Install Mattermost on Ubuntu 18.04 with Nginx – Google Cloud

Install Mattermost on Ubuntu 18.04 with Nginx – Google Cloud. Mattermost is one of the best open source messaging platform which enabled collaboration across large teams without any security problems and privacy issues.

In this guide you are going to learn how to install Mattermost on Ubuntu 18.04, configure Nginx as a reverse proxy and connect to Cloud SQL.

Prerequisites

• A running Compute Engine, see the Setting up Compute Engine Instance with Ubuntu 18.04
• Initial Ubuntu Server Set up.
• Setup Google Cloud DNS for your Domain name.
• A running Cloud SQL instance, see How to set up Cloud SQL in Google Cloud

With the above-completed prerequisites I assume you have your instance up and running, DNS configured and Cloud SQL is authorized to allow connections from the VM Instance.

Download Mattermost

Copy the latest version of Mattermost link from the official website and download it using the following comman.

wget https://releases.mattermost.com/5.14.0/mattermost-5.14.0-linux-amd64.tar.gz

Now Mattermost will be downloaded and you need to extract the downloaded file.

tar -xvzf mattermost*.gz

Setup Mattermost

Move the Mattermost file to the /opt directory.

sudo mv mattermost /opt

Create a new data directory for storing the files and images that the users post using Mattermost.

sudo mkdir /opt/mattermost/data

Create a new mattermost user to run the service.

sudo useradd --system --user-group mattermost

Now you can setup correct permissions to the files.

sudo chown -R mattermost:mattermost /opt/mattermost
sudo chmod -R g+w /opt/mattermost

Configure Mattermost Database connection

Setup database driver and database source you need to edit the /opt/mattermost/config/config.json file and update the following.

Update the database_name with your Cloud SQL database name, IP_Address with your Cloud SQL IP address, username with your Cloud SQL username.

sudo nano /opt/mattermost/config/config.json

"DriverName" to "mysql"
"DataSource" to "username:@tcp(IP_Address:3306)/database_name?charset=utf8mb4,utf8&readTimeout=30s&writeTimeout=30s"

Hit CTRL+X followed by Y and Enter to save the changes.

Test the Mattermost server

Change to mattermost directory.

cd /opt/mattermost

Start Mattermost.

sudo -u mattermost ./bin/mattermost

When the server starts you can see something similar to this.

{"level":"info","ts":1566809667.3023543,"caller":"jobs/workers.go:68","msg":"Starting workers"}
{"level":"info","ts":1566809667.4290788,"caller":"app/server.go:423","msg":"Starting Server…"}
{"level":"info","ts":1566809667.4293022,"caller":"app/server.go:489","msg":"Server is listening on [::]:8065"}
{"level":"info","ts":1566809667.4919004,"caller":"jobs/schedulers.go:72","msg":"Starting schedulers."}
{"level":"info","ts":1566809667.5540624,"caller":"app/web_hub.go:75","msg":"Starting 2 websocket hubs"}

This "Server is listening on [::]:8065" indicates your Mattermost server is started and listening on port 8065

If you want to test installation using port on your browser you need to open port 8065 on your Firewall else you can follow the steps below.

Setup Systemd Unit file for Mattermost

Create a new systemd file for mattermost

sudo nano /lib/systemd/system/mattermost.service

Paste the below configuration.

[Unit]
Description=Mattermost
After=network.target

[Service]
Type=notify
ExecStart=/opt/mattermost/bin/mattermost
TimeoutStartSec=3600
Restart=always
RestartSec=10
WorkingDirectory=/opt/mattermost
User=mattermost
Group=mattermost
LimitNOFILE=49152

[Install]
WantedBy=multi-user.target

Reload the daemon the load the new unit file.

sudo systemctl daemon-reload

Start Mattermost.

sudo systemctl start mattermost

To check the status of the Mattermost, run the following command.

sudo systemctl status mattermost

You will receive an output similar to this which indicates Mattermost is running on port 8065

● mattermost.service - Mattermost
   Loaded: loaded (/etc/systemd/system/mattermost.service; static; vendor preset: enabled)
   Active: active (running) since Mon 2019-08-26 08:58:10 UTC; 6s ago
 Main PID: 3204 (mattermost)
    Tasks: 19 (limit: 667)
   CGroup: /system.slice/mattermost.service
           ├─3204 /opt/mattermost/bin/mattermost
           └─3262 plugins/com.mattermost.nps/server/dist/plugin-linux-amd64

Enable Mattermost to start on server boot.

sudo systemctl enable mattermost

To restart Mattermost you can use the following command.

sudo systemctl restart mattermost

Install and Configure Nginx Reverse proxy

Install nginx.

sudo apt install nginx

Remove default Nginx configurations.

sudo rm /etc/nginx/sites-enabled/default
sudo rm /etc/nginx/sites-available/default

Create a new Nginx configuration for Mattermost in the sites-available directory.

 sudo nano /etc/nginx/sites-available/mattermost.conf

Copy and paste the following configuration, ensure that you change the server_name, error_log and root directives to match your domain name.

upstream backend {
    server localhost:8065;
    keepalive 32;
}

proxy_cache_path /var/cache/nginx levels=1:2 keys_zone=mattermost_cache:10m max_size=3g inactive=120m use_temp_path=off;

server {
    listen 80;

    server_name yourdomainname.com;

    location ~ /api/v[0-9]+/(users/)?websocket$ {
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection "upgrade";

        client_max_body_size 50M;

        proxy_set_header Host $http_host;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header X-Forwarded-Proto $scheme;
        proxy_set_header X-Frame-Options SAMEORIGIN;
        proxy_buffers 256 16k;
        proxy_buffer_size 16k;

        client_body_timeout 60;
        send_timeout 300;
        lingering_timeout 5;

        proxy_connect_timeout 90;
        proxy_send_timeout 300;
        proxy_read_timeout 90s;
        proxy_pass http://backend;
    }

    location / {
        client_max_body_size 50M;

        proxy_set_header Connection "";
        proxy_set_header Host $http_host;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header X-Forwarded-Proto $scheme;
        proxy_set_header X-Frame-Options SAMEORIGIN;

        proxy_buffers 256 16k;
        proxy_buffer_size 16k;
        proxy_read_timeout 600s;

        proxy_cache mattermost_cache;
        proxy_cache_revalidate on;
        proxy_cache_min_uses 2;
        proxy_cache_use_stale timeout;
        proxy_cache_lock on;

        proxy_http_version 1.1;
        proxy_pass http://backend;
    }
}

Hit Ctrl+X followed by Y and Enter to save the file and exit.

To enable this newly created website configuration, symlink the file that you just created into the sites-enabled directory.

sudo ln -s /etc/nginx/sites-available/mattermost.conf /etc/nginx/sites-enabled/mattermost.conf

Check your configuration and restart Nginx for the changes to take effect.

sudo nginx -t
sudo service nginx restart

Now you can visit your domain name in the web browser. You will see the Mattermost page to create the user with system_admin role.

Create SSL certificate and enable HTTP/2

HTTPS
HTTPS is a protocol for secure communication between a server (instance) and a client (web browser). Due to the introduction of Let’s Encrypt, which provides free SSL certificates, HTTPS are adopted by everyone and also provides trust to your audiences.

sudo add-apt-repository ppa:certbot/certbot
sudo apt update
sudo apt install python-certbot-nginx

Now we have installed Certbot by Let’s Encrypt for Ubuntu 18.04, run this command to receive your certificates.

sudo certbot --nginx certonly

Enter your email and agree to the terms and conditions, then you will receive the list of domains you need to generate SSL certificate.

To select all domains simply hit Enter

The Certbot client will automatically generate the new certificate for your domain. Now we need to update the Nginx config.

Redirect HTTP Traffic to HTTPS

Open your site’s Nginx configuration file add replace everything with the following. Replacing the file path with the one you received when obtaining the SSL certificate. The ssl_certificate directive should point to your fullchain.pem file, and the ssl_certificate_key directive should point to your privkey.pem file.

upstream backend {
    server localhost:8065;
    keepalive 32;
}

proxy_cache_path /var/cache/nginx levels=1:2 keys_zone=mattermost_cache:10m max_size=3g inactive=120m use_temp_path=off;

server {
     listen [::]:80;
     listen 80;

     server_name yourdomainname.com www.yourdomainname.com;

     return 301 https://yourdomainname.com$request_uri;
}

server {
     listen [::]:443 ssl;
     listen 443 ssl;

     server_name www.yourdomainname.com;

     ssl_certificate /etc/letsencrypt/live/yourdomainname.com/fullchain.pem;
     ssl_certificate_key /etc/letsencrypt/live/yourdomainname.com/privkey.pem;

     return 301 https://yourdomainname.com$request_uri;
}

server {
     listen [::]:443 ssl http2;
     listen 443 ssl http2;

     server_name yourdomainname.com;

     ssl_certificate /etc/letsencrypt/live/yourdomainname.com/fullchain.pem;
     ssl_certificate_key /etc/letsencrypt/live/yourdomainname.com/privkey.pem;

     location ~ /api/v[0-9]+/(users/)?websocket$ {
         proxy_set_header Upgrade $http_upgrade;
         proxy_set_header Connection "upgrade";
         
         client_max_body_size 50M;
        
         proxy_set_header Host $http_host;
         proxy_set_header X-Real-IP $remote_addr;
         proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
         proxy_set_header X-Forwarded-Proto $scheme;
         proxy_set_header X-Frame-Options SAMEORIGIN;
         proxy_buffers 256 16k;
         proxy_buffer_size 16k;
        
         client_body_timeout 60;
         send_timeout 300;
         lingering_timeout 5;
        
         proxy_connect_timeout 90;
         proxy_send_timeout 300;
         proxy_read_timeout 90s;
         proxy_pass http://backend;
    } 

    location / {
         client_max_body_size 50M;
        
         proxy_set_header Connection "";
         proxy_set_header Host $http_host;
         proxy_set_header X-Real-IP $remote_addr;
         proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
         proxy_set_header X-Forwarded-Proto $scheme;
         proxy_set_header X-Frame-Options SAMEORIGIN;
         
         proxy_buffers 256 16k;
         proxy_buffer_size 16k;
         proxy_read_timeout 600s;
        
         proxy_cache mattermost_cache;
         proxy_cache_revalidate on;
         proxy_cache_min_uses 2;
         proxy_cache_use_stale timeout;
         proxy_cache_lock on;
         proxy_http_version 1.1;
         proxy_pass http://backend;
    }
}

Hit CTRL+X followed by Y to save the changes.

Check your configuration and restart Nginx for the changes to take effect.

sudo nginx -t
sudo service nginx restart

Renewing SSL Certificate

Certificates provided by Let’s Encrypt are valid for 90 days only, so you need to renew them often. Now you set up a cronjob to check for the certificate which is due to expire in next 30 days and renew it automatically.

sudo crontab -e

Add this line at the end of the file

0 0,12 * * * certbot renew >/dev/null 2>&1

Hit CTRL+X followed by Y to save the changes.

This cronjob will attempt to check for renewing the certificate twice daily.

Install Mattermost

Visit your domain name in your web browser to configure Mattermost system admin user from your browser.

Create a new System Admin user.

Now go to your console and start using mattermost.

Get your Professional Google Cloud Architect certificate with this easy to learn course now.

Conclusion

Now you have learned how to install Mattermost on your Ubuntu server with Nginx in Google Cloud and secure it with Let’s Encrypt.

Thanks for your time. If you face any problem or any feedback, please leave a comment below.