Web Application

How to install Mattermost on RHEL 8

tuanlp191 views

Mattermost is an open-source instant messaging service. It comes in both free and paid versions. It can be operated either in the cloud or on-premise as a web application. Here we learn how to install and configure Mattermost on Rocky Linux.

Mattermost enables the communication between individuals and groups. Communication can take place as a chat, video call, or normal telephone call. The exchange of data and links is also possible. Mattermost can be seen as a direct competitor of MS Teams or Slack in this regard. If you are cloud users such as AWS, Google, Azure, and others pre-built open-source images are available with them to install and deploy Mattermost on the cloud as quickly as possible. After installation, its web interface can be accessed using the browser or Mobile & Desktop Apps on Windows, Linux, and Mac, iOS, and Android.

Under the name Omnibus, Mattermost released package, a complete stack of the free messaging system, can be installed with just a few commands. In addition to Mattermost itself, the administrator can set up PostgreSQL as a database, Nginx as a proxy web server, and Certbot to issue and renew SSL certificates in no time at all. However, Omnibus is only for Debian based system and will not work on RHEL or its derivatives, hence we have to set up Mattermost on Rocky Linux step by step.

1. Run system update

First, update the existing packages available on your Rocky Linux to make sure everything will be in its latest state.sudo 

dnf update

2. Install a database

If you already have a server installed with MySQL or PostgreSQL database then you can skip this step. Otherwise, use the below-given command to install MySQL or PostgreSQL server on Alma Linux to store the data that will be generated by Mattermost.

How to Install MySQL on AlmaLinux 8

How to Install PostgreSQL in AlmaLinux 8

3. Create Database for Mattermost

Install and set up a PostgreSQL database for use by the Mattermost server. These instructions assume that the IP address of this server is 10.10.10.1.

  1. Log in to the server that will host the database, and install PostgreSQL. See the PostgreSQL documentation for details. When the installation is complete, the PostgreSQL server is running, and a Linux user account called postgres has been created.
  2. Access PostgreSQL with one of the following options:
  • sudo --login --user postgres then psql OR
  • sudo -u postgres psql
  1. Create the Mattermost database by running postgres=# CREATE DATABASE mattermost;.
  2. Create the Mattermost user mmuser by running postgres=# CREATE USER mmuser WITH PASSWORD 'mmuser-password';.
  • Use a password that’s more secure than mmuser-password.
  1. Grant the user access to the Mattermost database by running postgres=# GRANT ALL PRIVILEGES ON DATABASE mattermost to mmuser;.
  2. Exit the PostgreSQL interactive terminal by running postgres=# \q.
  3. Log out of the postgres account by running exit.
  4. (Optional) If you use separate servers for your database and the Mattermost server, you may allow PostgreSQL to listen on all assigned IP addresses by opening /etc/postgresql/{version}/main/postgresql.conf as root in a text editor, and replacing {version} with the version of PostgreSQL that’s currently running. As a best practice, ensure that only the Mattermost server is able to connect to the PostgreSQL port using a firewall.
  1. Find the following line: #listen_addresses = 'localhost'
  2. Uncomment the line and change localhost to *listen_addresses = '*'
  3. Restart PostgreSQL for the change to take effect by running sudo systemctl restart postgresql.
  1. Modify the file pg_hba.conf to allow the Mattermost server to communicate with the database.If the Mattermost server and the database are on the same machine:
    1. Open /etc/postgresql/{version}/main/pg_hba.conf as root in a text editor.Find the following lines:
    local   all             all                        peerhost    all             all         ::1/128        ident
    1. Change peer and ident to trust:
    local   all             all                        trusthost    all             all         ::1/128        trust
  2. If the Mattermost server and the database are on different machines:
    1. Open /etc/postgresql/{version}/main/pg_hba.conf in a text editor as root user.
    2. Add the following line to the end of the file, where {mattermost-server-IP} is the IP address of the Mattermost server: host all all {mattermost-server-IP}/32 md5.
  3. Reload PostgreSQL by running sudo systemctl reload postgresql.
  4. Verify that you can connect with the user mmuser.
  • If the Mattermost server and the database are on the same machine, use the following command: psql --dbname=mattermost --username=mmuser --password
  • If the Mattermost server is on a different machine, log into that machine and use the following command: psql --host={postgres-server-IP} --dbname=mattermost --username=mmuser --password

Install and set up a MySQL database for use by the Mattermost server.

  1. Log into the server that will host the database, and open a terminal window.
  2. Install MySQL.
  3. Run sudo mysql_secure_installation and follow the instructions.
  4. Log in to MySQL as root by running sudo mysql.
  5. Create the Mattermost user mmuser by running mysql> create user 'mmuser'@'%' identified by 'mmuser-password';.
  • Use a password that is more secure than mmuser-password.
  • The % means that mmuser can connect from any machine on the network. However, it’s more secure to use the IP address of the machine that hosts Mattermost. For example, if you install Mattermost on the machine with IP address 10.10.10.2, then use the following command: mysql> create user 'mmuser'@'10.10.10.2' identified by 'mmuser-password';
  1. Create the Mattermost database by running mysql> create database mattermost;.
  2. Grant access privileges to the user mmuser by running mysql> grant all privileges on mattermost.* to 'mmuser'@'%';.

4. Install Mattermost Server 

Install Mattermost Server on a 64-bit machine. Assume that the IP address of this server is 10.10.10.2.

Log in to the server that will host Mattermost Server and open a terminal window.

Download the latest version of the Mattermost Server. In the following command, replace X.X.X with the version that you want to download: wget https://releases.mattermost.com/X.X.X/mattermost-X.X.X-linux-amd64.tar.gz.

Extract the Mattermost Server files by running tar -xvzf mattermost*.gz.

Move the extracted file to the /opt directory by running sudo mv mattermost /opt.

Create the storage directory for files by running sudo mkdir /opt/mattermost/data.

Note

The storage directory will contain all the files and images that your users post to Mattermost, so you need to make sure that the drive is large enough to hold the anticipated number of uploaded files and images.

Set up a system user and group called mattermost that will run this service, and set the ownership and permissions.

  1. Create the Mattermost user and group: sudo useradd --system --user-group mattermost.
  2. Set the user and group mattermost as the owner of the Mattermost files: sudo chown -R mattermost:mattermost /opt/mattermost.
  3. Give write permissions to the mattermost group: sudo chmod -R g+w /opt/mattermost.

Set up the database driver in the file /opt/mattermost/config/config.json. Open the file in a text editor and make the following changes:

If you are using PostgreSQL:

  1. Set "DriverName" to "postgres"Set "DataSource" to the following value, replacing <mmuser-password> and <host-name-or-IP> with the appropriate values:
"postgres://mmuser:<mmuser-password>@<host-name-or-IP>:5432/mattermost?sslmode=disable&connect_timeout=10".

If you are using MySQL:

  1. Set "DriverName" to "mysql"Set "DataSource" to the following value, replacing <mmuser-password> and <host-name-or-IP> with the appropriate values. Also make sure that the database name is mattermost instead of mattermost_test:
"mmuser:<mmuser-password>@tcp(<host-name-or-IP>:3306)/mattermost?charset=utf8mb4,utf8&writeTimeout=30s"

Set "SiteURL" to the full base URL of the site (e.g., "https://mattermost.example.com").

Test the Mattermost server to make sure everything works.

  1. Change to the mattermost directory: cd /opt/mattermost.
  2. Start the Mattermost server as the user mattermost: sudo -u mattermost ./bin/mattermost.

Set up Mattermost to use systemd for starting and stopping.

  1. Create a systemd unit file: sudo touch /lib/systemd/system/mattermost.service.
  2. Open the unit file as root in a text editor, and copy the following lines into the file:
[Unit]
Description=Mattermost
After=network.target

[Service]
Type=notify
ExecStart=/opt/mattermost/bin/mattermost
TimeoutStartSec=3600
KillMode=mixed
Restart=always
RestartSec=10
WorkingDirectory=/opt/mattermost
User=mattermost
Group=mattermost
LimitNOFILE=49152

[Install]
WantedBy=multi-user.target
  • If you are using MySQL, replace postgresql.service with mysql.service in two places in the [Unit] section and one place in the [Install] section.
  • If you have installed MySQL or PostgreSQL on a dedicated server, then you need to complete the following, otherwise the Mattermost service won’t start:
    • Remove After=postgresql.service and BindsTo=postgresql.service or After=mysql.service and BindsTo=mysql.service lines in the [Unit] section.
    • Replace the WantedBy=postgresql.service or WantedBy=mysql.service line in the [Install] section with WantedBy=multi-user.target.
  • Setting WantedBy to your local database service ensures that whenever the database service is started, the Mattermost server starts too. This prevents the Mattermost server from stopping to work after an automatic update of the database.

Make systemd load the new unit by running sudo systemctl daemon-reload.

Check to make sure that the unit was loaded by running sudo systemctl status mattermost.service. You should see an output similar to the following:

● mattermost.service - Mattermost 
Loaded: loaded (/lib/systemd/system/mattermost.service; disabled; vendor preset: enabled)
 Active: inactive (dead)

Start the service by running sudo systemctl start mattermost.service.

Verify that Mattermost is running: curl http://localhost:8065. You should see the HTML that’s returned by the Mattermost server.

Set Mattermost to start on machine start up by running sudo systemctl enable mattermost.service.

Now that the Mattermost server is up and running, you can do some initial configuration and setup.

5. Access Mattermost web interface

If you want to access this chatting server using the Ip-address, then first open port number 8065 on your Alma Linux

sudo firewall-cmd --zone=public --add-port=8065/tcp

Now, open your web browser and point it to the server-IP-address where you have installed the Mattermost.  For example- if the IP address of your server is localhost, then the URL will be like this-

localhost:8065

6. Using Nginx Reverse Proxy

Although we can directly point the domain name to your server IP address to access Mattermost using a fully qualified domain, however, to improve security let’s install and Nginx as a Reverse proxy.sudo dnf install epel-release sudo dnf install nginx

sudo dnf install epel-release
sudo dnf install nginx

Enable and start

sudo systemctl enable --now nginx
sudo systemctl start nginx

Create configuration file 

sudo nano /etc/nginx/conf.d/mattermost.conf

Paste the below code and replace tuanlp.com with the domain name you want to use…upstream backend 

upstream backend {
server 127.0.0.1:8065;
keepalive 32;
}

proxy_cache_path /var/cache/nginx levels=1:2 keys_zone=mattermost_cache:10m max_size=3g inactive=120m use_temp_path=off;

server {
listen 80;
server_name tuanlp.com;

location ~ /api/v[0-9]+/(users/)?websocket$ {
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
client_max_body_size 50M;
proxy_set_header Host $http_host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Frame-Options SAMEORIGIN;
proxy_buffers 256 16k;
proxy_buffer_size 16k;
client_body_timeout 60;
send_timeout 300;
lingering_timeout 5;
proxy_connect_timeout 90;
proxy_send_timeout 300;
proxy_read_timeout 90s;
proxy_pass http://backend;
}

location / {
client_max_body_size 50M;
proxy_set_header Connection "";
proxy_set_header Host $http_host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Frame-Options SAMEORIGIN;
proxy_buffers 256 16k;
proxy_buffer_size 16k;
proxy_read_timeout 600s;
proxy_cache mattermost_cache;
proxy_cache_revalidate on;
proxy_cache_min_uses 2;
proxy_cache_use_stale timeout;
proxy_cache_lock on;
proxy_http_version 1.1;
proxy_pass http://backend;
}
}

Save the file- Ctrl+X, press Y, and hit Enter key.

Check configuration file is working without any error-

sudo nginx -t

Restart Nginx Server

sudo systemctl restart nginx

Open port 80 and 443 on the server firewall

sudo firewall-cmd --add-service={http,https} --permanent 
sudo firewall-cmd --reload

Now, if you have pointed your domain to the Server Ip-address then you will be able to access it in the browser. However, an SSL certificate error will be there. Thus, to remove that install one using the Let’s Encrypt.

Related posts

How to Install and Use Nginx Proxy Manager with Docker

How to Create Remote Desktop Gateway via Apache Guacamole on AlmaLinux 9

How to install ONLYOFFICE Workspace on Ubuntu

Add Comment