The Funtoo Linux project has transitioned to "Hobby Mode" and this wiki is now read-only.
Package:Mattermost Server Binary
Mattermost Server Binary
We welcome improvements to this page. To edit this page, Create a Funtoo account. Then log in and then click here to edit this page. See our editing guidelines to becoming a wiki-editing pro.
The ebuild is currently not available. The article will directly use the binaries provided on the Mattermost website
Mattermost is a messaging client that offers persistent storage of messages and file sharing. It also allows integration of audio, video, images, gifs, code snippets into messages as well. It also allows audio and video calls through WebRTC. If IRC was raw text, Mattermost would be its rich text counterpart. Mattermost also works with all major operating systems and is also available as a mobile app and as a webpage. Mattermost can also bridge to IRC, which is a separate topic. We'll cover the basic configuration of Mattermost with MySQL, postfix, NGINX and SSL certificates obtained with Letsencrypt.
Prerequisites
Mattermost at the moment doesn't seem to support UNIX sockets. While configuring postfix (for user email verification) isn't required in preview mode, it's recommended if you're running Mattermost in production Please see http://www.funtoo.org/Package:Postfix on how to configure Postfix to use ports instead of UNIX sockets.
Please also see the article on NGINX on how to install it http://www.funtoo.org/Package:Nginx and see the article on how to install mysql http://www.funtoo.org/Package:MySQL
We'll assume Mattermost, Postfix, NGINX and MySQL are running on the same server. A separate guide on configuring Mattermost to run on multiple servers will be written at a certain point in the future. We'll assume the domain for Mattermost is chat.example.com, and we're installing Mattermost in /opt/mattermost.
We'll also assume you correctly obtained the SSL certificates for your website with Package:App-crypt/certbot and configured NGINX to use them.
Refer to the RHEL 6.6 guide to installing Mattermost. It'll be heavily referenced here. https://docs.mattermost.com/install/install-rhel-66.html
Installing Mattermost binaries
Let's get started. First, fetch the Mattermost binaries from the website and install them in /opt:
root # wget https://releases.mattermost.com/3.6.2/mattermost-3.6.2-linux-amd64.tar.gz
root # tar -xvf mattermost-3.6.2-linux-amd64.tar.gz -C /opt
Create the storage directory where all the files and images that are uploaded to Mattermost are stored. We'll use /var/mattermost/data as the data folder:
root # mkdir -p /var/mattermost/data
Edit the main configuration file to point to the right directory for storing files:
/opt/mattermost/config/config.json
- main configuration file file"FileSettings": {
"MaxFileSize": 52428800,
"DriverName": "local",
"Directory": "/var/mattermost/data/",
"EnablePublicLink": false,
Create a system user and group called mattermost to run the service:
root # sudo useradd --system --user-group mattermost root # sudo chown -R mattermost:mattermost /opt/mattermost root # sudo chmod -R g+w /opt/mattermost root # sudo chown -R mattermost:mattermost /var/mattermost/data
Failing to set the correct permissions on the data folder will cause file uploads to fail, as well as forgetting to edit config.json to point to the right folder.
Mattermost currently exhibits strange behavior when launched through an init script. We'll use simple shell scripts with the start-stop-daemon command to emulate openRC.
Create the start script:
/usr/sbin/start-mattermost
- start script file#!/bin/sh
echo "starting mattermost"
cd /opt/mattermost/bin/
start-stop-daemon --start --background --exec ./platform -u mattermost
make sure to make the scripts executable:
root # chmod +x /usr/sbin/start-mattermost
Create the stop script:
/usr/sbin/start-mattermost
- stop script file#!/bin/sh
echo "stopping mattermost"
cd /opt/mattermost/bin/
start-stop-daemon --stop --exec ./platform -u mattermost
make sure to make the scripts executable:
root # chmod +x /usr/sbin/stop-mattermost
These scripts have the disadvantage of mattermost being listed as "platform" in programs like top and htop. You can rename the binary /opt/mattermost/bin/platfrom to /opt/mattermost/bin/mattermost . Make sure to rename ./platform to ./mattermost in the above script.
Mattermost is now correctly installed. The only file that still requires editing is /opt/mattermost/config/config.json, which is the main configuration file.
Configuring MySQL
Login into MySQL:
root # mysql -u root -p
Run the following command to create the mysql user for mattermost:
mysql> create user 'mmuser'@'%' identified by 'mmuser-password';
the % means to listen on any ip address. This should be changed to a more secure default, like 127.0.0.1 for localhost. Substitute the values for 'mmuser' and 'mmuser-password' with your own values.
Create the Mattermost database:
mysql> create database mattermost;
Grant all privileges on the mattermost database to the user 'mmuser':
mysql> grant all privileges on mattermost.* to 'mmuser'@'%';
Exit mysql:
mysql> quit;
Check what port mysql is listening on:
root # netstat -tlpn
tcp 0 0 127.0.0.1:3306 0.0.0.0:* LISTEN 857/mysqld
Mysql is listening on port 3306. We'll need this information in the next step.
Now we need to configure the main configuration file to tell Mattermost to use MySQL and the created user and table.
/opt/mattermost/config/config.json
- main configuration file file"SqlSettings": {
"DriverName": "mysql",
"DataSource": "mmuser:mmpassword@tcp(127.0.0.1:3306)/mattermost?charset=utf8mb4,utf8",
Save and exit the file. Test that Mattermost is working:
root # sudo -u mattermost ./platform
When the server starts, it will show some log information and the text:
root # Server is listening on :8065
You can also verify that mattermost is running with curl:
root # Server is listening on :8065
You should see the HTML that’s returned by the Mattermost server.
You can stop the server by typing CTRL+C in the console.
Configuring NGINX
We will proxy the http content served by Mattermost to be served by NGINX over https. To do that, use the following configuration:
/etc/nginx/sites-available/mattermost
- NGINX mattermost fileserver {
listen 80;
server_name chat.example.com;
return 301 https://$host$request_uri;
}
upstream backend {
server 127.0.0.1:8065;
}
proxy_cache_path /var/cache/nginx levels=1:2 keys_zone=mattermost_cache:10m max_size=3g inactive=120m use_temp_path=off;
server {
# SSL configuration
listen 443 ssl http2;
listen [::]:443 ssl http2;
root /var/www/example.com/chat;
index index.html index.htm;
server_name chat.example.com;
ssl_certificate /etc/letsencrypt/live/chat.example.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/chat/example.com/privkey.pem;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_prefer_server_ciphers on;
ssl_dhparam /etc/ssl/certs/dhparam.pem;
ssl_ciphers EECDH+CHACHA22:EECDH+AES128:RSA+AES128:EECDH+AES256:RSA+AES256:EECDH+3DES:RSA+3DES:!MD5;
ssl_session_timeout 1h;
ssl_session_cache shared:SSL:50m;
ssl_stapling on;
ssl_stapling_verify on;
#optional, be very careful about this setting! HSTS can render your website inaccessible
#add_header Strict-Transport-Security "max-age=15768000; includeSubDomains; preload";
location /api/v3/users/websocket {
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
client_max_body_size 50M;
proxy_set_header Host $http_host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Frame-Options SAMEORIGIN;
proxy_buffers 256 16k;
proxy_buffer_size 16k;
proxy_read_timeout 600s;
proxy_pass http://backend;
}
location / {
client_max_body_size 50M;
proxy_set_header Connection "";
proxy_set_header Host $http_host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Frame-Options SAMEORIGIN;
proxy_buffers 256 16k;
proxy_buffer_size 16k;
proxy_read_timeout 600s;
proxy_cache mattermost_cache;
proxy_cache_revalidate on;
proxy_cache_min_uses 2;
proxy_cache_use_stale timeout;
proxy_cache_lock on;
proxy_pass http://backend;
}
location ~ /.well-known {
allow all;
}
}
You can remove the http2 part in the listen directive if you don't want to use http2 to serve content or if you haven't compiled NGINX with http2 support.
Link the above configuration to the sites-enabled folder of nginx for the configuration to become active:
root # ln -s /etc/nginx/sites-available/mattermost /etc/nginx/sites-enabled/mattermost
Make sure you're using absolute paths if you're unfamiliar with symlinks. Relative paths can result in broken symlinks. E.g. ln -s sites-available/mattermost ../sites-enabled/mattermost will result in a broken symlink. The correct way to do is from the sites-enabled folder: ln -s ../sites-available/mattermost . Broken symlinks show up red in most terminals, real symlinks are usually cyan.
Test that the configuration is correct:
root # nginx -t
Resolve any errors that might arise. Make sure you started nginx:
root # service nginx start
And then reload the nginx configuration:
root # service nginx reload
Start Mattermost:
root # /usr/sbin/mattermost-start
Mattermost should now be available on chat.example.com.
Finishing the install
The first user to register is granted system administrator privileges and access to the System Console. Create a new team and register as the first user. If everything went fine, you'll be running in Preview mode. To disable preview mode, you will need to enable email support.
You will want to access the System Console by clicking on the ... (three dots) icon near the top left corner. Go to System Console > Notifications > Email and set the following values(for postfix):
Set Enable Email Notifications to true Set Notification Display Name to No-Reply Set Notification From Address to mattermost@example.com Set SMTP Server Username to (empty) Set SMTP Server Password to (empty) Set SMTP Server to localhost Set SMTP Server Port to 25 Set Connection Security to None
Save the Settings and send yourself a test email. If you receive the email, you have correctly configured postfix to send Mattermost emails. They're important for email verification and password recovery, so be sure to configure it properly before going live!
Hopefully you've correctly configured Mattermost with this guide. Happy chatting! If you get stuck with the install, please consider the options available listed under http://www.funtoo.org/Getting_help