Initial file setup

Author: JeffSchering

source/guides/administrator.rst

@@ -1,20 +1,20 @@
 Mattermost Administrator's Guide
---------------------------------
+================================
 
 In-depth documentation on installation, deployment and administration of Mattermost system. 
 
-Install Guides
-==============
+Installing Mattermost
+---------------------
 
 .. toctree::
    :maxdepth: 1
    :glob:
 
-   /install/requirements*
+   /install/requirements.rst
+   Installing on Ubuntu 14.04 LTS </install/install-ubuntu-1404-overview.rst>
    /install/docker-local*
    /install/docker-ebs*
    /install/ee-install*
-   /install/prod-ubuntu*
    /install/prod-rhel*
    /install/prod*
    /install/setup-tls*
@@ -23,8 +23,18 @@ Install Guides
    /install/i18n*
    /install/desktop*
 
+Configuring Mattermost
+----------------------
+
+.. toctree::
+  :maxdepth: 1
+
+  /install/config-mattermost-server.rst
+  /install/config-tls-mattermost.rst
+  /install/config-ssl-http2-nginx.rst
+
 Deployment
-==========
+----------
 
 .. toctree::
    :maxdepth: 1
@@ -43,7 +53,7 @@ Deployment
    /deployment/webrtc*
 
 Administration
-==============
+--------------
 
 .. toctree::
    :maxdepth: 1

source/install/config-mattermost-server.rst

@@ -0,0 +1,35 @@
+Test setup and configure Mattermost Server
+==========================================
+
+1. Navigate to ``https://mattermost.example.com`` and create a team and
+   user.
+2. The first user in the system is automatically granted the
+   ``system_admin`` role, which gives you access to the System Console.
+3. From the ``town-square`` channel click the dropdown and choose the
+   ``System Console`` option
+4.  Update **Notification** > **Email** settings to setup an SMTP email service. The example below assumes AmazonSES.
+
+   -  Set *Send Email Notifications* to ``true``
+   -  Set *Require Email Verification* to ``true``
+   -  Set *Feedback Name* to ``No-Reply``
+   -  Set *Feedback Email* to ``mattermost@example.com``
+   -  Set *SMTP Username* to ``[YOUR_SMTP_USERNAME]``
+   -  Set *SMTP Password* to ``[YOUR_SMTP_PASSWORD]``
+   -  Set *SMTP Server* to ``email-smtp.us-east-1.amazonaws.com``
+   -  Set *SMTP Port* to ``465``
+   -  Set *Connection Security* to ``TLS``
+   -  Save the Settings
+
+5. Update **File** > **Storage** settings:
+
+   -  Change *Local Directory Location* from ``./data/`` to
+      ``/mattermost/data``
+
+6. Update **General** > **Logging** settings:
+
+   -  Set *Log to The Console* to ``false``
+
+7. Feel free to modify other settings.
+8. Restart the Mattermost Service by typing:
+
+   -  ``sudo restart mattermost``

source/install/config-ssl-http2-nginx.rst

@@ -0,0 +1,107 @@
+Set up NGINX with SSL (Recommended)
+===================================
+
+1. You can use a free and an open certificate security like let's
+   encrypt, this is how to proceed
+
+-  ``sudo apt-get install git``
+-  ``git clone https://github.com/letsencrypt/letsencrypt``
+-  ``cd letsencrypt``
+
+2. Be sure that the port 80 is not use by stopping NGINX
+
+-  ``sudo service nginx stop``
+-  ``netstat -na | grep ':80.*LISTEN'``
+-  ``./letsencrypt-auto certonly --standalone``
+
+3. This command will download packages and run the instance, after that
+   you will have to give your domain name
+4. You can find your certificate in ``/etc/letsencrypt/live``
+5. Modify the file at ``/etc/nginx/sites-available/mattermost`` and add
+   the following lines:
+
+  ::
+
+    upstream backend {
+        server 10.10.10.2:8065;
+    }
+
+    server {
+       listen         80;
+       server_name    mattermost.example.com;
+       return         301 https://$server_name$request_uri;
+    }
+
+    proxy_cache_path /var/cache/nginx levels=1:2 keys_zone=mattermost_cache:10m max_size=3g inactive=120m use_temp_path=off;
+
+    server {
+       listen 443 ssl;
+       server_name mattermost.example.com;
+
+       ssl on;
+       ssl_certificate /etc/letsencrypt/live/yourdomainname/fullchain.pem;
+       ssl_certificate_key /etc/letsencrypt/live/yourdomainname/privkey.pem;
+       ssl_session_timeout 5m;
+       ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
+       ssl_ciphers 'EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH';
+       ssl_prefer_server_ciphers on;
+       ssl_session_cache shared:SSL:10m;
+
+       location /api/v3/users/websocket {
+          proxy_set_header Upgrade $http_upgrade;
+          proxy_set_header Connection "upgrade";
+          proxy_set_header X-Forwarded-Ssl on;
+          client_max_body_size 50M;
+          proxy_set_header Host $http_host;
+          proxy_set_header X-Real-IP $remote_addr;
+          proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+          proxy_set_header X-Forwarded-Proto $scheme;
+          proxy_set_header X-Frame-Options SAMEORIGIN;
+          proxy_buffers 256 16k;
+          proxy_buffer_size 16k;
+          proxy_read_timeout 600s;
+          proxy_pass http://backend;
+       }
+
+       location / {
+          proxy_set_header X-Forwarded-Ssl on;
+          client_max_body_size 50M;
+          proxy_set_header Connection "";
+          proxy_set_header Host $http_host;
+          proxy_set_header X-Real-IP $remote_addr;
+          proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+          proxy_set_header X-Forwarded-Proto $scheme;
+          proxy_set_header X-Frame-Options SAMEORIGIN;
+          proxy_buffers 256 16k;
+          proxy_buffer_size 16k;
+          proxy_read_timeout 600s;
+          proxy_cache mattermost_cache;
+          proxy_cache_revalidate on;
+          proxy_cache_min_uses 2;
+          proxy_cache_use_stale timeout;
+          proxy_cache_lock on;
+          proxy_pass http://backend;
+        }
+    }
+
+
+6. Be sure to restart NGINX
+  * ``\ sudo service nginx start``
+7. Add the following line to cron so the cert will renew every month
+  * ``crontab -e``
+  * ``@monthly /home/ubuntu/letsencrypt/letsencrypt-auto certonly --reinstall --nginx -d yourdomainname && sudo service nginx reload``
+8. Check that your SSL certificate is set up correctly
+  * Test the SSL certificate by visiting a site such as `https://www.ssllabs.com/ssltest/index.html <https://www.ssllabs.com/ssltest/index.html>`_
+  * If there’s an error about the missing chain or certificate path, there is likely an intermediate certificate missing that needs to be included
+
+Setup HTTP2
+------------
+
+It is recommended to enable HTTP2 for enhanced performance. 
+
+1. Modify your NGINX configuration as above. Then,
+
+  - Change the line ``listen 443 ssl;`` to ``listen 443 ssl http2;``
+  - Change the line ``proxy_pass http://10.10.10.2:8065;`` to ``proxy_pass https://10.10.10.2:8065;``
+  
+2. Restart NGINX

source/install/setup-tls.rst renamed to source/install/config-tls-mattermost.rst

@@ -0,0 +1,95 @@
+Set up NGINX Server
+===================
+
+1. For the purposes of this guide we will assume this server has an IP
+   address of ``10.10.10.3``
+2. We use NGINX for proxying request to the Mattermost Server. The main
+   benefits are:
+
+   -  SSL termination
+   -  http to https redirect
+   -  Port mapping ``:80`` to ``:8065``
+   -  Standard request logs
+
+
+3. Install NGINX on Ubuntu with
+
+   -  ``sudo apt-get install nginx``
+
+4. Verify NGINX is running
+
+   -  ``curl http://10.10.10.3``
+   -  You should see a *Welcome to NGINX!* page
+
+5. You can manage NGINX with the following commands
+
+   -  ``sudo service nginx stop``
+   -  ``sudo service nginx start``
+   -  ``sudo service nginx restart``
+
+6. Map a FQDN (fully qualified domain name) like
+   ``mattermost.example.com`` to point to the NGINX server.
+7. Configure NGINX to proxy connections from the internet to the
+   Mattermost Server
+
+   -  Create a configuration for Mattermost
+   -  ``sudo touch /etc/nginx/sites-available/mattermost``
+   -  Below is a sample nginx configuration optimized for performance:
+
+    ::
+    
+        upstream backend {
+            server 10.10.10.2:8065;
+        }
+
+        proxy_cache_path /var/cache/nginx levels=1:2 keys_zone=mattermost_cache:10m max_size=3g inactive=120m use_temp_path=off;
+
+        server {
+            listen 80;
+            server_name    mattermost.example.com;
+
+            location /api/v3/users/websocket {
+                proxy_set_header Upgrade $http_upgrade;
+                proxy_set_header Connection "upgrade";
+                client_max_body_size 50M;
+                proxy_set_header Host $http_host;
+                proxy_set_header X-Real-IP $remote_addr;
+                proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+                proxy_set_header X-Forwarded-Proto $scheme;
+                proxy_set_header X-Frame-Options SAMEORIGIN;
+                proxy_buffers 256 16k;
+                proxy_buffer_size 16k;
+                proxy_read_timeout 600s;
+                proxy_pass http://backend;
+            }
+
+            location / {
+                client_max_body_size 50M;
+                proxy_set_header Connection "";
+                proxy_set_header Host $http_host;
+                proxy_set_header X-Real-IP $remote_addr;
+                proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+                proxy_set_header X-Forwarded-Proto $scheme;
+                proxy_set_header X-Frame-Options SAMEORIGIN;
+                proxy_buffers 256 16k;
+                proxy_buffer_size 16k;
+                proxy_read_timeout 600s;
+                proxy_cache mattermost_cache;
+                proxy_cache_revalidate on;
+                proxy_cache_min_uses 2;
+                proxy_cache_use_stale timeout;
+                proxy_cache_lock on;
+                proxy_pass http://backend;
+            }
+        }
+
+
+   * Remove the existing file with
+   * ``` sudo rm /etc/nginx/sites-enabled/default```
+   * Link the mattermost config by typing:
+   * ```sudo ln -s /etc/nginx/sites-available/mattermost /etc/nginx/sites-enabled/mattermost```
+   * Restart NGINX by typing:
+   * ``` sudo service nginx restart```
+   * Verify you can see Mattermost thru the proxy by typing:
+   * ``` curl http://localhost```
+   * You should see a page titles *Mattermost - Signup*

source/install/install-nginx.rst

@@ -0,0 +1,85 @@
+Set up Mattermost Server
+========================
+
+For the purposes of this guide we will assume this server has an IP address of ``10.10.10.2``
+
+1. Create a mattermost user and group
+
+    - ``sudo adduser --system --group mattermost``
+
+2. Change to the mattermost home directory.
+
+    ``cd /home/mattermost``
+
+3. Download `the latest version of the Mattermost Server <https://docs.mattermost.com/administration/upgrade.html#version-archive>`_ by typing:
+
+   -  ``wget https://releases.mattermost.com/X.X.X/mattermost-X.X.X-linux-amd64.tar.gz``
+   -  Where ``vX.X.X`` is the latest version.
+
+4. Extract the Mattermost Server files by typing:
+
+   -  ``sudo tar -xvzf *.gz``
+
+5. Change the user and group of the extracted files to mattermost
+
+   - ``sudo chown -R mattermost:mattermost mattermost/``
+
+6. Create the storage directory for files. We assume you will have
+   attached a large drive for storage of images and files. For this
+   setup we will assume the directory is located at
+   ``/mattermost/data``.
+
+   -  Create the directory by typing:
+   -  ``sudo mkdir -p /mattermost/data``
+   -  Set the mattermost account as the directory owner by typing:
+   -  ``sudo chown -R mattermost:mattermost /mattermost``
+
+7. Configure Mattermost Server by editing the config.json file at
+   ``/home/mattermost/config``
+
+   -  ``cd /home/mattermost/mattermost/config``
+   -  Edit the file by typing:
+   -  ``vi config.json``
+   -  If you are using PostgreSQL:    
+     -  Set ``DriverName":`` to ``"postgres"``
+     -  Set ``"DataSource:"`` to the following value: ``"postgres://mmuser:mmuser_password@10.10.10.1:5432/mattermost?sslmode=disable&connect_timeout=10"``
+   -  If you are using MySQL:    
+     -  Set ``DriverName":`` to ``"mysql"``
+     -  Set ``"DataSource":`` to the following value: ``"mmuser:mmuser_password@tcp(10.10.10.1:3306)/mattermost?charset=utf8"``
+   -  You can continue to edit configuration settings in
+      ``config.json`` or use the System Console described in a later
+      section to finish the configuration.
+
+8. Test the Mattermost Server
+
+   -  ``cd ~/mattermost/bin``
+   -  Run the Mattermost Server by typing:
+   -  ``./platform``
+   -  You should see a console log like ``Server is listening on :8065``
+      letting you know the service is running.
+   -  Stop the server for now by typing ``ctrl-c``
+
+9. Setup Mattermost to use the Upstart daemon which handles supervision
+   of the Mattermost process.
+
+   -  ``sudo touch /etc/init/mattermost.conf``
+   -  ``sudo vi /etc/init/mattermost.conf``
+   -  Copy the following lines into ``/etc/init/mattermost.conf``
+
+      ::
+
+          start on runlevel [2345]
+          stop on runlevel [016]
+          respawn
+          limit nofile 50000 50000
+          chdir /home/mattermost/mattermost
+          setuid mattermost
+          exec bin/platform
+
+   -  You can manage the process by typing:
+   -  ``sudo start mattermost``
+   -  Verify the service is running by typing:
+   -  ``curl http://10.10.10.2:8065``
+   -  You should see a page titles *Mattermost - Signup*
+   -  You can also stop the process by running the command
+      ``sudo stop mattermost``, but we will skip this step for now.