Wiki Sleto

Outils pour utilisateurs

Outils du site

Piste : outil_d_echange_collaboratif_mattermost
outil_d_echange_collaboratif_mattermost

Ceci est une ancienne révision du document !

Table des matières

MATTERMOST

Présentation d'installation d'un serveur Mattermost sur debian 9.
Dans cette présentation, nous allons configurer un site https://equipe.sleto.net.

Nous utiliserons les variables DBNAME, DBUSER et DBPASSWD respectivement pour le nom, l'utilisateur et le mot de passe de base de données.

Dépendances

Utilise un Serveur web sécurisé (Nginx / Let's Encrypt).
Nécessite également les outils : 

sudo apt-get install -y postgresql postgresql-contrib supervisor git

Vous devrez également ajouter le domaine equipe.sleto.net dans le Serveur DNS (bind9)

Base de données

Nous allons créé une base de donnée PostgreSQL: 

sudo -u postgres psql -c "CREATE USER $DBUSER;"
sudo -u postgres psql -c "ALTER USER $DBUSER PASSWORD '$DBPASSWD';"
sudo -u postgres psql -c "CREATE DATABASE $DBNAME OWNER $DBUSER;"

Pré-configuration

Création d'un utilisateur mattermost: 

adduser --system --home /opt/mattermost --shell /bin/bash --disabled-password --quiet mattermost
install -d -m 755 -o $DBUSER /opt/mattermost
adduser mattermost www-data

Installation

Pour installer l'outil: 

rm -rf /opt/mattermost
cd /tmp
curl https://releases.mattermost.com/5.30.1/mattermost-5.30.1-linux-amd64.tar.gz -o mattermost.tar.gz
tar -xvzf mattermost.tar.gz
mv mattermost /opt
rm mattermost.tar.gz
mkdir /opt/mattermost/data
chown -R mattermost:www-data /opt/mattermost
chmod -R g+w /opt/mattermost

Configuration

Configuration: 

ln -sf /opt/mattermost/bin/mattermost /usr/local/bin
mattermost config set SqlSettings.DriverName postgres
mattermost config set SqlSettings.DataSource 'postgres://'$DBUSER':'$DBPASSWD'@127.0.0.1:5432/'$DBNAME'?sslmode=disable&connect_timeout=10'
mattermost config set ServiceSettings.SiteURL "https://equipe.sleto.net"
mattermost config set TeamSettings.SiteName "Équipe"
mattermost config set TeamSettings.CustomDescriptionText "Communication d'équipe par Sleto via Mattermost"
mattermost config set TeamSettings.MaxChannelsPerTeam "100"
mattermost config set TeamSettings.MaxUsersPerTeam "30"
mattermost config set TeamSettings.EnableUserCreation "false"
mattermost config set PasswordSettings.MinimumLength "6"
mattermost config set PasswordSettings.Number "false"
mattermost config set PluginSettings.Enable "false"
mattermost config set LocalizationSettings.AvailableLocales "fr,en"
mattermost config set LocalizationSettings.DefaultClientLocale "fr"
mattermost config set LocalizationSettings.DefaultServerLocale "fr"
mattermost config set EmailSettings.SMTPServer "localhost"
mattermost config set EmailSettings.SMTPPort "25"
mattermost config set EmailSettings.SMTPUsername ""
mattermost config set EmailSettings.SMTPPassword ""
mattermost user create --email contact@sleto.net --username portail --password 'xxxx' --system_admin --locale 'fr'

Créer le fichier de gestion de service /etc/systemd/system/mattermost.service: 

[Unit]
Description=Mattermost
After=network.target
After=postgresql.service
Requires=postgresql.service

[Service]
Type=notify
ExecStart=/opt/mattermost/bin/mattermost
TimeoutStartSec=3600
Restart=always
RestartSec=10
WorkingDirectory=/opt/mattermost
User=mattermost
Group=www-data
LimitNOFILE=49152

[Install]
WantedBy=postgresql.service

Et l'instruction: 

systemctl daemon-reload
systemctl start mattermost.service
systemctl enable mattermost.service

Configuration web

Créer un fichier /opt/etherpad/nginx-equipe: 

upstream mmbackend {
   server 127.0.0.1:8065;
   keepalive 32;
}    

proxy_cache_path /var/cache/nginx levels=1:2 keys_zone=mattermost_cache:10m max_size=3g inactive=120m use_temp_path=off;
    
server {
    listen 80;
    server_name equipe.sleto.net;
    return 301 https://$host$request_uri;
}

server {
    listen 443 ssl;
    server_name equipe.sleto.net;
    access_log /var/log/nginx/equipe.sleto.net.access.log;
    error_log  /var/log/nginx/equipe.sleto.net.error.log;

    include /opt/ssl/equipe.sleto.net.conf;

    location ~ /api/v[0-9]+/(users/)?websocket$ {
       proxy_set_header Upgrade $http_upgrade;
       proxy_set_header Connection \"upgrade\";
       client_max_body_size 50M;
       proxy_set_header Host $http_host;
       proxy_set_header X-Real-IP $remote_addr;
       proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
       proxy_set_header X-Forwarded-Proto $scheme;
       proxy_set_header X-Frame-Options SAMEORIGIN;
       proxy_buffers 256 16k;
       proxy_buffer_size 16k;
       client_body_timeout 60;
       send_timeout 300;
       lingering_timeout 5;
       proxy_connect_timeout 90;
       proxy_send_timeout 300;
       proxy_read_timeout 90s;
       proxy_pass http://mmbackend;
    }

    location / {
       client_max_body_size 50M;
       proxy_set_header Connection \"\";
       proxy_set_header Host $http_host;
       proxy_set_header X-Real-IP $remote_addr;
       proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
       proxy_set_header X-Forwarded-Proto $scheme;
       proxy_set_header X-Frame-Options SAMEORIGIN;
       proxy_buffers 256 16k;
       proxy_buffer_size 16k;
       proxy_read_timeout 600s;
       proxy_cache mattermost_cache;
       proxy_cache_revalidate on;
       proxy_cache_min_uses 2;
       proxy_cache_use_stale timeout;
       proxy_cache_lock on;
       proxy_http_version 1.1;
       proxy_pass http://mmbackend;
   }
}

Notons que /opt/ssl/equipe.sleto.net.conf contiendra les informations relatives aux clefs privé et public HTTPS/SSL (voir Serveur web sécurisé (Nginx / Let's Encrypt)).

Activer la configuration web par: 

ln -sf /opt/$DBUSER/nginx-equipe /etc/nginx/sites-enabled

Rechargement

Pour rafraîchir les services nginx 

service nginx restart
outil_d_echange_collaboratif_mattermost.1610537762.txt.gz · Dernière modification : 2021/05/08 13:25 (modification externe)