Enabling Mattermost on the Gitlab Instalation

A Self-hosted installation of GitLab comes with an extremely interesting and useful tool that is disabled by default, the Mattermost chat server, think of it as a self-hosted and better Slack.
If you installed GitLab using the Omnibus package, the recommended way, you can enable it and set up a letsencrypt certificate in a few steps as described bellow.

Open the file ‘/etc/gitlab/gitlab.rb’ and find the line:

;mattermost_external_url 'http://mattermost.example.com'

Uncomment it and set the external URL for your chat server.
Now as root run:

gitlab-ctl reconfigure && gitlab-ctl restart

After restarting the GitLab server you can open the external URL in a browser to confirm it’s working.
Now we have to configure a few exceptions before we can create our certificate, again open the file ‘/etc/gitlab/gitlab.rb’ and add to the end.

#Mattermost letsencrypt configuration
mattermost_nginx['custom_gitlab_mattermost_server_config']="location ^~ /.well-known {\n alias /etc/letsencrypt/www/.well-known;\n}\n"

After this you need to regenerate your GitLab configuration with:

gitlab-ctl reconfigure && gitlab-ctl restart

Now you can generate your certificate with the command:

certbot certonly --webroot -w /etc/letsencrypt/www/ -d mattermost.example.com


And then all you need to do is open the file ‘/etc/gitlab/gitlab.rb’ and add to the end of the file the last bits of configuration, taking care to substitute mattermost.example.com with the domain of your chat server.

mattermost_nginx['redirect_http_to_https'] = true
mattermost_nginx['ssl_certificate']= "/etc/letsencrypt/live/mattermost.example.com/fullchain.pem"
mattermost_nginx['ssl_certificate_key'] = "/etc/letsencrypt/live/mattermost.example.com/privkey.pem"

The last step is to regenerate your GitLab configuration with:

gitlab-ctl reconfigure && gitlab-ctl restart

All is set, now you have an awesome chat server working with SSL