i## rc | |||
}} | |||
==Configuring NGINX== | |||
We will proxy the http content served by Mattermost to be served by NGINX over https. To do that, use | |||
the following configuration: | |||
{{file|name=/etc/nginx/sites-available/mattermost|desc=NGINX mattermost file|body= | |||
server { | |||
listen 80; | |||
server_name chat.example.com; | |||
return 301 https://$host$request_uri; | |||
} | |||
upstream backend { | |||
server 127.0.0.1:8065; | |||
} | |||
proxy_cache_path /var/cache/nginx levels=1:2 keys_zone=mattermost_cache:10m max_size=3g inactive=120m use_temp_path=off; | |||
server { | |||
# SSL configuration | |||
listen 443 ssl http2; | |||
listen [::]:443 ssl http2; | |||
root /var/www/example.com/chat; | |||
index index.html index.htm; | |||
server_name chat.example.com; | |||
ssl_certificate /etc/letsencrypt/live/chat.example.com/fullchain.pem; | |||
ssl_certificate_key /etc/letsencrypt/live/chat/example.com/privkey.pem; | |||
ssl_protocols TLSv1 TLSv1.1 TLSv1.2; | |||
ssl_prefer_server_ciphers on; | |||
ssl_dhparam /etc/ssl/certs/dhparam.pem; | |||
ssl_ciphers EECDH+CHACHA22:EECDH+AES128:RSA+AES128:EECDH+AES256:RSA+AES256:EECDH+3DES:RSA+3DES:!MD5; | |||
ssl_session_timeout 1h; | |||
ssl_session_cache shared:SSL:50m; | |||
ssl_stapling on; | |||
ssl_stapling_verify on; | |||
#optional, be very careful about this setting! HSTS can render your website inaccessible | |||
#add_header Strict-Transport-Security "max-age=15768000; includeSubDomains; preload"; | |||
location /api/v3/users/websocket { | |||
proxy_set_header Upgrade $http_upgrade; | |||
proxy_set_header Connection "upgrade"; | |||
client_max_body_size 50M; | |||
proxy_set_header Host $http_host; | |||
proxy_set_header X-Real-IP $remote_addr; | |||
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; | |||
proxy_set_header X-Forwarded-Proto $scheme; | |||
proxy_set_header X-Frame-Options SAMEORIGIN; | |||
proxy_buffers 256 16k; | |||
proxy_buffer_size 16k; | |||
proxy_read_timeout 600s; | |||
proxy_pass http://backend; | |||
} | |||
location / { | |||
client_max_body_size 50M; | |||
proxy_set_header Connection ""; | |||
proxy_set_header Host $http_host; | |||
proxy_set_header X-Real-IP $remote_addr; | |||
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; | |||
proxy_set_header X-Forwarded-Proto $scheme; | |||
proxy_set_header X-Frame-Options SAMEORIGIN; | |||
proxy_buffers 256 16k; | |||
proxy_buffer_size 16k; | |||
proxy_read_timeout 600s; | |||
proxy_cache mattermost_cache; | |||
proxy_cache_revalidate on; | |||
proxy_cache_min_uses 2; | |||
proxy_cache_use_stale timeout; | |||
proxy_cache_lock on; | |||
proxy_pass http://backend; | |||
} | |||
location ~ /.well-known { | |||
allow all; | |||
} | |||
} | |||
}} | |||
You can remove the http2 part in the listen directive if you don't want to use http2 to serve content or if you haven't compiled NGINX with http2 support. | |||
Link the above configuration to the sites-enabled folder of nginx for the configuration to become active: | |||
{{console|body= | |||
###i## ln -s /etc/nginx/sites-available/mattermost /etc/nginx/sites-enabled/mattermost | |||
}} | |||
{{warning|Make sure you're using absolute paths if you're unfamiliar with symlinks. Relative paths can result in broken symlinks. E.g. ln -s sites-available/mattermost ../sites-enabled/mattermost will result in a broken symlink. The correct way to do is from the sites-enabled folder: ln -s ../sites-available/mattermost . Broken symlinks show up red in most terminals, real symlinks are usually cyan.}} | |||
Test that the configuration is correct: | |||
{{console|body= | |||
###i## nginx -t | |||
}} | |||
Resolve any errors that might arise. | |||
Make sure you started nginx: | |||
{{console|body= | |||
###i## service nginx start | |||
}} | |||
And then reload the nginx configuration: | |||
{{console|body= | |||
###i## service nginx reload | |||
}} | |||
Start Mattermost: | |||
{{console|body= | |||
###i## rc-update add mattermost default | |||
###i## rc | |||
}} | |||
Mattermost should now be available on chat.example.com. | |||
==Finishing the install== | |||
The first user to register is granted system administrator privileges and access to the System Console. | |||
Create a new team and register as the first user. | |||
If everything went fine, you'll be running in Preview mode. To disable preview mode, you will need to enable email support. | |||
You will want to access the System Console by clicking on the ... (three dots) icon near the top left corner. | |||
Go to System Console > Notifications > Email and set the following values(for postfix): | |||
{{console|body= | |||
Set Enable Email Notifications to true | |||
Set Notification Display Name to No-Reply | |||
Set Notification From Address to mattermost@example.com | |||
Set SMTP Server Username to (empty) | |||
Set SMTP Server Password to (empty) | |||
Set SMTP Server to localhost | |||
Set SMTP Server Port to 25 | |||
Set Connection Security to None | |||
}} | |||
Save the Settings and send yourself a test email. If you receive the email, you have correctly configured postfix to send Mattermost emails. They're important for email verification and password recovery, so be sure to configure it properly before going live! | |||
Hopefully you've correctly configured Mattermost with this guide. Happy chatting! | |||
If you get stuck with the install, please consider the options available listed under http://www.funtoo.org/Getting_help | |||
{{EbuildFooter}} | {{EbuildFooter}} |
Latest revision as of 16:27, April 11, 2017
Mattermost Server Binary
We welcome improvements to this page. To edit this page, Create a Funtoo account. Then log in and then click here to edit this page. See our editing guidelines to becoming a wiki-editing pro.
The ebuild is currently not available. The article will directly use the binaries provided on the Mattermost website
Mattermost is a messaging client that offers persistent storage of messages and file sharing. It also allows integration of audio, video, images, gifs, code snippets into messages as well. It also allows audio and video calls through WebRTC. If IRC was raw text, Mattermost would be its rich text counterpart. Mattermost also works with all major operating systems and is also available as a mobile app and as a webpage. Mattermost can also bridge to IRC, which is a separate topic. We'll cover the basic configuration of Mattermost with MySQL, postfix, NGINX and SSL certificates obtained with Letsencrypt.
Prerequisites
Mattermost at the moment doesn't seem to support UNIX sockets. While configuring postfix (for user email verification) isn't required in preview mode, it's recommended if you're running Mattermost in production Please see http://www.funtoo.org/Package:Postfix on how to configure Postfix to use ports instead of UNIX sockets.
Please also see the article on NGINX on how to install it http://www.funtoo.org/Package:Nginx and see the article on how to install mysql http://www.funtoo.org/Package:MySQL
We'll assume Mattermost, Postfix, NGINX and MySQL are running on the same server. A separate guide on configuring Mattermost to run on multiple servers will be written at a certain point in the future. We'll assume the domain for Mattermost is chat.example.com, and we're installing Mattermost in /opt/mattermost.
We'll also assume you correctly obtained the SSL certificates for your website with Package:App-crypt/certbot and configured NGINX to use them.
Refer to the RHEL 6.6 guide to installing Mattermost. It'll be heavily referenced here. https://docs.mattermost.com/install/install-rhel-66.html
Installing Mattermost binaries
Let's get started. First, fetch the Mattermost binaries from the website and install them in /opt:
root # wget https://releases.mattermost.com/3.6.2/mattermost-3.6.2-linux-amd64.tar.gz
root # tar -xvf mattermost-3.6.2-linux-amd64.tar.gz -C /opt
Create the storage directory where all the files and images that are uploaded to Mattermost are stored. We'll use /var/mattermost/data as the data folder:
root # mkdir -p /var/mattermost/data
Edit the main configuration file to point to the right directory for storing files:
/opt/mattermost/config/config.json
- main configuration file file"FileSettings": {
"MaxFileSize": 52428800,
"DriverName": "local",
"Directory": "/var/mattermost/data/",
"EnablePublicLink": false,
Create a system user and group called mattermost to run the service:
root # sudo useradd --system --user-group mattermost root # sudo chown -R mattermost:mattermost /opt/mattermost root # sudo chmod -R g+w /opt/mattermost root # sudo chown -R mattermost:mattermost /var/mattermost/data
Failing to set the correct permissions on the data folder will cause file uploads to fail, as well as forgetting to edit config.json to point to the right folder.
Create the init script:
/etc/init.d/mattermost
- openRC init script#!/sbin/runscript
command=./platform
pidfile=/var/run/mattermost.pid
depend() {
need net
use logger dns
}
start(){
ebegin "starting mattermost"
cd /opt/mattermost/bin
start-stop-daemon --start --quiet --background --exec $command -u mattermost --make-pidfile --pidfile $pidfile
eend $?
}
stop(){
ebegin "stopping mattermost"
cd /opt/mattermost/bin
start-stop-daemon --stop --quiet --exec $command --pidfile $pidfile
eend $?
}
The openRC script needs to be enabled and started! This will be done after configuring MySQL and NGINX, and after editing main configuration file (/opt/mattermost/config/config.json).
Configuring MySQL
Login into MySQL:
root # mysql -u root -p
Run the following command to create the mysql user for mattermost:
mysql> create user 'mmuser'@'%' identified by 'mmuser-password';
the % means to listen on any ip address. This should be changed to a more secure default, like 127.0.0.1 for localhost (because we're running Mattermost on the same server as mysql, it's safe to change % to 127.0.0.1). Substitute the values for 'mmuser' and 'mmuser-password' with your own values.
Create the Mattermost database:
mysql> create database mattermost;
Grant all privileges on the mattermost database to the user 'mmuser':
mysql> grant all privileges on mattermost.* to 'mmuser'@'%';
Exit mysql:
mysql> quit;
Check what port mysql is listening on:
root # netstat -tlpn
tcp 0 0 127.0.0.1:3306 0.0.0.0:* LISTEN 857/mysqld
Mysql is listening on port 3306. We'll need this information in the next step.
Now we need to configure the main configuration file to tell Mattermost to use MySQL and the created user and table.
/opt/mattermost/config/config.json
- main configuration file file"SqlSettings": {
"DriverName": "mysql",
"DataSource": "mmuser:mmpassword@tcp(127.0.0.1:3306)/mattermost?charset=utf8mb4,utf8",
Save and exit the file. Test that Mattermost is working:
root # sudo -u mattermost ./platform
When the server starts, it will show some log information and the text:
root # Server is listening on :8065
You can also verify that mattermost is running with curl (which will display the HTML returned by Mattermost):
root # curl localhost:8065
You can stop the server by typing CTRL+C in the console. If you're only doing development with Mattermost, you can skip configuring NGINX as a proxy in the next step and immediately enable the mattermost init script:
root # rc-update add mattermost default root # rc
Configuring NGINX
We will proxy the http content served by Mattermost to be served by NGINX over https. To do that, use the following configuration:
/etc/nginx/sites-available/mattermost
- NGINX mattermost fileserver {
listen 80;
server_name chat.example.com;
return 301 https://$host$request_uri;
}
upstream backend {
server 127.0.0.1:8065;
}
proxy_cache_path /var/cache/nginx levels=1:2 keys_zone=mattermost_cache:10m max_size=3g inactive=120m use_temp_path=off;
server {
# SSL configuration
listen 443 ssl http2;
listen [::]:443 ssl http2;
root /var/www/example.com/chat;
index index.html index.htm;
server_name chat.example.com;
ssl_certificate /etc/letsencrypt/live/chat.example.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/chat/example.com/privkey.pem;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_prefer_server_ciphers on;
ssl_dhparam /etc/ssl/certs/dhparam.pem;
ssl_ciphers EECDH+CHACHA22:EECDH+AES128:RSA+AES128:EECDH+AES256:RSA+AES256:EECDH+3DES:RSA+3DES:!MD5;
ssl_session_timeout 1h;
ssl_session_cache shared:SSL:50m;
ssl_stapling on;
ssl_stapling_verify on;
#optional, be very careful about this setting! HSTS can render your website inaccessible
#add_header Strict-Transport-Security "max-age=15768000; includeSubDomains; preload";
location /api/v3/users/websocket {
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
client_max_body_size 50M;
proxy_set_header Host $http_host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Frame-Options SAMEORIGIN;
proxy_buffers 256 16k;
proxy_buffer_size 16k;
proxy_read_timeout 600s;
proxy_pass http://backend;
}
location / {
client_max_body_size 50M;
proxy_set_header Connection "";
proxy_set_header Host $http_host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Frame-Options SAMEORIGIN;
proxy_buffers 256 16k;
proxy_buffer_size 16k;
proxy_read_timeout 600s;
proxy_cache mattermost_cache;
proxy_cache_revalidate on;
proxy_cache_min_uses 2;
proxy_cache_use_stale timeout;
proxy_cache_lock on;
proxy_pass http://backend;
}
location ~ /.well-known {
allow all;
}
}
You can remove the http2 part in the listen directive if you don't want to use http2 to serve content or if you haven't compiled NGINX with http2 support.
Link the above configuration to the sites-enabled folder of nginx for the configuration to become active:
root # ln -s /etc/nginx/sites-available/mattermost /etc/nginx/sites-enabled/mattermost
Make sure you're using absolute paths if you're unfamiliar with symlinks. Relative paths can result in broken symlinks. E.g. ln -s sites-available/mattermost ../sites-enabled/mattermost will result in a broken symlink. The correct way to do is from the sites-enabled folder: ln -s ../sites-available/mattermost . Broken symlinks show up red in most terminals, real symlinks are usually cyan.
Test that the configuration is correct:
root # nginx -t
Resolve any errors that might arise. Make sure you started nginx:
root # service nginx start
And then reload the nginx configuration:
root # service nginx reload
Start Mattermost:
root # rc-update add mattermost default root # rc
Mattermost should now be available on chat.example.com.
Finishing the install
The first user to register is granted system administrator privileges and access to the System Console. Create a new team and register as the first user. If everything went fine, you'll be running in Preview mode. To disable preview mode, you will need to enable email support.
You will want to access the System Console by clicking on the ... (three dots) icon near the top left corner. Go to System Console > Notifications > Email and set the following values(for postfix):
Set Enable Email Notifications to true Set Notification Display Name to No-Reply Set Notification From Address to mattermost@example.com Set SMTP Server Username to (empty) Set SMTP Server Password to (empty) Set SMTP Server to localhost Set SMTP Server Port to 25 Set Connection Security to None
Save the Settings and send yourself a test email. If you receive the email, you have correctly configured postfix to send Mattermost emails. They're important for email verification and password recovery, so be sure to configure it properly before going live!
Hopefully you've correctly configured Mattermost with this guide. Happy chatting! If you get stuck with the install, please consider the options available listed under http://www.funtoo.org/Getting_help