Ceci est une ancienne révision du document !
Table des matières
MATTERMOST
Présentation d'installation d'un serveur Mattermost sur debian 9.
Dans cette présentation, nous allons configurer un site https://equipe.sleto.net.
Nous utiliserons les variables DBNAME, DBUSER et DBPASSWD respectivement pour le nom, l'utilisateur et le mot de passe de base de données.
Dépendances
Utilise un Serveur web sécurisé (Nginx / Let's Encrypt).
Nécessite également les outils :
sudo apt-get install -y postgresql postgresql-contrib supervisor git
Vous devrez également ajouter le domaine equipe.sleto.net dans le Serveur DNS (bind9)
Base de données
Nous allons créé une base de donnée PostgreSQL:
sudo -u postgres psql -c "CREATE USER $DBUSER;" sudo -u postgres psql -c "ALTER USER $DBUSER PASSWORD '$DBPASSWD';" sudo -u postgres psql -c "CREATE DATABASE $DBNAME OWNER $DBUSER;"
Pré-configuration
Création d'un utilisateur mattermost:
adduser --system --home /opt/mattermost --shell /bin/bash --disabled-password --quiet mattermost install -d -m 755 -o $DBUSER /opt/mattermost adduser mattermost www-data
Installation
Pour installer l'outil:
rm -rf /opt/mattermost cd /tmp curl https://releases.mattermost.com/5.30.1/mattermost-5.30.1-linux-amd64.tar.gz -o mattermost.tar.gz tar -xvzf mattermost.tar.gz mv mattermost /opt rm mattermost.tar.gz mkdir /opt/mattermost/data chown -R mattermost:www-data /opt/mattermost chmod -R g+w /opt/mattermost
Configuration
Configuration:
ln -sf /opt/mattermost/bin/mattermost /usr/local/bin mattermost config set SqlSettings.DriverName postgres mattermost config set SqlSettings.DataSource 'postgres://'$DBUSER':'$DBPASSWD'@127.0.0.1:5432/'$DBNAME'?sslmode=disable&connect_timeout=10' mattermost config set ServiceSettings.SiteURL "https://equipe.sleto.net" mattermost config set TeamSettings.SiteName "Équipe" mattermost config set TeamSettings.CustomDescriptionText "Communication d'équipe par Sleto via Mattermost" mattermost config set TeamSettings.MaxChannelsPerTeam "100" mattermost config set TeamSettings.MaxUsersPerTeam "30" mattermost config set TeamSettings.EnableUserCreation "false" mattermost config set PasswordSettings.MinimumLength "6" mattermost config set PasswordSettings.Number "false" mattermost config set PluginSettings.Enable "false" mattermost config set LocalizationSettings.AvailableLocales "fr,en" mattermost config set LocalizationSettings.DefaultClientLocale "fr" mattermost config set LocalizationSettings.DefaultServerLocale "fr" mattermost config set EmailSettings.SMTPServer "localhost" mattermost config set EmailSettings.SMTPPort "25" mattermost config set EmailSettings.SMTPUsername "" mattermost config set EmailSettings.SMTPPassword "" mattermost user create --email contact@sleto.net --username portail --password 'xxxx' --system_admin --locale 'fr'
Créer le fichier de gestion de service /etc/systemd/system/mattermost.service:
[Unit] Description=Mattermost After=network.target After=postgresql.service Requires=postgresql.service [Service] Type=notify ExecStart=/opt/mattermost/bin/mattermost TimeoutStartSec=3600 Restart=always RestartSec=10 WorkingDirectory=/opt/mattermost User=mattermost Group=www-data LimitNOFILE=49152 [Install] WantedBy=postgresql.service
Et l'instruction:
systemctl daemon-reload systemctl start mattermost.service systemctl enable mattermost.service
Configuration web
Créer un fichier /opt/etherpad/nginx-equipe:
upstream mmbackend { server 127.0.0.1:8065; keepalive 32; } proxy_cache_path /var/cache/nginx levels=1:2 keys_zone=mattermost_cache:10m max_size=3g inactive=120m use_temp_path=off; server { listen 80; server_name equipe.sleto.net; return 301 https://$host$request_uri; } server { listen 443 ssl; server_name equipe.sleto.net; access_log /var/log/nginx/equipe.sleto.net.access.log; error_log /var/log/nginx/equipe.sleto.net.error.log; include /opt/ssl/equipe.sleto.net.conf; location ~ /api/v[0-9]+/(users/)?websocket$ { proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection \"upgrade\"; client_max_body_size 50M; proxy_set_header Host $http_host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto $scheme; proxy_set_header X-Frame-Options SAMEORIGIN; proxy_buffers 256 16k; proxy_buffer_size 16k; client_body_timeout 60; send_timeout 300; lingering_timeout 5; proxy_connect_timeout 90; proxy_send_timeout 300; proxy_read_timeout 90s; proxy_pass http://mmbackend; } location / { client_max_body_size 50M; proxy_set_header Connection \"\"; proxy_set_header Host $http_host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto $scheme; proxy_set_header X-Frame-Options SAMEORIGIN; proxy_buffers 256 16k; proxy_buffer_size 16k; proxy_read_timeout 600s; proxy_cache mattermost_cache; proxy_cache_revalidate on; proxy_cache_min_uses 2; proxy_cache_use_stale timeout; proxy_cache_lock on; proxy_http_version 1.1; proxy_pass http://mmbackend; } }
Notons que /opt/ssl/equipe.sleto.net.conf contiendra les informations relatives aux clefs privé et public HTTPS/SSL (voir Serveur web sécurisé (Nginx / Let's Encrypt)).
Activer la configuration web par:
ln -sf /opt/$DBUSER/nginx-equipe /etc/nginx/sites-enabled
Rechargement
Pour rafraîchir les services nginx
service nginx restart