GitLab Mattermost Websocket handshake fails when using apache as proxy (Plesk) Need urgent help - tried everything

How to Use GitLab
#1

I’m not making any progress with my GitLab Mattermost installation on my server. I’ve installed everything without any problems.

After that I’ve enabled the apache mod proxy_wstunnel and added the following directives in my Plesk domain for additional directives (it like <VirtualHost *:80> or <VirtualHost *:443>):

HTTP:

ErrorLog ${APACHE_LOG_DIR}/mattermost-error.log
CustomLog ${APACHE_LOG_DIR}/mattermost-access.log combined

# Enforce HTTPS:
RewriteEngine On
RewriteCond %{HTTPS} !=on
RewriteRule ^/?(.*) https://%{SERVER_NAME}/$1 [R,L]

HTTPS:

ServerName mattermost.xxx.de
ProxyPreserveHost On

# Set web sockets
ProxyRequests Off
RemoteIPHeader CF-Connecting-IP
RewriteEngine On
RewriteCond %{REQUEST_URI} ^/api/v[0-9]+/(users/)?websocket [NC,OR]
RewriteCond %{HTTP:UPGRADE} ^WebSocket$ [NC,OR]
RewriteCond %{HTTP:CONNECTION} ^Upgrade$ [NC]
RewriteRule .* ws://127.0.0.1:8065%{REQUEST_URI} [P,QSA,L]
RewriteCond %{DOCUMENT_ROOT}/%{REQUEST_FILENAME} !-f
RewriteRule .* http://127.0.0.1:8065%{REQUEST_URI} [P,QSA,L]
RequestHeader set X-Forwarded-Proto "https"

<LocationMatch "^/api/v(?<apiversion>[0-9]+)/(?<apiusers>users/)?websocket">
	Require all granted
	ProxyPass ws://127.0.0.1:8065/api/v%{env:MATCH_APIVERSION}/%{env:MATCH_APIUSERS}websocket
	ProxyPassReverse ws://127.0.0.1:8065/api/v%{env:MATCH_APIVERSION}/%{env:MATCH_APIUSERS}websocket
	ProxyPassReverseCookieDomain 127.0.0.1 mattermost.xxx.de
</LocationMatch>

<Location />
	Require all granted
	ProxyPass http://127.0.0.1:8065/
	ProxyPassReverse http://127.0.0.1:8065/
	ProxyPassReverseCookieDomain 127.0.0.1 mattermost.xxx.de
</Location>

But when I save this, restart apache and go back to Mattermost, I’m still getting the Websocket error:

enter image description here

This is my GitLab Mattermost Config:

mattermost_external_url 'https://mattermost.xxx.de'

mattermost['service_enable_oauth_service_provider'] = true
mattermost['service_enable_insecure_outgoing_connections'] = true
mattermost['gitlab_enable'] = true
mattermost['gitlab_id'] = "xxx"
mattermost['gitlab_secret'] = "xxx"
mattermost['gitlab_scope'] = ""
mattermost['gitlab_auth_endpoint'] = "https://gitlab.xxx.de/oauth/authorize"
mattermost['gitlab_token_endpoint'] = "https://gitlab.xxx.de/oauth/token"
mattermost['gitlab_user_api_endpoint'] = "https://gitlab.xxx.de/api/v4/user"
mattermost_nginx['enable'] = false

In the network tab the response is empty…

The SSL certificate is self-signed from Let’s Encrypt but I can’t see any problem here.