Mattermost in DMZ?

mattermost
(fpausp) #1

NethServer Version: 7.4
CentOS Version: 7.5

I would like to test Mattermost on a NS7.4 running in my DMZ at home who is accessable via dyndns, for example mattermost.zapto.org.

The Server is up and running, so whats next? What port must be opened on the GW?
What hostname should I use for Mattermost, the same as the dyndns-domain?

Should I use a 2nd NIC for red and point all traffic to it (firewall)?

(Gabriel GHEORGHIU) #2

Find some information here:
http://docs.nethserver.org/en/v7/team_chat.html

Mattermost module

(Gabriel GHEORGHIU) #3

If the NS server on which you will install Mattermost is placed in DMZ, no need for the 2nd NIC for RED Interface on this server.
The entire traffic will be routed from WAN to DMZ by the router which provide DMZ.

(fpausp) #4

OK, thank you. What port shoud be forwarded?

(Gabriel GHEORGHIU) #5

I have not installed, configured or used Mattermost so far, but from what I read fast here:

https://github.com/gsanchietti/nethserver-mattermost
https://docs.mattermost.com/install/install-rhel-71.html#configuring-mattermost-server

I think at least:

80
443
465
8065

(fpausp) #6

I tried 443, 8065 and 5432 without luck… Maybe I must use trusted networks?

(Gabriel GHEORGHIU) #7

You should reach at least the management interface on HTTPS.
Sorry that I can help you more about Mattermost installation and configuration.
In this moment I have not access at a such configuration to try.
Maybe other guys from NS Community which are using Mattermost can help you more.
I think you should read carefully at least the indicated documents.

(fpausp) #8

Yes, I could not find portforwarding until now…

(Gabriel GHEORGHIU) #9

About port forward you will not read there but you will find about the ports which will be used by Mattermost.

EDIT:
That ports, must be opened also on your NS Server on which Mattermost is installed (GREEN Interface).

That ports must be forwarded on your router, from WAN to DMZ.

(fpausp) #10

OK, I took a step forward. I can reach my private mattermost server via Internet…

  1. I had to forward port 443 on the Internet-Gateway to my Firewall.
  2. Another portforward from the Firewall with NAT to my mattermost server in the DMZ.
  3. Just use my DynDNS-Domain in a Browser to get the mattermost loginpage.

Now I am searching a way to create a mattermost-user and password?

(Giacomo Sanchietti) #11

When opening mattermost for the first time, the software will guide you on accounts creation using a wizard.

Take a look also to their excellent doc: https://docs.mattermost.com

(fpausp) #12

I was able to create a user with:

[root@infra03 mattermost]# /opt/mattermost/bin/platform user create --email franz@mydomain.lan --username franz --password mypassword
[2018/05/21 10:30:17 CEST] [INFO] Loaded system translations for 'en' from '/opt/mattermost/i18n/en.json'
[2018/05/21 10:30:17 CEST] [INFO] Server is initializing...
[2018/05/21 10:30:17 CEST] [INFO] Pinging SQL master database
[2018/05/21 10:30:17 CEST] [INFO] License key from https://mattermost.com required to unlock enterprise features.
Created User

But I could not login with the user franz, just with the user admin I created on the installation…

Have u tried it in this way?

edit:
OK, there is something strange with the userpassword policy… I will take a look how userpasswords must look like…

(fpausp) #13

To be able to use special characters in passwords, just put the password btw the ’

create user - example:
/opt/mattermost/bin/platform user create --email franz@mydomain.lan --username franz --password 'mypassword'

delete user - example:
/opt/mattermost/bin/platform user delete franz

(fpausp) #14

Conclusion for Mattermost:

(fpausp) #15

I got a problem after the update to 7.5 beta. If I try to create a mattermost-user, it looks like this:

[root@infra03 ~]# /opt/mattermost/bin/platform user create --email franz@dmz.lan --username franz --password 'mypassword'
panic: Unable to find i18n directory

goroutine 1 [running]:
main.initDBCommandContextCobra(0x2433440, 0x32, 0x246bce0, 0xc4201de400)
        /var/lib/jenkins/jobs/msr/jobs/d/jobs/enterprise-release/workspace/src/github.com/mattermost/mattermost-server/cmd/platform/init.go:22 +0xe2
main.userCreateCmdF(0x2433440, 0xc42005e8a0, 0x0, 0x6, 0x0, 0x0)
        /var/lib/jenkins/jobs/msr/jobs/d/jobs/enterprise-release/workspace/src/github.com/mattermost/mattermost-server/cmd/platform/user.go:293 +0x43
github.com/mattermost/mattermost-server/vendor/github.com/spf13/cobra.(*Command).execute(0x2433440, 0xc42005e720, 0x6, 0x6, 0x2433440, 0xc42005e720)
        /var/lib/jenkins/jobs/msr/jobs/d/jobs/enterprise-release/workspace/src/github.com/mattermost/mattermost-server/vendor/github.com/spf13/cobra/command.go:753 +0x475
github.com/mattermost/mattermost-server/vendor/github.com/spf13/cobra.(*Command).ExecuteC(0x2438040, 0x2433b60, 0x2433dc0, 0x2434020)
        /var/lib/jenkins/jobs/msr/jobs/d/jobs/enterprise-release/workspace/src/github.com/mattermost/mattermost-server/vendor/github.com/spf13/cobra/command.go:843 +0x334
github.com/mattermost/mattermost-server/vendor/github.com/spf13/cobra.(*Command).Execute(0x2438040, 0xc420051f70, 0x10f207c)
        /var/lib/jenkins/jobs/msr/jobs/d/jobs/enterprise-release/workspace/src/github.com/mattermost/mattermost-server/vendor/github.com/spf13/cobra/command.go:791 +0x2b
main.main()
        /var/lib/jenkins/jobs/msr/jobs/d/jobs/enterprise-release/workspace/src/github.com/mattermost/mattermost-server/cmd/platform/mattermost.go:34 +0x2d
(fpausp) #16

As a workaround you have to cd into: /opt/mattermost/i18n/ befor you fire up the command to create a user…

(Giacomo Sanchietti) #17

This is what the bulk script does: