Add basic mattermost configuration

42882c0a · jurgenhaas · 02fd0c32 · 42882c0a · 42882c0a · 42882c0a
Commit 42882c0a authored 9 years ago by jurgenhaas
--- a/tasks/main.yml
+++ b/tasks/main.yml
+# Add Mattermost:
+# - http://doc.gitlab.com/omnibus/gitlab-mattermost/
+# - http://www.mattermost.org/community-applications/
+# - https://github.com/NotSqrt/mattermost-integration-gitlab
+# - Apache:
+#   - https://github.com/mattermost/docs/pull/25
+#   - https://forum.mattermost.org/t/help-wanted-test-new-apache-instructions/878
+
+
 ---
 - name: install prerequisites
  become: yes

--- a/templates/default
+++ b/templates/default
 <VirtualHost *:80>
-    ServerAdmin admin@paragon-es.de
-    DocumentRoot /var/www
+  ServerAdmin admin@paragon-es.de
+  DocumentRoot /var/www

-    <Directory /var/www>
-      Allow from all
-      Options -MultiViews
-    </Directory>
+  <Directory /var/www>
+    Allow from all
+    Options -MultiViews
+  </Directory>

-    ErrorLog /var/log/apache2/error.log
-    LogLevel warn
-    CustomLog /var/log/apache2/access.log combined
+  ErrorLog /var/log/apache2/error.log
+  LogLevel warn
+  CustomLog /var/log/apache2/access.log combined
 </VirtualHost>

 <VirtualHost *:80>
@@ -22,7 +22,7 @@
 </VirtualHost>

 <VirtualHost *:80>
-  ServerName xyoutrack.paragon-es.de
+  ServerName mattermost.paragon-es.de
  ServerSignature Off

  RewriteEngine on
@@ -34,12 +34,12 @@
  ServerName youtrack.paragon-es.de
  ServerSignature Off

-    ProxyRequests Off
-    <Proxy *:80>
-      Order deny,allow
-      Allow from all
-    </Proxy>
-    ProxyPass / http://127.0.0.1:8085/
-    ProxyPassReverse / http://127.0.0.1:8085/
+  ProxyRequests Off
+  <Proxy *:80>
+    Order deny,allow
+    Allow from all
+  </Proxy>
+  ProxyPass / http://127.0.0.1:8085/
+  ProxyPassReverse / http://127.0.0.1:8085/
 </VirtualHost>

--- a/templates/default-ssl
+++ b/templates/default-ssl
@@ -70,3 +70,58 @@
  CustomLog ${APACHE_LOG_DIR}/gitlab_ssl_access.log combined env=!dontlog
  CustomLog ${APACHE_LOG_DIR}/gitlab_ssl.log combined
 </VirtualHost>
+
+<VirtualHost _default_:443>
+  SSLEngine on
+  SSLProxyEngine on
+  #strong encryption ciphers only
+  #see ciphers(1) http://www.openssl.org/docs/apps/ciphers.html
+  SSLProtocol all -SSLv2
+  SSLHonorCipherOrder on
+  SSLCipherSuite "ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:ECDH+3DES:DH+3DES:RSA+AESGCM:RSA+AES:RSA+3DES:!aNULL:!MD5:!DSS"
+  Header add Strict-Transport-Security: "max-age=15768000;includeSubdomains"
+  SSLCompression Off
+  SSLCertificateChainFile /etc/ssl/private/Intermediate_CA_Bundle.crt
+  SSLCertificateFile /etc/ssl/private/paragon-es.de.crt
+  SSLCertificateKeyFile /etc/ssl/private/paragon-es.de.key
+
+  ServerName {{ mattermost_domain }}
+  ServerSignature Off
+
+  ProxyPreserveHost On
+  RewriteEngine on
+  RewriteCond %{REQUEST_URI}  ^/api/v1/websocket   [NC,OR]
+  RewriteCond %{HTTP:UPGRADE} ^WebSocket$          [NC,OR]
+  RewriteCond %{HTTP:CONNECTION} ^Upgrade$         [NC]
+  RewriteRule .* ws://127.0.0.1:8065%{REQUEST_URI} [P,QSA,L]
+
+  RewriteCond %{DOCUMENT_ROOT}/%{REQUEST_FILENAME}   !-f
+  RewriteRule .* http://127.0.0.1:8065%{REQUEST_URI} [P,QSA,L]
+
+  RequestHeader set X-Forwarded-Proto "https"
+  RequestHeader unset If-Modified-Since
+  RequestHeader unset If-None-Match
+
+  Header set Strict-Transport-Security "max-age=31536000; includeSubDomains"
+
+  #DocumentRoot /var/opt/gitlab/mattermost
+  <Location /api/v1/websocket>
+    Order deny,allow
+    Allow from all
+    ProxyPassReverse ws://127.0.0.1:8065/api/v1/websocket
+    ProxyPassReverseCookieDomain 127.0.0.1 {{ mattermost_domain }}
+  </Location>
+
+  <Location />
+    Order deny,allow
+    Allow from all
+    ProxyPassReverse http://127.0.0.1:8065/
+    ProxyPassReverseCookieDomain 127.0.0.1 {{ mattermost_domain }}
+  </Location>
+
+  LogFormat "%{X-Forwarded-For}i %l %u %t \"%r\" %>s %b" common_forwarded
+  ErrorLog /var/log/apache2/mattermost_error.log
+  CustomLog /var/log/apache2/mattermost_forwarded.log common_forwarded
+  CustomLog /var/log/apache2/mattermost_access.log combined env=!dontlog
+  CustomLog /var/log/apache2/mattermost.log combined
+</VirtualHost>
--- a/templates/gitlab.rb
+++ b/templates/gitlab.rb
@@ -6,6 +6,19 @@ external_url 'https://{{ gitlab_domain }}'
 gitlab_git_http_server['listen_network'] = "tcp"
 gitlab_git_http_server['listen_addr'] = "127.0.0.1:8181"

+mattermost_external_url 'https://{{ mattermost_domain }}'
+mattermost_nginx['enable'] = false
+mattermost['service_use_ssl'] = false
+mattermost['enable'] = true
+mattermost['email_enable_sign_up_with_email'] = false
+mattermost['email_smtp_username'] = "{{ gitlab_rails.smtp.user_name }}"
+mattermost['email_smtp_password'] = "{{ gitlab_rails.smtp.password }}"
+mattermost['email_smtp_server'] = "{{ gitlab_rails.smtp.address }}"
+mattermost['email_smtp_port'] = "{{ gitlab_rails.smtp.port }}"
+mattermost['email_connection_security'] = 'TLS' # Or 'STARTTLS'
+mattermost['email_feedback_name'] = "GitLab Mattermost"
+mattermost['email_feedback_email'] = "{{ gitlab_email_from }}"
+
 ## Note: configuration settings below are optional.
 ## Uncomment and change the value.
 ############################