注意:

The Funtoo Linux project has transitioned to "Hobby Mode" and this wiki is now read-only.

Package:Mattermost Server Binary

From Funtoo
Revision as of 16:27, April 11, 2017 by Hencb (talk | contribs) (Added working openRC script and updated docs to reflect the change.)
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to navigation Jump to search

Mattermost Server Binary

   Tip

We welcome improvements to this page. To edit this page, Create a Funtoo account. Then log in and then click here to edit this page. See our editing guidelines to becoming a wiki-editing pro.

   Warning

The ebuild is currently not available. The article will directly use the binaries provided on the Mattermost website

Mattermost is a messaging client that offers persistent storage of messages and file sharing. It also allows integration of audio, video, images, gifs, code snippets into messages as well. It also allows audio and video calls through WebRTC. If IRC was raw text, Mattermost would be its rich text counterpart. Mattermost also works with all major operating systems and is also available as a mobile app and as a webpage. Mattermost can also bridge to IRC, which is a separate topic. We'll cover the basic configuration of Mattermost with MySQL, postfix, NGINX and SSL certificates obtained with Letsencrypt.

Prerequisites

Mattermost at the moment doesn't seem to support UNIX sockets. While configuring postfix (for user email verification) isn't required in preview mode, it's recommended if you're running Mattermost in production Please see http://www.funtoo.org/Package:Postfix on how to configure Postfix to use ports instead of UNIX sockets.

Please also see the article on NGINX on how to install it http://www.funtoo.org/Package:Nginx and see the article on how to install mysql http://www.funtoo.org/Package:MySQL

We'll assume Mattermost, Postfix, NGINX and MySQL are running on the same server. A separate guide on configuring Mattermost to run on multiple servers will be written at a certain point in the future. We'll assume the domain for Mattermost is chat.example.com, and we're installing Mattermost in /opt/mattermost.

We'll also assume you correctly obtained the SSL certificates for your website with Package:App-crypt/certbot and configured NGINX to use them.

Refer to the RHEL 6.6 guide to installing Mattermost. It'll be heavily referenced here. https://docs.mattermost.com/install/install-rhel-66.html

Installing Mattermost binaries

Let's get started. First, fetch the Mattermost binaries from the website and install them in /opt:

root # wget https://releases.mattermost.com/3.6.2/mattermost-3.6.2-linux-amd64.tar.gz
root # tar -xvf mattermost-3.6.2-linux-amd64.tar.gz -C /opt

Create the storage directory where all the files and images that are uploaded to Mattermost are stored. We'll use /var/mattermost/data as the data folder:

root # mkdir -p /var/mattermost/data

Edit the main configuration file to point to the right directory for storing files:

   /opt/mattermost/config/config.json - main configuration file file
"FileSettings": {
        "MaxFileSize": 52428800,
        "DriverName": "local",
        "Directory": "/var/mattermost/data/",
        "EnablePublicLink": false,


Create a system user and group called mattermost to run the service:

root # sudo useradd --system --user-group mattermost
root # sudo chown -R mattermost:mattermost /opt/mattermost
root # sudo chmod -R g+w /opt/mattermost
root # sudo chown -R mattermost:mattermost /var/mattermost/data
   Warning

Failing to set the correct permissions on the data folder will cause file uploads to fail, as well as forgetting to edit config.json to point to the right folder.

Create the init script:

   /etc/init.d/mattermost - openRC init script
#!/sbin/runscript

command=./platform
pidfile=/var/run/mattermost.pid

depend() {
    need net
    use logger dns
}

start(){
    ebegin "starting mattermost"
    cd /opt/mattermost/bin
    start-stop-daemon --start --quiet --background --exec $command -u mattermost --make-pidfile --pidfile $pidfile
    eend $?
}

stop(){
    ebegin "stopping mattermost"
    cd /opt/mattermost/bin
    start-stop-daemon --stop --quiet --exec $command --pidfile $pidfile
    eend $?
}

The openRC script needs to be enabled and started! This will be done after configuring MySQL and NGINX, and after editing main configuration file (/opt/mattermost/config/config.json).

Configuring MySQL

Login into MySQL:

root # mysql -u root -p

Run the following command to create the mysql user for mattermost:

mysql> create user 'mmuser'@'%' identified by 'mmuser-password';

the % means to listen on any ip address. This should be changed to a more secure default, like 127.0.0.1 for localhost (because we're running Mattermost on the same server as mysql, it's safe to change % to 127.0.0.1). Substitute the values for 'mmuser' and 'mmuser-password' with your own values.

Create the Mattermost database:

mysql> create database mattermost;

Grant all privileges on the mattermost database to the user 'mmuser':

mysql> grant all privileges on mattermost.* to 'mmuser'@'%';

Exit mysql:

mysql> quit;

Check what port mysql is listening on:

root # netstat -tlpn
tcp        0      0 127.0.0.1:3306          0.0.0.0:*               LISTEN      857/mysqld

Mysql is listening on port 3306. We'll need this information in the next step.

Now we need to configure the main configuration file to tell Mattermost to use MySQL and the created user and table.

   /opt/mattermost/config/config.json - main configuration file file
"SqlSettings": {
        "DriverName": "mysql",
        "DataSource": "mmuser:mmpassword@tcp(127.0.0.1:3306)/mattermost?charset=utf8mb4,utf8",

Save and exit the file. Test that Mattermost is working:

root # sudo -u mattermost ./platform

When the server starts, it will show some log information and the text:

root # Server is listening on :8065

You can also verify that mattermost is running with curl (which will display the HTML returned by Mattermost):

root # curl localhost:8065

You can stop the server by typing CTRL+C in the console. If you're only doing development with Mattermost, you can skip configuring NGINX as a proxy in the next step and immediately enable the mattermost init script:

root # rc-update add mattermost default
root # rc

Configuring NGINX

We will proxy the http content served by Mattermost to be served by NGINX over https. To do that, use the following configuration:

   /etc/nginx/sites-available/mattermost - NGINX mattermost file
server {
        listen 80;
        server_name		chat.example.com;
        return 301 https://$host$request_uri;
}

upstream backend {
	server 127.0.0.1:8065;
}

proxy_cache_path /var/cache/nginx levels=1:2 keys_zone=mattermost_cache:10m max_size=3g inactive=120m use_temp_path=off;

server {

        # SSL configuration
        listen 443 ssl http2;
        listen [::]:443 ssl http2;

        root /var/www/example.com/chat;
        index index.html index.htm;
        server_name chat.example.com;

        ssl_certificate /etc/letsencrypt/live/chat.example.com/fullchain.pem;
        ssl_certificate_key /etc/letsencrypt/live/chat/example.com/privkey.pem;
        ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
        ssl_prefer_server_ciphers on;
        ssl_dhparam /etc/ssl/certs/dhparam.pem;

        ssl_ciphers EECDH+CHACHA22:EECDH+AES128:RSA+AES128:EECDH+AES256:RSA+AES256:EECDH+3DES:RSA+3DES:!MD5;
        ssl_session_timeout 1h;
        ssl_session_cache shared:SSL:50m;
        ssl_stapling on;
        ssl_stapling_verify on;
        #optional, be very careful about this setting! HSTS can render your website inaccessible
       #add_header Strict-Transport-Security "max-age=15768000; includeSubDomains; preload";

		location /api/v3/users/websocket {
			proxy_set_header Upgrade $http_upgrade;
			proxy_set_header Connection "upgrade";
			client_max_body_size 50M;
			proxy_set_header Host $http_host;
			proxy_set_header X-Real-IP $remote_addr;
			proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
			proxy_set_header X-Forwarded-Proto $scheme;
			proxy_set_header X-Frame-Options SAMEORIGIN;
			proxy_buffers 256 16k;
			proxy_buffer_size 16k;
			proxy_read_timeout 600s;
			proxy_pass http://backend;
		}

		location / {
			client_max_body_size 50M;
			proxy_set_header Connection "";
			proxy_set_header Host $http_host;
			proxy_set_header X-Real-IP $remote_addr;
			proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
			proxy_set_header X-Forwarded-Proto $scheme;
			proxy_set_header X-Frame-Options SAMEORIGIN;
			proxy_buffers 256 16k;
			proxy_buffer_size 16k;
			proxy_read_timeout 600s;
			proxy_cache mattermost_cache;
			proxy_cache_revalidate on;
			proxy_cache_min_uses 2;
			proxy_cache_use_stale timeout;
			proxy_cache_lock on;
			proxy_pass http://backend;
		}
		location ~ /.well-known {
                allow all;
        }
}

You can remove the http2 part in the listen directive if you don't want to use http2 to serve content or if you haven't compiled NGINX with http2 support.

Link the above configuration to the sites-enabled folder of nginx for the configuration to become active:

root # ln -s /etc/nginx/sites-available/mattermost /etc/nginx/sites-enabled/mattermost
   Warning

Make sure you're using absolute paths if you're unfamiliar with symlinks. Relative paths can result in broken symlinks. E.g. ln -s sites-available/mattermost ../sites-enabled/mattermost will result in a broken symlink. The correct way to do is from the sites-enabled folder: ln -s ../sites-available/mattermost . Broken symlinks show up red in most terminals, real symlinks are usually cyan.

Test that the configuration is correct:

root # nginx -t

Resolve any errors that might arise. Make sure you started nginx:

root # service nginx start

And then reload the nginx configuration:

root # service nginx reload

Start Mattermost:

root # rc-update add mattermost default
root # rc

Mattermost should now be available on chat.example.com.

Finishing the install

The first user to register is granted system administrator privileges and access to the System Console. Create a new team and register as the first user. If everything went fine, you'll be running in Preview mode. To disable preview mode, you will need to enable email support.

You will want to access the System Console by clicking on the ... (three dots) icon near the top left corner. Go to System Console > Notifications > Email and set the following values(for postfix):

Set Enable Email Notifications to true
        Set Notification Display Name to No-Reply
        Set Notification From Address to mattermost@example.com
        Set SMTP Server Username to (empty)
        Set SMTP Server Password to (empty)
        Set SMTP Server to localhost
        Set SMTP Server Port to 25
        Set Connection Security to None

Save the Settings and send yourself a test email. If you receive the email, you have correctly configured postfix to send Mattermost emails. They're important for email verification and password recovery, so be sure to configure it properly before going live!

Hopefully you've correctly configured Mattermost with this guide. Happy chatting! If you get stuck with the install, please consider the options available listed under http://www.funtoo.org/Getting_help