CentOSRHEL Based

How To Install Mattermost on CentOS Stream 10

r00t

Install Mattermost on CentOS Stream 10

Mattermost stands as a powerful, open-source alternative to proprietary collaboration platforms like Slack. As organizations increasingly prioritize data sovereignty and customizable communication solutions, self-hosted platforms like Mattermost have gained significant traction. This comprehensive guide will walk you through installing Mattermost on CentOS Stream 10, providing you with a secure, reliable, and fully-controlled messaging platform for your team or enterprise.

CentOS Stream 10 offers an excellent foundation for Mattermost deployment, combining the stability of enterprise-grade Linux with the forward-looking features that make it ideal for modern server applications. By following this guide, system administrators and DevOps engineers will gain the knowledge needed to deploy a production-ready Mattermost instance with proper security considerations and optimization techniques.

Prerequisites

Before diving into the installation process, ensuring your system meets the necessary requirements will save you troubleshooting time later. Mattermost’s performance depends significantly on your hardware configuration and supporting software environment.

Hardware Requirements

For a successful Mattermost installation on CentOS Stream 10, your server should meet these minimum specifications:

  • 2GB RAM (minimum for small teams)
  • 1 vCPU/core (supports up to 1,000 users)
  • 20GB storage for application data and logs
  • Additional storage for file uploads and media sharing

For larger deployments supporting over 1,000 users, consider upgrading to at least 4GB RAM and 2 vCPUs for optimal performance.

Software Requirements

Your CentOS Stream 10 installation will need these components:

  • Fresh installation of CentOS Stream 10
  • PostgreSQL 13+ database (recommended by Mattermost)
  • Web server (NGINX or Apache) for reverse proxy
  • Administrative (sudo) privileges for installation

System Preparation

Begin by updating your CentOS Stream 10 system packages to ensure you’re working with the latest security patches and dependencies:

sudo dnf update -y

Verify your system architecture compatibility using:

lscpu | grep -i "architecture\|cpu op-mode"

This ensures your system supports the x86_64_v3 architecture required for optimal Mattermost performance.

Installing Dependencies

Mattermost relies on several key components to function properly. Let’s set these up one by one.

PostgreSQL Database Setup

While Mattermost supports both PostgreSQL and MySQL/MariaDB, PostgreSQL is the recommended database for production environments due to its stability and performance characteristics.

First, install PostgreSQL on your CentOS Stream 10 server:

sudo dnf install -y postgresql-server postgresql-contrib

Initialize the database and enable automatic startup:

sudo postgresql-setup --initdb
sudo systemctl enable postgresql
sudo systemctl start postgresql

Now create a dedicated database and user for Mattermost:

sudo -u postgres psql

Once in the PostgreSQL shell, execute the following SQL commands:

CREATE DATABASE mattermost;
CREATE USER mmuser WITH PASSWORD 'your_secure_password';
GRANT ALL PRIVILEGES ON DATABASE mattermost TO mmuser;
\q

Remember to replace ‘your_secure_password’ with a strong, unique password.

Configure PostgreSQL to accept connections from Mattermost by editing the client authentication configuration file:

sudo nano /var/lib/pgsql/data/pg_hba.conf

Add this line before the existing “host” entries:

host    mattermost      mmuser          127.0.0.1/32            md5

Save the file and restart PostgreSQL:

sudo systemctl restart postgresql

NGINX Installation

NGINX will serve as a reverse proxy for Mattermost, handling SSL termination and providing an additional security layer:

sudo dnf install -y nginx

Configure NGINX to start automatically on system boot:

sudo systemctl enable nginx
sudo systemctl start nginx

Mattermost Installation

With dependencies in place, we can now install the Mattermost server itself.

Downloading Binaries

Obtain the latest Mattermost release package from the official download page:

cd /tmp
wget https://releases.mattermost.com/10.7.0/mattermost-10.7.0-linux-amd64.tar.gz

Verify the integrity of the downloaded file with SHA-256 checksum:

sha256sum mattermost-*.tar.gz

Compare this value with the official checksum provided on the Mattermost downloads page for security verification.

File Extraction & Permissions

Extract the archive and move files to the installation location:

tar -xvf mattermost-*.tar.gz
sudo mv mattermost /opt

Create a dedicated system user and group for running Mattermost securely:

sudo useradd --system --user-group mattermost

Create the data directory for storing files, images, and attachments:

sudo mkdir -p /opt/mattermost/data

Set appropriate ownership and permissions:

sudo chown -R mattermost:mattermost /opt/mattermost
sudo chmod -R g+w /opt/mattermost

Proper permission configuration is critical for security while allowing Mattermost to function correctly.

Configuration

Proper configuration ensures your Mattermost server operates efficiently and securely.

config.json Modifications

The main configuration file for Mattermost is located at /opt/mattermost/config/config.json. Create a backup before making changes:

sudo cp /opt/mattermost/config/config.json /opt/mattermost/config/config.defaults.json

Edit the configuration file:

sudo nano /opt/mattermost/config/config.json

At minimum, make the following changes:

1. Configure database connection:

"SqlSettings": {
  "DriverName": "postgres",
  "DataSource": "postgres://mmuser:your_secure_password@localhost:5432/mattermost?sslmode=disable&connect_timeout=10"
}

2. Configure site URL (replace with your actual domain):

"ServiceSettings": {
  "SiteURL": "https://mattermost.yourdomain.com"
}

3. Set support email for user assistance:

"SupportSettings": {
  "SupportEmail": "admin@yourdomain.com"
}

Remember to replace the placeholder values with your actual configuration details.

System User Configuration

Ensure the Mattermost service runs with appropriate system privileges. We’ve already created the mattermost user earlier, but it’s important to verify that all directories maintain proper ownership:

sudo chown -R mattermost:mattermost /opt/mattermost

This prevents Mattermost from running with excessive privileges while ensuring it can access all needed files.

Systemd Service Setup

Creating a systemd service enables automatic startup of Mattermost and proper service management.

Create a service file for Mattermost:

sudo nano /etc/systemd/system/mattermost.service

Add the following configuration:

[Unit]
Description=Mattermost
After=network.target postgresql.service

[Service]
Type=notify
User=mattermost
Group=mattermost
ExecStart=/opt/mattermost/bin/mattermost
TimeoutStartSec=3600
Restart=always
RestartSec=10
WorkingDirectory=/opt/mattermost
LimitNOFILE=49152

[Install]
WantedBy=multi-user.target

Enable and start the Mattermost service:

sudo systemctl daemon-reload
sudo systemctl enable mattermost
sudo systemctl start mattermost

Verify the service is running properly:

sudo systemctl status mattermost

This should show “active (running)” if everything is configured correctly.

Security Hardening

Proper security measures protect your Mattermost instance from unauthorized access and potential vulnerabilities.

Firewall Configuration

CentOS Stream 10 uses firewalld as its default firewall management tool. Configure it to allow HTTP/HTTPS traffic:

sudo firewall-cmd --permanent --add-service=http
sudo firewall-cmd --permanent --add-service=https
sudo firewall-cmd --reload

To verify your firewall configuration:

sudo firewall-cmd --list-all

SELinux Policies

CentOS Stream 10 enables SELinux by default, which provides additional security through mandatory access controls. Configure the appropriate contexts for Mattermost:

sudo semanage fcontext -a -t httpd_sys_content_t "/opt/mattermost(/.*)?"
sudo restorecon -Rv /opt/mattermost

Additionally, allow NGINX to act as a reverse proxy:

sudo setsebool -P httpd_can_network_connect 1

These SELinux policies provide an additional security layer while allowing Mattermost to function correctly.

SSL Configuration

Encrypting traffic to your Mattermost server is essential for security. Let’s Encrypt provides free SSL certificates that are widely trusted.

Let’s Encrypt Certificates

First, install the Certbot tool for Let’s Encrypt:

sudo dnf install -y certbot python3-certbot-nginx

Obtain an SSL certificate for your domain:

sudo certbot --nginx -d mattermost.yourdomain.com

Follow the interactive prompts to complete the process. Certbot will automatically configure NGINX to use the new certificate and set up renewal.

Verify automatic renewal works correctly:

sudo certbot renew --dry-run

A successful test ensures your certificates will renew automatically before expiration.

Reverse Proxy Setup

A reverse proxy provides additional security and performance benefits by handling client connections and forwarding requests to Mattermost.

NGINX Configuration

Create a dedicated configuration file for your Mattermost site:

sudo nano /etc/nginx/conf.d/mattermost.conf

Add the following configuration, replacing “mattermost.yourdomain.com” with your actual domain:

server {
    listen 80;
    server_name mattermost.yourdomain.com;
    
    # Redirect HTTP to HTTPS
    return 301 https://$server_name$request_uri;
}

server {
    listen 443 ssl http2;
    server_name mattermost.yourdomain.com;
    
    # SSL configuration
    ssl_certificate /etc/letsencrypt/live/mattermost.yourdomain.com/fullchain.pem;
    ssl_certificate_key /etc/letsencrypt/live/mattermost.yourdomain.com/privkey.pem;
    ssl_session_timeout 1d;
    ssl_protocols TLSv1.2 TLSv1.3;
    ssl_prefer_server_ciphers off;
    ssl_session_cache shared:SSL:10m;
    
    # Security headers
    add_header Strict-Transport-Security "max-age=63072000" always;
    add_header X-Content-Type-Options nosniff;
    add_header X-Frame-Options DENY;
    add_header X-XSS-Protection "1; mode=block";
    
    # Proxy settings
    location / {
        proxy_pass http://127.0.0.1:8065;
        proxy_http_version 1.1;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection "upgrade";
        proxy_set_header Host $http_host;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header X-Forwarded-Proto $scheme;
        proxy_set_header X-Frame-Options SAMEORIGIN;
        proxy_buffers 256 16k;
        proxy_buffer_size 16k;
        client_max_body_size 50M;
    }
}

Test and reload the NGINX configuration:

sudo nginx -t
sudo systemctl reload nginx

SMTP Email Configuration

Email notifications are crucial for user engagement in Mattermost. Setting up SMTP enables account verification, password resets, and notifications.

Install Postfix for local mail delivery:

sudo dnf install -y postfix
sudo systemctl enable postfix
sudo systemctl start postfix

Update your Mattermost configuration to use the SMTP server:

sudo nano /opt/mattermost/config/config.json

Add the following email configuration:

"EmailSettings": {
  "EnableSignUpWithEmail": true,
  "EnableSignInWithEmail": true,
  "SendEmailNotifications": true,
  "RequireEmailVerification": true,
  "FeedbackName": "Mattermost Notifications",
  "FeedbackEmail": "noreply@yourdomain.com",
  "SMTPUsername": "your-smtp-username",
  "SMTPPassword": "your-smtp-password",
  "SMTPServer": "smtp.yourmailprovider.com",
  "SMTPPort": "587",
  "ConnectionSecurity": "STARTTLS",
  "EnableSMTPAuth": true
}

Restart Mattermost to apply the changes:

sudo systemctl restart mattermost

Post-Installation Tasks

After successful installation, complete these additional steps to finalize your Mattermost deployment.

Admin Account Creation

Access your Mattermost installation through your web browser at https://mattermost.yourdomain.com. You’ll be guided through the initial setup process:

  1. Create the first system administrator account
  2. Configure team settings
  3. Set up notification preferences

This first account has full administrative privileges, so secure it with a strong password and consider enabling multi-factor authentication.

Install Mattermost on CentOS Stream 10

Team Configuration

Create and organize teams based on your organizational structure:

  1. Navigate to System Console > User Management > Teams
  2. Click “Create New Team”
  3. Configure team-specific settings, including membership restrictions and default channels

Consider creating a welcome guide in the default channel to help users get started.

Backup Strategy

Implement a regular backup strategy to protect your Mattermost data:

# Database backup
pg_dump -U postgres mattermost > mattermost_db_backup_$(date +%Y%m%d).sql

# File data backup
sudo tar -czf mattermost_data_backup_$(date +%Y%m%d).tar.gz /opt/mattermost/data

# Configuration backup
sudo cp /opt/mattermost/config/config.json mattermost_config_backup_$(date +%Y%m%d).json

Store these backups securely, preferably on a separate system or cloud storage.

Troubleshooting

Even with careful installation, issues may arise. Here are solutions to common Mattermost problems.

Service Startup Issues

If Mattermost fails to start, check the logs:

sudo journalctl -u mattermost --since "1 hour ago"

Common issues include:

  • Database connection problems: Verify PostgreSQL is running (sudo systemctl status postgresql) and connection details are correct in config.json
  • Permission errors: Ensure proper ownership of the /opt/mattermost directory
  • Port conflicts: Verify no other service is using port 8065

Database Connection Errors

For database connectivity issues:

# Verify PostgreSQL is running
sudo systemctl status postgresql

# Check database permissions
sudo -u postgres psql -c "\l" | grep mattermost

Ensure the pg_hba.conf file allows connections from Mattermost.

Log Analysis

Mattermost logs contain valuable troubleshooting information:

sudo tail -f /opt/mattermost/logs/mattermost.log

For more detailed logging:

  1. Navigate to System Console > Environment > Logging
  2. Change File Log Level to DEBUG temporarily
  3. Reproduce the issue
  4. Return log level to INFO after troubleshooting

This provides comprehensive information about the specific problem you’re experiencing.

Congratulations! You have successfully installed Mattermost. Thanks for using this tutorial for installing Mattermost on your CentOS Stream 10 system. For additional help or useful information, we recommend you check the official Mattermost website.

VPS Manage Service Offer
If you don’t have time to do all of this stuff, or if this is not your area of expertise, we offer a service to do “VPS Manage Service Offer”, starting from $10 (Paypal payment). Please contact us to get the best deal!
Tags
r00t
Photo of r00t

r00t

r00t is an experienced Linux enthusiast and technical writer with a passion for open-source software. With years of hands-on experience in various Linux distributions, r00t has developed a deep understanding of the Linux ecosystem and its powerful tools. He holds certifications in SCE and has contributed to several open-source projects. r00t is dedicated to sharing her knowledge and expertise through well-researched and informative articles, helping others navigate the world of Linux with confidence.
Copyright © 2025 idroot.us | All Rights Reserved | Follow us for more Linux tutorials!
Back to top button