Installation¶
Déployer Nextcloud (avec Collabora) et Mattermost sur un serveur AlmaLinux 9 avec Podman Compose.
Prerequisites¶
Verifiez que votre environnement est pret :
Podman rootless
Ce tutoriel utilise Podman en mode rootless. Tous les conteneurs tournent sous un utilisateur non-root. Assurez-vous que les prerequis système sont en place (voir Conteneurs — Prerequisites).
Nextcloud Stack¶
Structure des fichiers¶
Variables d'environnement¶
# ~/collaboration/nextcloud/.env
POSTGRES_DB=nextcloud
POSTGRES_USER=nextcloud
POSTGRES_PASSWORD=changez-ce-mot-de-passe-nc
NEXTCLOUD_ADMIN_USER=admin
NEXTCLOUD_ADMIN_PASSWORD=changez-ce-mot-de-passe-admin
NEXTCLOUD_TRUSTED_DOMAINS=cloud.example.com
REDIS_HOST=redis
SMTP_HOST=mail.example.com
SMTP_PORT=587
SMTP_AUTHTYPE=LOGIN
SMTP_NAME=nextcloud@example.com
SMTP_PASSWORD=changez-ce-mot-de-passe-smtp
MAIL_FROM_ADDRESS=nextcloud
MAIL_DOMAIN=example.com
MINIO_ACCESS_KEY=nc-access-key
MINIO_SECRET_KEY=nc-secret-key
Secrets
Ne commitez jamais le fichier .env dans un dépôt Git. En production, utilisez Podman secrets ou un gestionnaire de secrets (OpenBao/Vault).
Podman Compose — Nextcloud¶
# ~/collaboration/nextcloud/docker-compose.yml
version: "3.8"
services:
postgres:
image: docker.io/library/postgres:16-alpine
container_name: nc-postgres
restart: unless-stopped
environment:
POSTGRES_DB: ${POSTGRES_DB}
POSTGRES_USER: ${POSTGRES_USER}
POSTGRES_PASSWORD: ${POSTGRES_PASSWORD}
volumes:
- nc-postgres-data:/var/lib/postgresql/data
healthcheck:
test: ["CMD-SHELL", "pg_isready -U ${POSTGRES_USER}"]
interval: 10s
timeout: 5s
retries: 5
redis:
image: docker.io/library/redis:7-alpine
container_name: nc-redis
restart: unless-stopped
command: redis-server --requirepass ""
volumes:
- nc-redis-data:/data
healthcheck:
test: ["CMD", "redis-cli", "ping"]
interval: 10s
timeout: 5s
retries: 5
nextcloud:
image: docker.io/library/nextcloud:29-fpm-alpine
container_name: nextcloud
restart: unless-stopped
depends_on:
postgres:
condition: service_healthy
redis:
condition: service_healthy
environment:
POSTGRES_HOST: postgres
POSTGRES_DB: ${POSTGRES_DB}
POSTGRES_USER: ${POSTGRES_USER}
POSTGRES_PASSWORD: ${POSTGRES_PASSWORD}
NEXTCLOUD_ADMIN_USER: ${NEXTCLOUD_ADMIN_USER}
NEXTCLOUD_ADMIN_PASSWORD: ${NEXTCLOUD_ADMIN_PASSWORD}
NEXTCLOUD_TRUSTED_DOMAINS: ${NEXTCLOUD_TRUSTED_DOMAINS}
REDIS_HOST: redis
SMTP_HOST: ${SMTP_HOST}
SMTP_PORT: ${SMTP_PORT}
SMTP_AUTHTYPE: ${SMTP_AUTHTYPE}
SMTP_NAME: ${SMTP_NAME}
SMTP_PASSWORD: ${SMTP_PASSWORD}
MAIL_FROM_ADDRESS: ${MAIL_FROM_ADDRESS}
MAIL_DOMAIN: ${MAIL_DOMAIN}
OVERWRITEPROTOCOL: https
OVERWRITECLIURL: https://cloud.example.com
volumes:
- nc-data:/var/www/html
- ./config/custom.config.php:/var/www/html/config/custom.config.php:ro
ports:
- "8080:80"
collabora:
image: docker.io/collabora/code:latest
container_name: collabora
restart: unless-stopped
environment:
aliasgroup1: https://cloud.example.com:443
extra_params: --o:ssl.enable=false --o:ssl.termination=true
username: admin
password: changez-ce-mot-de-passe-collabora
ports:
- "9980:9980"
cap_add:
- MKNOD
volumes:
nc-postgres-data:
nc-redis-data:
nc-data:
Configuration personnalisee¶
<?php
// ~/collaboration/nextcloud/config/custom.config.php
$CONFIG = [
// Redis
'memcache.local' => '\\OC\\Memcache\\APCu',
'memcache.distributed' => '\\OC\\Memcache\\Redis',
'memcache.locking' => '\\OC\\Memcache\\Redis',
'redis' => [
'host' => 'redis',
'port' => 6379,
],
// Performances
'default_phone_region' => 'FR',
'default_locale' => 'fr_FR',
'default_language' => 'fr',
// Stockage S3 (optionnel — decommenter pour activer)
// 'objectstore' => [
// 'class' => '\\OC\\Files\\ObjectStore\\S3',
// 'arguments' => [
// 'bucket' => 'nextcloud',
// 'hostname' => 'minio.internal',
// 'port' => 9000,
// 'key' => 'NC_ACCESS_KEY',
// 'secret' => 'NC_SECRET_KEY',
// 'use_ssl' => true,
// 'region' => 'us-east-1',
// 'use_path_style' => true,
// ],
// ],
// Collabora
'allow_local_remote_servers' => true,
];
Demarrage¶
Verifiez que tous les conteneurs sont en bonne sante :
| Conteneur | État attendu |
|---|---|
| nc-postgres | healthy |
| nc-redis | healthy |
| nextcloud | running |
| collabora | running |
Configuration post-demarrage¶
Attendez que Nextcloud termine l'installation initiale (1-2 minutes au premier demarrage), puis :
# Activer le cron en arriere-plan (recommande plutot qu'AJAX)
podman exec -u www-data nextcloud php occ background:cron
# Installer les applications essentielles
podman exec -u www-data nextcloud php occ app:install richdocuments
podman exec -u www-data nextcloud php occ app:install calendar
podman exec -u www-data nextcloud php occ app:install contacts
podman exec -u www-data nextcloud php occ app:install deck
podman exec -u www-data nextcloud php occ app:install mail
# Configurer le connecteur Collabora
podman exec -u www-data nextcloud php occ config:app:set richdocuments \
wopi_url --value="https://office.example.com"
podman exec -u www-data nextcloud php occ config:app:set richdocuments \
public_wopi_url --value="https://office.example.com"
Cron systemd
Configurez un timer systemd pour exécuter le cron Nextcloud toutes les 5 minutes :
# ~/.config/systemd/user/nextcloud-cron.service
[Unit]
Description=Nextcloud cron
[Service]
Type=oneshot
ExecStart=podman exec -u www-data nextcloud php -f /var/www/html/cron.php
Mattermost Stack¶
Structure des fichiers¶
Variables d'environnement¶
# ~/collaboration/mattermost/.env
POSTGRES_DB=mattermost
POSTGRES_USER=mattermost
POSTGRES_PASSWORD=changez-ce-mot-de-passe-mm
MM_SQLSETTINGS_DATASOURCE=postgres://mattermost:changez-ce-mot-de-passe-mm@postgres:5432/mattermost?sslmode=disable&connect_timeout=10
MM_SERVICESETTINGS_SITEURL=https://chat.example.com
MM_EMAILSETTINGS_SMTPSERVER=mail.example.com
MM_EMAILSETTINGS_SMTPPORT=587
MM_EMAILSETTINGS_SMTPUSERNAME=mattermost@example.com
MM_EMAILSETTINGS_SMTPPASSWORD=changez-ce-mot-de-passe-smtp
MM_EMAILSETTINGS_FEEDBACKEMAIL=mattermost@example.com
MM_EMAILSETTINGS_ENABLESMTPAUTH=true
MM_EMAILSETTINGS_CONNECTIONSECURITY=STARTTLS
Podman Compose — Mattermost¶
# ~/collaboration/mattermost/docker-compose.yml
version: "3.8"
services:
postgres:
image: docker.io/library/postgres:16-alpine
container_name: mm-postgres
restart: unless-stopped
environment:
POSTGRES_DB: ${POSTGRES_DB}
POSTGRES_USER: ${POSTGRES_USER}
POSTGRES_PASSWORD: ${POSTGRES_PASSWORD}
volumes:
- mm-postgres-data:/var/lib/postgresql/data
healthcheck:
test: ["CMD-SHELL", "pg_isready -U ${POSTGRES_USER}"]
interval: 10s
timeout: 5s
retries: 5
mattermost:
image: docker.io/mattermost/mattermost-team-edition:latest
container_name: mattermost
restart: unless-stopped
depends_on:
postgres:
condition: service_healthy
environment:
MM_SQLSETTINGS_DRIVERNAME: postgres
MM_SQLSETTINGS_DATASOURCE: ${MM_SQLSETTINGS_DATASOURCE}
MM_SERVICESETTINGS_SITEURL: ${MM_SERVICESETTINGS_SITEURL}
MM_EMAILSETTINGS_SMTPSERVER: ${MM_EMAILSETTINGS_SMTPSERVER}
MM_EMAILSETTINGS_SMTPPORT: ${MM_EMAILSETTINGS_SMTPPORT}
MM_EMAILSETTINGS_SMTPUSERNAME: ${MM_EMAILSETTINGS_SMTPUSERNAME}
MM_EMAILSETTINGS_SMTPPASSWORD: ${MM_EMAILSETTINGS_SMTPPASSWORD}
MM_EMAILSETTINGS_FEEDBACKEMAIL: ${MM_EMAILSETTINGS_FEEDBACKEMAIL}
MM_EMAILSETTINGS_ENABLESMTPAUTH: ${MM_EMAILSETTINGS_ENABLESMTPAUTH}
MM_EMAILSETTINGS_CONNECTIONSECURITY: ${MM_EMAILSETTINGS_CONNECTIONSECURITY}
MM_FILESETTINGS_DRIVERNAME: amazons3
MM_FILESETTINGS_AMAZONS3ACCESSKEYID: mm-access-key
MM_FILESETTINGS_AMAZONS3SECRETACCESSKEY: mm-secret-key
MM_FILESETTINGS_AMAZONS3BUCKET: mattermost
MM_FILESETTINGS_AMAZONS3ENDPOINT: minio.internal:9000
MM_FILESETTINGS_AMAZONS3SSL: "true"
MM_FILESETTINGS_AMAZONS3PATHPREFIX: files
volumes:
- mm-data:/mattermost/data
- mm-logs:/mattermost/logs
- mm-plugins:/mattermost/plugins
- mm-client-plugins:/mattermost/client/plugins
ports:
- "8065:8065"
volumes:
mm-postgres-data:
mm-data:
mm-logs:
mm-plugins:
mm-client-plugins:
Demarrage¶
Verifiez :
| Conteneur | État attendu |
|---|---|
| mm-postgres | healthy |
| mattermost | running |
Configuration post-demarrage¶
Accedez a https://chat.example.com et creez le premier compte administrateur via l'interface web. Puis, via la ligne de commande :
# Creer une equipe
podman exec mattermost mmctl team create \
--name "dsi" \
--display-name "DSI" \
--email "admin@example.com"
# Creer les canaux par defaut
podman exec mattermost mmctl channel create \
--team dsi \
--name general \
--display-name "General"
podman exec mattermost mmctl channel create \
--team dsi \
--name incidents \
--display-name "Incidents" \
--purpose "Suivi des incidents en cours"
Vérification de l'installation¶
| Test | Commande / Action | Résultat attendu |
|---|---|---|
| Nextcloud accessible | curl -sI https://cloud.example.com | HTTP/2 200 |
| Mattermost accessible | curl -sI https://chat.example.com | HTTP/2 200 |
| Collabora accessible | curl -sI https://office.example.com | HTTP/2 200 |
| Edition en ligne | Créer un document dans Nextcloud, l'ouvrir | Éditeur Collabora s'affiche |
| Upload fichier | Uploader un fichier de 100 Mo dans Nextcloud | Upload réussi, fichier visible |
| Envoi de message | Envoyer un message dans Mattermost | Message affiche en temps reel |
| Notification email | Déclencher une notification (mention, partage) | Email reçu via Stalwart |