Hello,
I have been trying to setup mattermost behind our httpd proxy, mattermost is on the same server as GitLab which is also behind the proxy and working fine, the httpd proxy is on a separate server. This is the first time I have worked with mattermost and am a little flustered at how complicated this has become.
In my gitlab config I have:
mattermost_external_url 'https://mattermost.[hidden].com'
mattermost['enable'] = true
mattermost['username'] = 'mattermost'
mattermost['group'] = 'mattermost'
mattermost['uid'] = 991
mattermost['gid'] = 989
mattermost['home'] = '/var/opt/gitlab/mattermost'
mattermost['database_name'] = 'mattermost_production'
mattermost['gitlab_enable'] = true
mattermost['gitlab_id'] = "[hidden]"
mattermost['gitlab_secret'] = "[hidden]"
mattermost['gitlab_scope'] = ""
mattermost['gitlab_auth_endpoint'] = "https://git.[hidden].com/oauth/authorize"
mattermost['gitlab_token_endpoint'] = "https://git.[hidden].com/oauth/token"
mattermost['gitlab_user_api_endpoint'] = "https://git.[hidden].com/api/v3/user"
mattermost_nginx['listen_port'] = 8065
mattermost_nginx['proxy_set_headers'] = {
"X-Forwarded-Proto" => "https",
"X-Forwarded-Ssl" => "on",
}
In my apache config for my virtual host I have:
<VirtualHost *:443>
ServerName mattermost.[hidden].com
SSLEngine on
SSLCertificateFile /etc/letsencrypt/live/mattermost.[hidden].com/cert.pem
SSLCertificateKeyFile /etc/letsencrypt/live/mattermost.[hidden].com/privkey.pem
SSLCertificateChainFile /etc/letsencrypt/live/mattermost.[hidden].com/fullchain.pem
ProxyPreserveHost On
ProxyRequests Off
RewriteEngine On
RewriteCond %{REQUEST_URI} ^/api/v3/users/websocket [NC,OR]
RewriteCond %{HTTP:UPGRADE} ^WebSocket$ [NC,OR]
RewriteCond %{HTTP:CONNECTION} ^Upgrade$ [NC]
RewriteRule .* ws://[network ip]:8065%{REQUEST_URI} [P,QSA,L]
RewriteCond %{DOCUMENT_ROOT}/%{REQUEST_FILENAME} !-f
RewriteRule .* http://[network ip]:8065%{REQUEST_URI} [P,QSA,L]
RequestHeader set X-Forwarded-Proto "https"
<Location /api/v3/users/websocket>
Require all granted
ProxyPassReverse ws://[network ip]:8065/api/v3/users/websocket
ProxyPassReverseCookieDomain [network ip] mattermost.[hidden].com
</Location>
<Location />
Require all granted
ProxyPassReverse https://[network ip]:8065
ProxyPassReverseCookieDomain [network ip] mattermost.[hidden].com
</Location>
</VirtualHost>
I feel like I probably have something wrong with the ports, the apache config is based from one I found from the mattermost forums: https://forum.mattermost.org/t/solved-apache2-reverseproxy-with-websocket-https/437
I really know nothing about WebSockets, so any help with this is greatly appreciated.
Thank you,
Trevor