Présentation d'installation d'un serveur Mattermost sur debian 9.
Dans cette présentation, nous allons configurer un site https://equipe.sleto.net.
Nous utiliserons les variables DBNAME, DBUSER et DBPASSWD respectivement pour le nom, l'utilisateur et le mot de passe de base de données.
Utilise un Serveur web sécurisé (Nginx / Let's Encrypt).
Nécessite également les outils :
sudo apt-get install -y postgresql postgresql-contrib supervisor git
Vous devrez également ajouter le domaine equipe.sleto.net dans le Serveur DNS (bind9)
Nous allons créé une base de donnée PostgreSQL:
sudo -u postgres psql -c "CREATE USER $DBUSER;" sudo -u postgres psql -c "ALTER USER $DBUSER PASSWORD '$DBPASSWD';" sudo -u postgres psql -c "CREATE DATABASE $DBNAME OWNER $DBUSER;"
Création d'un utilisateur mattermost:
adduser --system --home /opt/mattermost --shell /bin/bash --disabled-password --quiet mattermost install -d -m 755 -o $DBUSER /opt/mattermost adduser mattermost www-data
Pour installer l'outil:
rm -rf /opt/mattermost cd /tmp curl https://releases.mattermost.com/7.5.1/mattermost-7.5.1-linux-amd64.tar.gz -o mattermost.tar.gz tar -xvzf mattermost.tar.gz mv mattermost /opt rm mattermost.tar.gz mkdir /opt/mattermost/data chown -R mattermost:www-data /opt/mattermost chmod -R g+w /opt/mattermost
Configuration:
Modifier, dans le fichier /opt/mattermost/config/config.json , les champs suivants:
{ "SqlSettings": { "DriverName": "postgre", "DataSource": "postgres://<DBUSER>:<DBPASSWD>@127.0.0.1:5432/<DBNAME>?sslmode=disable&connect_timeout=10" }, "ServiceSettings": { "SiteURL": "https://equipe.sleto.net", "ListenAddress": ":", "EnableLocalMode": true }, "TeamSettings": { "SiteName": "Équipe", "CustomDescriptionText": "Communication d'équipe par Sleto via Mattermost", "EnableCustomBrand": true, "CustomBrandText": "Cet outil est un service de messagerie instantanée libre, sécurisée et collaborative, proposé par Sleto.", "MaxChannelsPerTeam": 100, "MaxUsersPerTeam": 30, "EnableUserCreation": false }, "SupportSettings": { "SupportEmail": "<email>", "TermsOfServiceLink": "https://www.sleto.net/mentions-legales", "PrivacyPolicyLink": "https://www.sleto.net/mentions-legales", "AboutLink": "https://www.sleto.net/equipe" }, "PasswordSettings": { "MinimumLength": 6, "Number": false }, "PluginSettings": { "Enable": false }, "LocalizationSettings": { "AvailableLocales": "fr,en", "DefaultClientLocale": "fr", "DefaultServerLocale": "fr" }, "EmailSettings": { "SMTPServer": "localhost", "SMTPPort": "25", "SMTPUsername": "", "SMTPPassword": "" } }
Créer le fichier de gestion de service /etc/systemd/system/mattermost.service:
[Unit] Description=Mattermost After=network.target After=postgresql.service Requires=postgresql.service [Service] Type=notify ExecStart=/opt/mattermost/bin/mattermost TimeoutStartSec=3600 Restart=always RestartSec=10 WorkingDirectory=/opt/mattermost User=mattermost Group=www-data LimitNOFILE=49152 [Install] WantedBy=postgresql.service
Et l'instruction:
systemctl daemon-reload systemctl start mattermost.service systemctl enable mattermost.service
Créer un fichier /opt/etherpad/nginx-equipe:
upstream mmbackend { server 127.0.0.1:8065; keepalive 32; } proxy_cache_path /var/cache/nginx levels=1:2 keys_zone=mattermost_cache:10m max_size=3g inactive=120m use_temp_path=off; server { listen 80; server_name equipe.sleto.net; return 301 https://$host$request_uri; } server { listen 443 ssl; server_name equipe.sleto.net; access_log /var/log/nginx/equipe.sleto.net.access.log; error_log /var/log/nginx/equipe.sleto.net.error.log; include /opt/ssl/equipe.sleto.net.conf; location ~ /api/v[0-9]+/(users/)?websocket$ { proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection \"upgrade\"; client_max_body_size 50M; proxy_set_header Host $http_host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto $scheme; proxy_set_header X-Frame-Options SAMEORIGIN; proxy_buffers 256 16k; proxy_buffer_size 16k; client_body_timeout 60; send_timeout 300; lingering_timeout 5; proxy_connect_timeout 90; proxy_send_timeout 300; proxy_read_timeout 90s; proxy_pass http://mmbackend; } location / { client_max_body_size 50M; proxy_set_header Connection \"\"; proxy_set_header Host $http_host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto $scheme; proxy_set_header X-Frame-Options SAMEORIGIN; proxy_buffers 256 16k; proxy_buffer_size 16k; proxy_read_timeout 600s; proxy_cache mattermost_cache; proxy_cache_revalidate on; proxy_cache_min_uses 2; proxy_cache_use_stale timeout; proxy_cache_lock on; proxy_http_version 1.1; proxy_pass http://mmbackend; } }
Notons que /opt/ssl/equipe.sleto.net.conf contiendra les informations relatives aux clefs privé et public HTTPS/SSL (voir Serveur web sécurisé (Nginx / Let's Encrypt)).
Activer la configuration web par:
ln -sf /opt/$DBUSER/nginx-equipe /etc/nginx/sites-enabled
Pour rafraîchir les services nginx
service nginx restart