Mattermost is an open-source instant messaging service. It comes in both free and paid versions. It can be operated either in the cloud or on-premise as a web application. Here we learn how to install and configure Mattermost on Rocky Linux.
Mattermost enables the communication between individuals and groups. Communication can take place as a chat, video call, or normal telephone call. The exchange of data and links is also possible. Mattermost can be seen as a direct competitor of MS Teams or Slack in this regard. If you are cloud users such as AWS, Google, Azure, and others pre-built open-source images are available with them to install and deploy Mattermost on the cloud as quickly as possible. After installation, its web interface can be accessed using the browser or Mobile & Desktop Apps on Windows, Linux, and Mac, iOS, and Android.
Under the name Omnibus, Mattermost released package, a complete stack of the free messaging system, can be installed with just a few commands. In addition to Mattermost itself, the administrator can set up PostgreSQL as a database, Nginx as a proxy web server, and Certbot to issue and renew SSL certificates in no time at all. However, Omnibus is only for Debian based system and will not work on RHEL or its derivatives, hence we have to set up Mattermost on Rocky Linux step by step.
1. Run system update
First, update the existing packages available on your Rocky Linux to make sure everything will be in its latest state.sudo
dnf update
2. Install a database
If you already have a server installed with MySQL or PostgreSQL database then you can skip this step. Otherwise, use the below-given command to install MySQL or PostgreSQL server on Alma Linux to store the data that will be generated by Mattermost.
How to Install MySQL on AlmaLinux 8
How to Install PostgreSQL in AlmaLinux 8
3. Create Database for Mattermost
Install and set up a PostgreSQL database for use by the Mattermost server. These instructions assume that the IP address of this server is 10.10.10.1
.
- Log in to the server that will host the database, and install PostgreSQL. See the PostgreSQL documentation for details. When the installation is complete, the PostgreSQL server is running, and a Linux user account called postgres has been created.
- Access PostgreSQL with one of the following options:
sudo --login --user postgres
thenpsql
ORsudo -u postgres psql
- Create the Mattermost database by running
postgres=# CREATE DATABASE mattermost;
. - Create the Mattermost user mmuser by running
postgres=# CREATE USER mmuser WITH PASSWORD 'mmuser-password';
.
- Use a password that’s more secure than
mmuser-password
.
- Grant the user access to the Mattermost database by running
postgres=# GRANT ALL PRIVILEGES ON DATABASE mattermost to mmuser;
. - Exit the PostgreSQL interactive terminal by running
postgres=# \q
. - Log out of the postgres account by running
exit
. - (Optional) If you use separate servers for your database and the Mattermost server, you may allow PostgreSQL to listen on all assigned IP addresses by opening
/etc/postgresql/{version}/main/postgresql.conf
as root in a text editor, and replacing{version}
with the version of PostgreSQL that’s currently running. As a best practice, ensure that only the Mattermost server is able to connect to the PostgreSQL port using a firewall.
- Find the following line:
#listen_addresses = 'localhost'
- Uncomment the line and change
localhost
to*
:listen_addresses = '*'
- Restart PostgreSQL for the change to take effect by running
sudo systemctl restart postgresql
.
- Modify the file
pg_hba.conf
to allow the Mattermost server to communicate with the database.If the Mattermost server and the database are on the same machine:- Open
/etc/postgresql/{version}/main/pg_hba.conf
as root in a text editor.Find the following lines:
local all all peerhost all all ::1/128 ident
- Change
peer
andident
totrust
:
local all all trusthost all all ::1/128 trust
- Open
- If the Mattermost server and the database are on different machines:
- Open
/etc/postgresql/{version}/main/pg_hba.conf
in a text editor as root user. - Add the following line to the end of the file, where
{mattermost-server-IP}
is the IP address of the Mattermost server:host all all {mattermost-server-IP}/32 md5
.
- Open
- Reload PostgreSQL by running
sudo systemctl reload postgresql
. - Verify that you can connect with the user mmuser.
- If the Mattermost server and the database are on the same machine, use the following command:
psql --dbname=mattermost --username=mmuser --password
- If the Mattermost server is on a different machine, log into that machine and use the following command:
psql --host={postgres-server-IP} --dbname=mattermost --username=mmuser --password
Install and set up a MySQL database for use by the Mattermost server.
- Log into the server that will host the database, and open a terminal window.
- Install MySQL.
- Run
sudo mysql_secure_installation
and follow the instructions. - Log in to MySQL as root by running
sudo mysql
. - Create the Mattermost user mmuser by running
mysql> create user 'mmuser'@'%' identified by 'mmuser-password';
.
- Use a password that is more secure than
mmuser-password
. - The
%
means that mmuser can connect from any machine on the network. However, it’s more secure to use the IP address of the machine that hosts Mattermost. For example, if you install Mattermost on the machine with IP address 10.10.10.2, then use the following command:mysql> create user 'mmuser'@'10.10.10.2' identified by 'mmuser-password';
- Create the Mattermost database by running
mysql> create database mattermost;
. - Grant access privileges to the user mmuser by running
mysql> grant all privileges on mattermost.* to 'mmuser'@'%';
.
4. Install Mattermost Server
Install Mattermost Server on a 64-bit machine. Assume that the IP address of this server is 10.10.10.2.
Log in to the server that will host Mattermost Server and open a terminal window.
Download the latest version of the Mattermost Server. In the following command, replace X.X.X
with the version that you want to download: wget https://releases.mattermost.com/X.X.X/mattermost-X.X.X-linux-amd64.tar.gz
.
Extract the Mattermost Server files by running tar -xvzf mattermost*.gz
.
Move the extracted file to the /opt
directory by running sudo mv mattermost /opt
.
Create the storage directory for files by running sudo mkdir /opt/mattermost/data
.
Note
The storage directory will contain all the files and images that your users post to Mattermost, so you need to make sure that the drive is large enough to hold the anticipated number of uploaded files and images.
Set up a system user and group called mattermost
that will run this service, and set the ownership and permissions.
- Create the Mattermost user and group:
sudo useradd --system --user-group mattermost
. - Set the user and group mattermost as the owner of the Mattermost files:
sudo chown -R mattermost:mattermost /opt/mattermost
. - Give write permissions to the mattermost group:
sudo chmod -R g+w /opt/mattermost
.
Set up the database driver in the file /opt/mattermost/config/config.json
. Open the file in a text editor and make the following changes:
If you are using PostgreSQL:
- Set
"DriverName"
to"postgres"
Set"DataSource"
to the following value, replacing<mmuser-password>
and<host-name-or-IP>
with the appropriate values:
"postgres://mmuser:<mmuser-password>@<host-name-or-IP>:5432/mattermost?sslmode=disable&connect_timeout=10"
.
If you are using MySQL:
- Set
"DriverName"
to"mysql"
Set"DataSource"
to the following value, replacing<mmuser-password>
and<host-name-or-IP>
with the appropriate values. Also make sure that the database name ismattermost
instead ofmattermost_test
:
"mmuser:<mmuser-password>@tcp(<host-name-or-IP>:3306)/mattermost?charset=utf8mb4,utf8&writeTimeout=30s"
Set "SiteURL"
to the full base URL of the site (e.g., "https://mattermost.example.com"
).
Test the Mattermost server to make sure everything works.
- Change to the
mattermost
directory:cd /opt/mattermost
. - Start the Mattermost server as the user mattermost:
sudo -u mattermost ./bin/mattermost
.
Set up Mattermost to use systemd for starting and stopping.
- Create a systemd unit file:
sudo touch /lib/systemd/system/mattermost.service
. - Open the unit file as root in a text editor, and copy the following lines into the file:
[Unit]
Description=Mattermost
After=network.target
[Service]
Type=notify
ExecStart=/opt/mattermost/bin/mattermost
TimeoutStartSec=3600
KillMode=mixed
Restart=always
RestartSec=10
WorkingDirectory=/opt/mattermost
User=mattermost
Group=mattermost
LimitNOFILE=49152
[Install]
WantedBy=multi-user.target
- If you are using MySQL, replace
postgresql.service
withmysql.service
in two places in the[Unit]
section and one place in the[Install]
section.- If you have installed MySQL or PostgreSQL on a dedicated server, then you need to complete the following, otherwise the Mattermost service won’t start:
- Remove
After=postgresql.service
andBindsTo=postgresql.service
orAfter=mysql.service
andBindsTo=mysql.service
lines in the[Unit]
section.- Replace the
WantedBy=postgresql.service
orWantedBy=mysql.service
line in the[Install]
section withWantedBy=multi-user.target
.- Setting
WantedBy
to your local database service ensures that whenever the database service is started, the Mattermost server starts too. This prevents the Mattermost server from stopping to work after an automatic update of the database.
Make systemd load the new unit by running sudo systemctl daemon-reload
.
Check to make sure that the unit was loaded by running sudo systemctl status mattermost.service
. You should see an output similar to the following:
● mattermost.service - Mattermost
Loaded: loaded (/lib/systemd/system/mattermost.service; disabled; vendor preset: enabled)
Active: inactive (dead)
Start the service by running sudo systemctl start mattermost.service
.
Verify that Mattermost is running: curl http://localhost:8065
. You should see the HTML that’s returned by the Mattermost server.
Set Mattermost to start on machine start up by running sudo systemctl enable mattermost.service
.
Now that the Mattermost server is up and running, you can do some initial configuration and setup.
5. Access Mattermost web interface
If you want to access this chatting server using the Ip-address, then first open port number 8065 on your Alma Linux
sudo firewall-cmd --zone=public --add-port=8065/tcp
Now, open your web browser and point it to the server-IP-address where you have installed the Mattermost. For example- if the IP address of your server is localhost
, then the URL will be like this-
localhost
:8065
6. Using Nginx Reverse Proxy
Although we can directly point the domain name to your server IP address to access Mattermost using a fully qualified domain, however, to improve security let’s install and Nginx as a Reverse proxy.sudo dnf install epel-release sudo dnf install nginx
sudo dnf install epel-release
sudo dnf install nginx
Enable and start
sudo systemctl enable --now nginx
sudo systemctl start nginx
Create configuration file
sudo nano /etc/nginx/conf.d/mattermost.conf
Paste the below code and replace tuanlp.com with the domain name you want to use…upstream backend
upstream backend {
server 127.0.0.1:8065;
keepalive 32;
}
proxy_cache_path /var/cache/nginx levels=1:2 keys_zone=mattermost_cache:10m max_size=3g inactive=120m use_temp_path=off;
server {
listen 80;
server_name tuanlp.com;
location ~ /api/v[0-9]+/(users/)?websocket$ {
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
client_max_body_size 50M;
proxy_set_header Host $http_host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Frame-Options SAMEORIGIN;
proxy_buffers 256 16k;
proxy_buffer_size 16k;
client_body_timeout 60;
send_timeout 300;
lingering_timeout 5;
proxy_connect_timeout 90;
proxy_send_timeout 300;
proxy_read_timeout 90s;
proxy_pass http://backend;
}
location / {
client_max_body_size 50M;
proxy_set_header Connection "";
proxy_set_header Host $http_host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Frame-Options SAMEORIGIN;
proxy_buffers 256 16k;
proxy_buffer_size 16k;
proxy_read_timeout 600s;
proxy_cache mattermost_cache;
proxy_cache_revalidate on;
proxy_cache_min_uses 2;
proxy_cache_use_stale timeout;
proxy_cache_lock on;
proxy_http_version 1.1;
proxy_pass http://backend;
}
}
Save the file- Ctrl+X, press Y, and hit Enter key.
Check configuration file is working without any error-
sudo nginx -t
Restart Nginx Server
sudo systemctl restart nginx
Open port 80 and 443 on the server firewall
sudo firewall-cmd --add-service={http,https} --permanent
sudo firewall-cmd --reload
Now, if you have pointed your domain to the Server Ip-address then you will be able to access it in the browser. However, an SSL certificate error will be there. Thus, to remove that install one using the Let’s Encrypt.