Mattermost is an open-source, self-hosted team messaging platform that offers a secure, customizable alternative to Slack with channels, threads, file sharing, and integrations under your own control. This guide deploys the Mattermost Team Edition on Ubuntu 22.04 backed by a managed PostgreSQL database, fronts it with Nginx for HTTPS via Let's Encrypt, and wires Postfix for outbound email. By the end, you'll have Mattermost serving a team workspace securely at your domain.
Prerequisite: Ubuntu 22.04 server with 4 GB+ RAM, a PostgreSQL endpoint you can reach (managed or self-hosted), and a domain with an A record pointing at the server.
Create the Mattermost Database
1. Install the PostgreSQL client:
$ sudo apt install postgresql-client
2. Connect to the PostgreSQL endpoint:
$ psql -h DB_HOST -U DB_ADMIN -p DB_PORT -d defaultdb
3. Create the database, user, and grants:
CREATE DATABASE mattermostdb;
CREATE USER mmadmin WITH PASSWORD 'your-password';
GRANT ALL PRIVILEGES ON DATABASE mattermostdb TO mmadmin;
GRANT USAGE, CREATE ON SCHEMA PUBLIC TO mmadmin;
ALTER DATABASE mattermostdb OWNER TO mmadmin;
\q
Install Mattermost from the Official APT Repository
1. Trust the Mattermost signing key:
$ curl -sL -o- https://deb.packages.mattermost.com/pubkey.gpg | gpg --dearmor | sudo tee /usr/share/keyrings/mattermost-archive-keyring.gpg > /dev/null
2. Add the repository:
$ curl -o- https://deb.packages.mattermost.com/repo-setup.sh | sudo bash -s mattermost
3. Install the server:
$ sudo apt update
$ sudo apt install mattermost -y
Configure Mattermost
1. Edit the server configuration:
$ sudo nano /opt/mattermost/config/config.json
Set:
"SiteURL": "https://mattermost.example.com"
"DataSource": "postgres://mmadmin:your-password@DB_HOST:DB_PORT/mattermostdb?sslmode=require&connect_timeout=10&binary_parameters=yes"
2. Start and enable the service:
$ sudo systemctl enable --now mattermost
$ sudo systemctl status mattermost
Front Mattermost with Nginx and Let's Encrypt
1. Open the HTTPS ports:
$ sudo ufw allow 80 comment 'mattermost http'
$ sudo ufw allow 443 comment 'mattermost https'
2. Issue a Let's Encrypt certificate:
$ sudo apt install python3-certbot-nginx -y
$ sudo certbot --standalone certonly -d mattermost.example.com --agree-tos
3. Create the Nginx virtual host:
$ sudo nano /etc/nginx/sites-available/mattermost.example.com
upstream mattermost {
server 127.0.0.1:8065;
keepalive 32;
}
server {
listen 80 default_server;
server_name mattermost.example.com;
return 301 https://$server_name$request_uri;
}
server {
listen 443 ssl http2;
listen [::]:443 ssl http2;
server_name mattermost.example.com;
ssl_certificate /etc/letsencrypt/live/mattermost.example.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/mattermost.example.com/privkey.pem;
ssl_protocols TLSv1.2 TLSv1.3;
location ~ /api/v[0-9]+/(users/)?websocket$ {
proxy_pass http://mattermost;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
}
location / {
client_max_body_size 100M;
proxy_pass http://mattermost;
}
}
4. Enable the site and reload Nginx:
$ sudo ln -s /etc/nginx/sites-available/mattermost.example.com /etc/nginx/sites-enabled/
$ sudo nginx -t
$ sudo systemctl restart nginx
Configure Postfix for Outbound Email
1. Install Postfix and the mail CLI:
$ sudo apt install mailutils -y
$ sudo hostnamectl set-hostname mattermost.example.com
2. Bind Postfix to localhost only:
$ sudo nano /etc/postfix/main.cf
inet_interfaces = loopback-only
mydestination = localhost.$mydomain, localhost, $myhostname
3. Restart Postfix and send a test:
$ sudo systemctl restart postfix
$ echo "Test message" | mail -s "Hello" admin@example.com
Complete the Setup
- Open
https://mattermost.example.comand create the first administrator account. - Choose a team name and URL.
- Invite team members and create channels.
- (Optional) Connect S3-compatible object storage under Admin Console → File Storage for attachments, screenshots, and avatars.
Next Steps
Mattermost is running and served securely over HTTPS. From here you can:
- Connect S3-compatible object storage for media attachments
- Enable SAML, OIDC, or LDAP under Admin Console → Authentication
- Install integrations (Jira, GitHub, PagerDuty, custom webhooks) from the marketplace
For the full guide with additional tips, visit the original article on Vultr Docs.
Top comments (0)