Production Installation on Ubuntu 14.04 LTS

Install Ubuntu Server (x64) 14.04 LTS

  1. Set up 3 machines with Ubuntu 14.04 with 2GB of RAM or more. The servers will be used for the Load Balancer, Mattermost (this must be x64 to use pre-built binaries), and Database.
  2. Make sure the system is up to date with the most recent security patches.
  3. sudo apt-get update
  4. sudo apt-get upgrade

Set up Database Server

  1. For the purposes of this guide we will assume this server has an IP address of 10.10.10.1
  2. Install PostgreSQL 9.3+ (or MySQL 5.6+)
  3. sudo apt-get install postgresql postgresql-contrib
  4. PostgreSQL created a user account called postgres. You will need to log into that account with:
  5. sudo -i -u postgres
  6. You can get a PostgreSQL prompt by typing:
  7. psql
  8. Create the Mattermost database by typing:
  9. postgres=# CREATE DATABASE mattermost;
  10. Create the Mattermost user by typing:
  11. postgres=# CREATE USER mmuser WITH PASSWORD 'mmuser_password';
  12. Grant the user access to the Mattermost database by typing:
  13. postgres=# GRANT ALL PRIVILEGES ON DATABASE mattermost to mmuser;
  14. You can exit out of PostgreSQL by typing:
  15. postgre=# \q
  16. You can exit the postgres account by typing:
  17. exit

Set up Mattermost Server

  1. For the purposes of this guide we will assume this server has an IP address of 10.10.10.2
  2. Download the latest Mattermost Server by typing:
  3. wget https://github.com/mattermost/platform/releases/download/v1.1.0/mattermost.tar.gz
  4. Unzip the Mattermost Server by typing:
  5. tar -xvzf mattermost.tar.gz
  6. For the sake of making this guide simple we located the files at /home/ubuntu/mattermost. In the future we will give guidance for storing under /opt.
  7. We have also elected to run the Mattermost Server as the ubuntu account for simplicity. We recommend setting up and running the service under a mattermost user account with limited permissions.
  8. Create the storage directory for files. We assume you will have attached a large drive for storage of images and files. For this setup we will assume the directory is located at /mattermost/data.
  9. Create the directory by typing:
  10. sudo mkdir -p /mattermost/data
  11. Set the ubuntu account as the directory owner by typing:
  12. sudo chown -R ubuntu /mattermost
  13. Configure Mattermost Server by editing the config.json file at /home/ubuntu/mattermost/config`
  14. cd ~/mattermost/config
  15. Edit the file by typing:
  16. vi config.json
  17. replace DriverName": "mysql" with DriverName": "postgres"
  18. replace "DataSource": "mmuser:mostest@tcp(dockerhost:3306)/mattermost_test?charset=utf8mb4,utf8" with "DataSource": "postgres://mmuser:mmuser_password@10.10.10.1:5432/mattermost?sslmode=disable&connect_timeout=10"
  19. Optionally you may continue to edit configuration settings in config.json or use the System Console described in a later section to finish the configuration.
  20. Test the Mattermost Server
  21. cd ~/mattermost/bin
  22. Run the Mattermost Server by typing:
  23. ./platform
  24. You should see a console log like Server is listening on :8065 letting you know the service is running.
  25. Stop the server for now by typing ctrl-c
  26. Setup Mattermost to use the Ubuntu Upstart daemon which handles supervision of the Mattermost process.
  27. sudo touch /etc/init/mattermost.conf
  28. sudo vi /etc/init/mattermost.conf
  29. Copy the following lines into /etc/init/mattermost.conf
start on runlevel [2345]
stop on runlevel [016]
respawn
chdir /home/ubuntu/mattermost
setuid ubuntu
exec bin/platform

Set up Nginx Server

  1. For the purposes of this guide we will assume this server has an IP address of 10.10.10.3
  2. We use Nginx for proxying request to the Mattermost Server. The main benefits are:
  3. SSL termination
  4. http to https redirect
  5. Port mapping :80 to :8065
  6. Standard request logs
  7. Install Nginx on Ubuntu with
  8. sudo apt-get install nginx
  9. Verify Nginx is running
  10. curl http://10.10.10.3
  11. You should see a Welcome to nginx! page
  12. You can manage Nginx with the following commands
  13. sudo service nginx stop
  14. sudo service nginx start
  15. sudo service nginx restart
  16. Map a FQDN (fully qualified domain name) like mattermost.example.com to point to the Nginx server.
  17. Configure Nginx to proxy connections from the internet to the Mattermost Server
  18. Create a configuration for Mattermost
  19. sudo touch /etc/nginx/sites-available/mattermost
  20. Below is a sample configuration with the minimum settings required to configure Mattermost ``` server { server_name mattermost.example.com; location / { client_max_body_size 50M; proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection "upgrade"; proxy_set_header Host $http_host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto $scheme; proxy_set_header X-Frame-Options SAMEORIGIN; proxy_pass http://10.10.10.2:8065; } }
  * Remove the existing file with
  * ``` sudo rm /etc/nginx/sites-enabled/default```
  * Link the mattermost config by typing:
  * ```sudo ln -s /etc/nginx/sites-available/mattermost /etc/nginx/sites-enabled/mattermost```
  * Restart Nginx by typing:
  * ``` sudo service nginx restart```
  * Verify you can see Mattermost thru the proxy by typing:
  * ``` curl http://localhost```
  * You should see a page titles *Mattermost - Signup*

## Set up Nginx with SSL (Recommended)
1. You will need a SSL cert from a certificate authority.
2. For simplicity we will generate a test certificate.
  * ``` mkdir ~/cert```
  * ``` cd ~/cert```
  * ``` sudo openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout mattermost.key -out mattermost.crt```
  * Input the following info 
Country Name (2 letter code) [AU]:US
State or Province Name (full name) [Some-State]:California
Locality Name (eg, city) []:Palo Alto
Organization Name (eg, company) [Internet Widgits Pty Ltd]:Example LLC
Organizational Unit Name (eg, section) []:
Common Name (e.g. server FQDN or YOUR name) []:mattermost.example.com
Email Address []:admin@mattermost.example.com
3. Run `openssl dhparam -out dhparam.pem 4096` (it will take some time).
4. Modify the file at `/etc/nginx/sites-available/mattermost` and add the following lines:

server { listen 80; server_name mattermost.example.com; return 301 https://$server_name$request_uri; }

server { listen 443 ssl; server_name mattermost.example.com;

    ssl on;
    ssl_certificate /home/ubuntu/cert/mattermost.crt;
    ssl_certificate_key /home/ubuntu/cert/mattermost.key;
    ssl_dhparam /home/ubuntu/cert/dhparam.pem;
    ssl_session_timeout 5m;
    ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
    ssl_ciphers 'EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH';
    ssl_prefer_server_ciphers on;

    # add to location / above
    location / {
        gzip off;
        proxy_set_header X-Forwarded-Ssl on;

```

Finish Mattermost Server setup

  1. Navigate to https://mattermost.example.com and create a team and user.
  2. The first user in the system is automatically granted the system_admin role, which gives you access to the System Console.
  3. From the town-square channel click the dropdown and choose the System Console option
  4. Update Email Settings. We recommend using an email sending service. The example shows how an Amazon SES setup might look (sample credentials shown below are not real).
  5. Set Send Email Notifications to true
  6. Set Require Email Verification to true
  7. Set Feedback Name to No-Reply
  8. Set Feedback Email to mattermost@example.com
  9. Set SMTP Username to AFIADTOVDKDLGERR
  10. Set SMTP Password to DFKJoiweklsjdflkjOIGHLSDFJewiskdjf
  11. Set SMTP Server to email-smtp.us-east-1.amazonaws.com
  12. Set SMTP Port to 465
  13. Set Connection Security to TLS
  14. Save the Settings
  15. Update File Settings
  16. Change Local Directory Location from ./data/ to /mattermost/data
  17. Update Log Settings.
  18. Set Log to The Console to false
  19. Update Rate Limit Settings.
  20. Set Vary By Remote Address to false
  21. Set Vary By HTTP Header to X-Real-IP
  22. Feel free to modify other settings.
  23. Restart the Mattermost Service by typing:
  24. sudo restart mattermost