|
|
||
|---|---|---|
| release | ||
| .drone.yml | ||
| .env.sample | ||
| .gitignore | ||
| abra.sh | ||
| compose.email.yml | ||
| compose.sso.yml | ||
| compose.yml | ||
| config.json.tmpl | ||
| entrypoint.sh | ||
| gitlab_config_patch.json.tmpl | ||
| README.md | ||
mattermost
- Category: Apps
- Status: 3
- Image:
mattermost/mattermost-team-edition, 4, upstream - Healthcheck: No
- Backups: Yes
- Email: 1
- Tests: 2
- SSO: No
Basic usage
- Set up Docker Swarm and
abra - Deploy
coop-cloud/traefik abra app new --secrets --app-name YOURAPPNAME mattermost(optionally with--passif you'd like to save secrets inpass)abra app config YOURAPPNAME- be sure to change$DOMAINto something that resolves to your Docker swarm boxabra app deploy YOURAPPNAME- Open the configured domain in your browser to finish set-up
Enable Email
WARNING: Following these steps will overwrite the configuration of your Mattermost instance. Probably only run it on a fresh deployment.
abra app config YOURAPPNAME- Uncomment the section starting with Email Support
abra app secret i YOURAPPNAME smtp_pass v1 'yourSMTPpassword'abra app undeploy YOURAPPNAMEabra app deploy YOURAPPNAMEabra app command -C YOURAPPNAME app reset_config<- This will overwrite your configuration
Enable SSO with Authentik
This is how to configure your Mattermost server to accept logins from your Authentik SSO provider.
Configure Authentik
Create a property mapping
- Log in as administrator of your Authentik instance
- Go to https://authentik.yourserver.org/if/admin/#/core/property-mappings and choose Create
- Choose Scope Mapping
- Name:
Mattermost ID - Scope Name:
id - Description: optional own description
- Expression:
return { "id": request.user.id }
- Name:
- Create another Scope Mapping
- Name:
Mattermost Username - Scope Name:
username - Description: optional own description
- Expression:
return { "username": request.user.username }
- Name:
Create Application and Provider
- Go to https://authentik.yourserver.org/if/admin/#/core/applications and choose Create With Wizard
- Application Name: mattermost
- Next
- Choose OAuth2/OIDC
- Set Authorization flow:
default-provider-authorization-implicit-consent (Authorize Application) - Copy the Client ID and Client Secret, you'll need them later
- Add Redirect URIs:
- Expand Advanced Protocol Settings
- Under Scopes, select
Mattermost IDandMattermost Username, and click the > to add them to Selected Scopes - Submit
Configure Mattermost
WARNING: Following these steps will overwrite the configuration of your Mattermost instance. Probably only run it on a fresh deployment.
abra app configure YOURAPPNAME- Uncomment the section starting with
## SSO config - Set
SSO_IDto the value you saved when configuring Authentik
- Uncomment the section starting with
abra app secret insert YOURAPPNAME mattermost_sso_secret v1 <the authentik provider secret you saved>abra app undeploy YOURAPPNAMEabra app deploy YOURAPPNAMEabra app command -C YOURAPPNAME app reset_config<- This will overwrite your configuration
Disable non-SSO login (Optional)
- Ensure that your SSO user has the System Admin role: https://YOURAPPNAME/admin_console/user_management/users
- Go to https://YOURAPPNAME/admin_console/authentication/email
- Set Enable sign-in with email and Enable sign-in with username to
false