Mattermost in DMZ?

fausp · May 20, 2018, 5:20pm

NethServer Version: 7.4
CentOS Version: 7.5

I would like to test Mattermost on a NS7.4 running in my DMZ at home who is accessable via dyndns, for example mattermost.zapto.org.

The Server is up and running, so whats next? What port must be opened on the GW?
What hostname should I use for Mattermost, the same as the dyndns-domain?

Should I use a 2nd NIC for red and point all traffic to it (firewall)?

GG_jr · May 20, 2018, 5:59pm

Find some information here:
http://docs.nethserver.org/en/v7/team_chat.html

Mattermost module

GG_jr · May 20, 2018, 6:13pm

If the NS server on which you will install Mattermost is placed in DMZ, no need for the 2nd NIC for RED Interface on this server.
The entire traffic will be routed from WAN to DMZ by the router which provide DMZ.

fausp · May 20, 2018, 6:14pm

OK, thank you. What port shoud be forwarded?

GG_jr · May 20, 2018, 6:21pm

I have not installed, configured or used Mattermost so far, but from what I read fast here:

https://github.com/gsanchietti/nethserver-mattermost
https://docs.mattermost.com/install/install-rhel-71.html#configuring-mattermost-server

I think at least:

80
443
465
8065

fausp · May 20, 2018, 6:22pm

I tried 443, 8065 and 5432 without luck… Maybe I must use trusted networks?

GG_jr · May 20, 2018, 6:34pm

You should reach at least the management interface on HTTPS.
Sorry that I can help you more about Mattermost installation and configuration.
In this moment I have not access at a such configuration to try.
Maybe other guys from NS Community which are using Mattermost can help you more.
I think you should read carefully at least the indicated documents.

fausp · May 20, 2018, 6:55pm

Yes, I could not find portforwarding until now…

GG_jr · May 20, 2018, 7:04pm

About port forward you will not read there but you will find about the ports which will be used by Mattermost.

EDIT:
That ports, must be opened also on your NS Server on which Mattermost is installed (GREEN Interface).

That ports must be forwarded on your router, from WAN to DMZ.

fausp · May 21, 2018, 6:55am

OK, I took a step forward. I can reach my private mattermost server via Internet…

I had to forward port 443 on the Internet-Gateway to my Firewall.
Another portforward from the Firewall with NAT to my mattermost server in the DMZ.
Just use my DynDNS-Domain in a Browser to get the mattermost loginpage.

Now I am searching a way to create a mattermost-user and password?

giacomo · May 21, 2018, 7:48am

When opening mattermost for the first time, the software will guide you on accounts creation using a wizard.

Take a look also to their excellent doc: https://docs.mattermost.com

fausp · May 21, 2018, 8:39am

I was able to create a user with:

[root@infra03 mattermost]# /opt/mattermost/bin/platform user create --email franz@mydomain.lan --username franz --password mypassword
[2018/05/21 10:30:17 CEST] [INFO] Loaded system translations for 'en' from '/opt/mattermost/i18n/en.json'
[2018/05/21 10:30:17 CEST] [INFO] Server is initializing...
[2018/05/21 10:30:17 CEST] [INFO] Pinging SQL master database
[2018/05/21 10:30:17 CEST] [INFO] License key from https://mattermost.com required to unlock enterprise features.
Created User

But I could not login with the user franz, just with the user admin I created on the installation…

Have u tried it in this way?

edit:
OK, there is something strange with the userpassword policy… I will take a look how userpasswords must look like…

fausp · May 22, 2018, 5:32am

To be able to use special characters in passwords, just put the password btw the ’

create user - example:
/opt/mattermost/bin/platform user create --email franz@mydomain.lan --username franz --password 'mypassword'

delete user - example:
/opt/mattermost/bin/platform user delete franz

fausp · May 22, 2018, 5:24pm

Conclusion for Mattermost:

fausp · May 23, 2018, 1:58pm

I got a problem after the update to 7.5 beta. If I try to create a mattermost-user, it looks like this:

[root@infra03 ~]# /opt/mattermost/bin/platform user create --email franz@dmz.lan --username franz --password 'mypassword'
panic: Unable to find i18n directory

goroutine 1 [running]:
main.initDBCommandContextCobra(0x2433440, 0x32, 0x246bce0, 0xc4201de400)
        /var/lib/jenkins/jobs/msr/jobs/d/jobs/enterprise-release/workspace/src/github.com/mattermost/mattermost-server/cmd/platform/init.go:22 +0xe2
main.userCreateCmdF(0x2433440, 0xc42005e8a0, 0x0, 0x6, 0x0, 0x0)
        /var/lib/jenkins/jobs/msr/jobs/d/jobs/enterprise-release/workspace/src/github.com/mattermost/mattermost-server/cmd/platform/user.go:293 +0x43
github.com/mattermost/mattermost-server/vendor/github.com/spf13/cobra.(*Command).execute(0x2433440, 0xc42005e720, 0x6, 0x6, 0x2433440, 0xc42005e720)
        /var/lib/jenkins/jobs/msr/jobs/d/jobs/enterprise-release/workspace/src/github.com/mattermost/mattermost-server/vendor/github.com/spf13/cobra/command.go:753 +0x475
github.com/mattermost/mattermost-server/vendor/github.com/spf13/cobra.(*Command).ExecuteC(0x2438040, 0x2433b60, 0x2433dc0, 0x2434020)
        /var/lib/jenkins/jobs/msr/jobs/d/jobs/enterprise-release/workspace/src/github.com/mattermost/mattermost-server/vendor/github.com/spf13/cobra/command.go:843 +0x334
github.com/mattermost/mattermost-server/vendor/github.com/spf13/cobra.(*Command).Execute(0x2438040, 0xc420051f70, 0x10f207c)
        /var/lib/jenkins/jobs/msr/jobs/d/jobs/enterprise-release/workspace/src/github.com/mattermost/mattermost-server/vendor/github.com/spf13/cobra/command.go:791 +0x2b
main.main()
        /var/lib/jenkins/jobs/msr/jobs/d/jobs/enterprise-release/workspace/src/github.com/mattermost/mattermost-server/cmd/platform/mattermost.go:34 +0x2d

fausp · May 23, 2018, 2:11pm

As a workaround you have to cd into: /opt/mattermost/i18n/ befor you fire up the command to create a user…

giacomo · May 23, 2018, 5:17pm

This is what the bulk script does:

github.com

NethServer/nethserver-mattermost/blob/master/root/usr/sbin/mattermost-bulk-user-create#L52


our $org = $db->get_prop("OrganizationContact","Company") || 'DefaultTeam';
our $team = lc($org);
$team =~ s/\s(.*)$//;


sub create_user {
my $user = shift;
my $stripped = $user;
$stripped =~ s/(@.*)//; # strip domain
my $password = $default_password || $generator->generate()->getAscii();
  
my $cmd = "cd /opt/mattermost; ./bin/platform user create --email $user --password '$password' --username $stripped";


my @output = `cd /opt/mattermost; ./bin/platform user search $stripped 2>&1`;
foreach (@output) {
    if ($_ =~ /username: $stripped/) {
        print "Skipping existing user: '$stripped'\n";
        return;
    }
}


print "Creating user: '$stripped' with password '$password' ... ";