Mattermost Setup & Configuration - ademeglio/the-frontline GitHub Wiki
What is needed?
- Mattermost Server. We are currently using Enterprise configured as Team Edition
- Mattermost DB. Instance of PostGreSQL.
- Mattermost Push Notification Service.
- Mattermost Client Applications
- Andrioid, iOS, Windows, OSX
- Web Client
- Proxy
- Traefik 2.x
Other
- Email Service
- Monitoring
- File Store
- Local Storage
- S3
Important Configuration Notes
- exclude message contents from push notifications to comply with strict compliance policies, such as US HIPAA standards.
Configure Server
- Need to look at my older notes for configuring CentOS 7; Docker; Firewall; etc...
Application Folders
Under a user that is not, root ;-)
Create two application folders on the manager node:
mkdir /home/user/apps/{mattermost,traefik}
Copy the docker-compose files to the server. In my case, I used SCP and put the files directly into their application folders.
scp docker-compose-proxy-review.yml traefik.yml user@server:/home/user/apps/traefik/
Note, you will need to move traefik.yml into the correct volume listed below after it is created.
scp docker-compose-mattermost-review.yml user@server:/home/user/apps/mattermost/
Configure Docker Environment
In our initial case, we are initially setting up Docker in Swarm Mode. For high availability, it is recommend to set up a multiple node Swarm or use another orchestration system such as Kubernetes.
We are going to assume you are familiar with Docker and Docker Swarm Mode. If you need to set one up, please take a look at the Docker Documentation.
Create Networks
| Network | Description |
|---|---|
docker network create --driver=overlay traefik-public |
External facing networks |
docker network create --driver=overlay mattermost-db |
Internal network App <> Database |
- Resource: docker network create
Create Volumes
| Volume | Description |
|---|---|
docker volume create traefik-certs |
Store generated ssl certificates. |
docker volume create traefik-configs |
Store Traefik configuration files. |
docker volume create mattermost-db |
Store Mattermost MySQL database files. |
docker volume create mattermost-config |
Store Mattermost configuration file. |
docker volume create mattermost-data |
Store Mattermost data files. |
| 'docker volume create mattermost-logs` | Store Mattermost Log file. |
| 'docker volume create mattermost-plugins` | Store Mattermost plugins. |
After you create the mattermost-config, mattermost-data, mattermost-logs, and mattermost-plugins volumes, you will need to log into the server and update the UID/GID for each volume _data directory.
Since the Mattermost application is not run as a root user in the container, you have to update the UID/GID, which by default are 2000.
Temporarily change to the root user, su.
chown -R 2000:2000 /var/lib/docker/volumes/{volume from above}/_data/
Remember to move the traefik.yml file to the traefik-configs volume.
mv /home/user/apps/traefik/traefik.yml /var/lib/docker/volumes/traefik-configs/_data/
and then return to your user account by typing exit.
- Resource: docker volume create
Set Environment Variables
| Variable | Description |
|---|---|
| CERT_RESOLVER_A | Traefik Certificate Resolver #1. Production |
| CERT_RESOLVER_B | Traefik Certificate Resolver #2. Staging |
| PROXY_USERNAME_PASSWORD | Username and Hashed Password for Traefik Basic Authentication. |
| MM_USER | Mattermost Database User |
| MM_USER_PASSWORD | Mattermost Database User Password |
Misc.
Add a label to the swarm manager:
- Store the node ID of the swarm manager and store it in an environment variable:
export NODE_ID=$(docker info -f '{{.Swarm.NodeID}}') - Create a tag in the node so that Traefik is always deployed to the same node and uses the existing volume:
docker node update --label-add traefik=true $NODE_ID
Update docker-compose-*.yml files
Make any adjustments to the docker compose files that are necessary for your configurations.
- Update the host manually. This can't be an environment variable because Traefik uses it to create the CA Certificate with Let's Encrypt.
Note, the Mattermost port is preset to the default port8000.
Start Up
Did you set your environment variables?
Initiate the Traefik stack first.
docker stack deploy --with-registry-auth --resolve-image always --prune --compose-file=/home/user/apps/traefik/docker-compose-proxy-review.yml traefik
Next initiate the Mattermost stack.
docker stack deploy --with-registry-auth --resolve-image always --prune --compose-file=/home/user/aps/mattermost/docker-compose-mattermost-review.yml mattermost