From the Mattermost website:

As an alternative to proprietary SaaS messaging, Mattermost brings all your
team communication into one place, making it searchable and accessible

Mattermost is:

  • Slack-compatible, not Slack-limited – Mattermost features rival Slack features, and support a superset of Slack’s incoming and outgoing webhook integrations, including compatibility with existing Slack integrations. From your existing Slack teams, you can import users, public channel history and even theme setting colors into Mattermost. Mattermost mobile experience with comment threads and file sharing
  • Accessible on web, desktop, phone and tablet – Use Mattermost from your iOS or Android phones and tablets or with installed apps on Windows, Linux and Mac. Easy to deploy, manage, upgrade and extend– Mattermost is written in Golang and React and runs as a single Linux binary with either MySQL or Postgres. Every month on the 16th a new compiled version is released under an MIT license.
  • Supported by a vibrant community – Use Mattermost with dozens of community integrations and applications, including Jira, IRC, XMPP, Hubot, Giphy, Jenkins, GitLab, Trac, Redmine, SVN, RSS/Atom and many others. Build and share your own apps using Mattermost APIs and drivers.

Software & terms:

isrg-lets-encrypt ›

Juju reactive charm layer for Mattermost


In this directory:

charm build


TLS Options

Deployment requires agreement to ISRG terms of service, because Let's Encrypt
is the primary and recommended method for setting up TLS.

Secured with Let's Encrypt in public clouds

Deploy to a public cloud and expose it.

juju deploy cs:~cmars/mattermost
juju deploy postgresql
juju add-relation mattermost postgresql:db
juju expose mattermost

Acquire a DNS name for the instance. Then set fqdn to the DNS name.

juju config mattermost

Let's Encrypt will do the rest. When the workload state becomes active, your
Mattermost instance is ready to set up.

If registration fails, check:

  • That you've exposed mattermost. Let's Encrypt needs to connect to ports 80
    and 443 as part of the registration process.
  • That the DNS name has had time to propagate and cached entries have expired.
  • That the DNS name is allowed by Let's Encrypt. Some names, like the dynamic
    ones given to EC2 instances, may not be allowed.

Reverse-proxied by a front-end

With fqdn unset, relate mattermost to a reverse proxy.

juju deploy cs:~cmars/mattermost
juju deploy postgresql
juju deploy haproxy
juju add-relation postgresql:db mattermost:db
juju add-relation haproxy mattermost

Alternative binary distributions

To deploy with your own Mattermost binary distribution:

juju deploy cs:~cmars/mattermost --resource bdist=/path/to/mattermost.tar.gz

Note that Mattermost releases prior to 2.1.0 have not been tested.


Copyright 2016 Casey Marshall.

The copyright file contains the software license for this charm.

Mattermost is a trademark of Mattermost, Inc.


This charm automates installation, configuration and management of a Mattermost
server based on publicly documented best practices. This charm is not a part of
the Mattermost product, is not endorsed by, and does not represent Mattermost,
Inc. in any way.

See the Mattermost website for more information
about the licenses and trademarks applicable to the software installed by this


Email: charmed at

IRC: cmars on FreeNode

Mattermost: Join the Juju team on


(string) Name of service shown in login screens and UI.
(string) Contact email for Let's Encrypt
(string) FQDN of mattermost server to use. For example, ''.
(int) NGINX listen port
(string) listen address
(string) The status of service-affecting packages will be set to this value in the dpkg database. Valid values are "install" and "hold".
(string) Space separated list of extra deb packages to install.
(string) List of signing keys for install_sources package sources, per charmhelpers standard format (a yaml list of strings encoded as a string). The keys should be the full ASCII armoured GPG public keys. While GPG key ids are also supported and looked up on a keyserver, operators should be aware that this mechanism is insecure. null can be used if a standard package signing key is used that will already be installed on the machine, and for PPA sources where the package signing key is securely retrieved from Launchpad.
(string) List of extra apt sources, per charm-helpers standard format (a yaml list of strings encoded as a string). Each source may be either a line that can be added directly to sources.list(5), or in the form ppa:<user>/<ppa-name> for adding Personal Package Archives, or a distribution component to enable.