homelab-optimized/deployments/mattermost/README.md

# Mattermost Production Deployment

Production-ready Mattermost Team Edition deployment for **mm.crista.love**

## Architecture

- **Mattermost Team Edition** - Running in Docker
- **PostgreSQL 15** - Database (Docker)
- **Nginx** - Reverse proxy with SSL termination
- **Cloudflare** - DNS and SSL (Full Strict mode with Origin Certificate)
- **Backblaze B2** - File storage (S3-compatible)
- **Automated Backups** - Daily to Backblaze B2

## Server Details

- **Server**: YOUR_WAN_IP
- **Domain**: mm.crista.love
- **OS**: Ubuntu 24.04 LTS

## Files

| File | Description |
|------|-------------|
| `deploy-mattermost.sh` | Main deployment script |
| `mattermost-nginx.conf` | Nginx reverse proxy configuration |
| `mattermost-backup.sh` | Automated backup script |
| `mm-crista-love.crt` | Cloudflare Origin SSL certificate |
| `mm-crista-love.key` | SSL private key |

## Deployment

1. Copy all files to server
2. Run `deploy-mattermost.sh` as root
3. Visit https://mm.crista.love to create admin account

## Configuration

### Email (SMTP)
- Gmail with app password
- STARTTLS on port 587

### File Storage
- Backblaze B2 (S3-compatible)
- Bucket: `vk-mattermost`

### Backups
- Daily at 3 AM UTC
- Stored in B2: `vk-mattermost/backups/`
- Retention: 30 days remote, 7 days local

## Management Commands

```bash
# View logs
docker compose -f /opt/mattermost/docker-compose.yml logs -f

# Restart services
docker compose -f /opt/mattermost/docker-compose.yml restart

# Manual backup
/opt/mattermost/backup.sh

# Check status
docker compose -f /opt/mattermost/docker-compose.yml ps
```

## Security Notes

⚠️ **Important**: The actual credentials are stored in:
- `/opt/mattermost/.env` - PostgreSQL password
- `~/.aws/credentials` - B2 credentials
- Docker environment variables - SMTP credentials

The files in this repo contain placeholder references. Actual secrets should never be committed.