Install Mattermost on Ubuntu 18.04 with Nginx – Google Cloud. Mattermost is one of the best open source messaging platform which enabled collaboration across large teams without any security problems and privacy issues.
In this guide you are going to learn how to install Mattermost on Ubuntu 18.04, configure Nginx as a reverse proxy and connect to Cloud SQL.
Prerequisites
- A running Compute Engine, see the Setting up Compute Engine Instance with Ubuntu 18.04
- Initial Ubuntu Server Set up.
- Setup Google Cloud DNS for your Domain name.
- A running Cloud SQL instance, see How to set up Cloud SQL in Google Cloud
With the above-completed
Download Mattermost
Copy the latest version of Mattermost link from the official website and download it using the following comman.
wget https://releases.mattermost.com/5.14.0/mattermost-5.14.0-linux-amd64.tar.gz
Now Mattermost will be downloaded and you need to extract the downloaded file.
tar -xvzf mattermost*.gz
Setup Mattermost
Move the Mattermost file to the /opt
directory.
sudo mv mattermost /opt
Create a new data
directory for storing the files and images that the users post using Mattermost.
sudo mkdir /opt/mattermost/data
Create a new mattermost
user to run the service.
sudo useradd --system --user-group mattermost
Now you can setup correct permissions to the files.
sudo chown -R mattermost:mattermost /opt/mattermost
sudo chmod -R g+w /opt/mattermost
Configure Mattermost Database connection
Setup database driver and database source you need to edit the /opt/mattermost/config/config.json
file and update the following.
Update the database_name with your Cloud SQL database name, IP_Address with your Cloud SQL IP address, username with your Cloud SQL username.
sudo nano /opt/mattermost/config/config.json
"DriverName" to "mysql"
"DataSource" to "username:@tcp(IP_Address:3306)/database_name?charset=utf8mb4,utf8&readTimeout=30s&writeTimeout=30s"
Hit CTRL+X
followed by Y
and Enter
to save the changes.
Test the Mattermost server
Change to mattermost
directory.
cd /opt/mattermost
Start Mattermost.
sudo -u mattermost ./bin/mattermost
When the server starts you can see something similar to this.
{"level":"info","ts":1566809667.3023543,"caller":"jobs/workers.go:68","msg":"Starting workers"}
{"level":"info","ts":1566809667.4290788,"caller":"app/server.go:423","msg":"Starting Server…"}
{"level":"info","ts":1566809667.4293022,"caller":"app/server.go:489","msg":"Server is listening on [::]:8065"}
{"level":"info","ts":1566809667.4919004,"caller":"jobs/schedulers.go:72","msg":"Starting schedulers."}
{"level":"info","ts":1566809667.5540624,"caller":"app/web_hub.go:75","msg":"Starting 2 websocket hubs"}
This "Server is listening on [::]:8065"
indicates your Mattermost server is started and listening on port 8065
If you want to test installation using port on your browser you need to open port 8065
on your Firewall else you can follow the steps below.
Setup Systemd Unit file for Mattermost
Create a new systemd file for mattermost
sudo nano /lib/systemd/system/mattermost.service
Paste the below configuration.
[Unit]
Description=Mattermost
After=network.target
[Service]
Type=notify
ExecStart=/opt/mattermost/bin/mattermost
TimeoutStartSec=3600
Restart=always
RestartSec=10
WorkingDirectory=/opt/mattermost
User=mattermost
Group=mattermost
LimitNOFILE=49152
[Install]
WantedBy=multi-user.target
Reload the daemon the load the new unit file.
sudo systemctl daemon-reload
Start Mattermost.
sudo systemctl start mattermost
To check the status of the Mattermost, run the following command.
sudo systemctl status mattermost
You will receive an output similar to this which indicates Mattermost is running on port 8065
● mattermost.service - Mattermost
Loaded: loaded (/etc/systemd/system/mattermost.service; static; vendor preset: enabled)
Active: active (running) since Mon 2019-08-26 08:58:10 UTC; 6s ago
Main PID: 3204 (mattermost)
Tasks: 19 (limit: 667)
CGroup: /system.slice/mattermost.service
├─3204 /opt/mattermost/bin/mattermost
└─3262 plugins/com.mattermost.nps/server/dist/plugin-linux-amd64
Enable Mattermost to start on server boot.
sudo systemctl enable mattermost
To restart Mattermost you can use the following command.
sudo systemctl restart mattermost
Install and Configure Nginx Reverse proxy
Install nginx.
sudo apt install nginx
Remove default Nginx configurations.
sudo rm /etc/nginx/sites-enabled/default
sudo rm /etc/nginx/sites-available/default
Create a new Nginx configuration for Mattermost in the sites-available
directory.
sudo nano /etc/nginx/sites-available/mattermost.conf
Copy and paste the following configuration, ensure that you change the server_name, error_log and root directives to match your domain name.
upstream backend {
server localhost:8065;
keepalive 32;
}
proxy_cache_path /var/cache/nginx levels=1:2 keys_zone=mattermost_cache:10m max_size=3g inactive=120m use_temp_path=off;
server {
listen 80;
server_name yourdomainname.com;
location ~ /api/v[0-9]+/(users/)?websocket$ {
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
client_max_body_size 50M;
proxy_set_header Host $http_host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Frame-Options SAMEORIGIN;
proxy_buffers 256 16k;
proxy_buffer_size 16k;
client_body_timeout 60;
send_timeout 300;
lingering_timeout 5;
proxy_connect_timeout 90;
proxy_send_timeout 300;
proxy_read_timeout 90s;
proxy_pass http://backend;
}
location / {
client_max_body_size 50M;
proxy_set_header Connection "";
proxy_set_header Host $http_host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Frame-Options SAMEORIGIN;
proxy_buffers 256 16k;
proxy_buffer_size 16k;
proxy_read_timeout 600s;
proxy_cache mattermost_cache;
proxy_cache_revalidate on;
proxy_cache_min_uses 2;
proxy_cache_use_stale timeout;
proxy_cache_lock on;
proxy_http_version 1.1;
proxy_pass http://backend;
}
}
Hit Ctrl+X
followed by Y
and Enter
to save the file and exit.
To enable this newly created website configuration, symlink the file that you just created into sites-enabled
sudo ln -s /etc/nginx/sites-available/mattermost.conf /etc/nginx/sites-enabled/mattermost.conf
Check your configuration and restart Nginx for the changes to take effect.
sudo nginx -t
sudo service nginx restart
Now you can visit your domain name in the web browser. You will see the Mattermost page to create the user with system_admin
role.
Create SSL certificate and enable HTTP/2
HTTPS
HTTPS is a protocol for secure communication between a server (instance) and a client (web browser). Due to the introduction of Let’s Encrypt, which provides free SSL certificates, HTTPS are adopted by everyone and also provides trust to your audiences.
sudo add-apt-repository ppa:certbot/certbot
sudo apt update
sudo apt install python-certbot-nginx
Now we have installed Certbot by Let’s Encrypt for Ubuntu 18.04, run this command to receive your certificates.
sudo certbot --nginx certonly
Enter your email
and agree to the terms and conditions, then you will receive the list of domains you need to generate SSL certificate.
To select all domains simply hit Enter
The Certbot client will automatically generate the new certificate for your domain. Now we need to update the Nginx config.
Redirect HTTP Traffic to HTTPS
Open your site’s Nginx configuration file add replace everything with the following. Replacing the file path with the one you received when obtaining the SSL certificate. The ssl_certificate directive
should point to your fullchain.pem file, and the ssl_certificate_key
directive should point to your privkey.pem file.
upstream backend {
server localhost:8065;
keepalive 32;
}
proxy_cache_path /var/cache/nginx levels=1:2 keys_zone=mattermost_cache:10m max_size=3g inactive=120m use_temp_path=off;
server {
listen [::]:80;
listen 80;
server_name yourdomainname.com www.yourdomainname.com;
return 301 https://yourdomainname.com$request_uri;
}
server {
listen [::]:443 ssl;
listen 443 ssl;
server_name www.yourdomainname.com;
ssl_certificate /etc/letsencrypt/live/yourdomainname.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/yourdomainname.com/privkey.pem;
return 301 https://yourdomainname.com$request_uri;
}
server {
listen [::]:443 ssl http2;
listen 443 ssl http2;
server_name yourdomainname.com;
ssl_certificate /etc/letsencrypt/live/yourdomainname.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/yourdomainname.com/privkey.pem;
location ~ /api/v[0-9]+/(users/)?websocket$ {
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
client_max_body_size 50M;
proxy_set_header Host $http_host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Frame-Options SAMEORIGIN;
proxy_buffers 256 16k;
proxy_buffer_size 16k;
client_body_timeout 60;
send_timeout 300;
lingering_timeout 5;
proxy_connect_timeout 90;
proxy_send_timeout 300;
proxy_read_timeout 90s;
proxy_pass http://backend;
}
location / {
client_max_body_size 50M;
proxy_set_header Connection "";
proxy_set_header Host $http_host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Frame-Options SAMEORIGIN;
proxy_buffers 256 16k;
proxy_buffer_size 16k;
proxy_read_timeout 600s;
proxy_cache mattermost_cache;
proxy_cache_revalidate on;
proxy_cache_min_uses 2;
proxy_cache_use_stale timeout;
proxy_cache_lock on;
proxy_http_version 1.1;
proxy_pass http://backend;
}
}
Hit CTRL+X
followed by Y
to save the changes.
Check your configuration and restart Nginx for the changes to take effect.
sudo nginx -t
sudo service nginx restart
Renewing SSL Certificate
Certificates provided by Let’s Encrypt are valid for 90 days only, so you need to renew them often. Now you set up a cronjob to check for the certificate which is due to expire in next 30 days and renew it automatically.
sudo crontab -e
Add this line at the end of the file
0 0,12 * * * certbot renew >/dev/null 2>&1
Hit CTRL+X
followed by Y
to save the changes.
This cronjob will attempt to check for renewing the certificate twice daily.
Install Mattermost
Visit your domain name in your web browser to configure Mattermost system admin user from your browser.

Create a new System Admin user.
Now go to your console and start using mattermost.

Get your Professional Google Cloud Architect certificate with this easy to learn course now.
Conclusion
Now you have learned how to install Mattermost on your Ubuntu server with Nginx in Google Cloud and secure it with Let’s Encrypt.
Thanks for your time. If you face any problem or any feedback, please leave a comment below.
Great!
Simple and lucid!
Thank you so much!
Glad to hear that you are happy with the tutorials on CloudBooklet. Thank you