502 Bad Gateway with Nginx Proxy Manager


I try to install Mattermost behind our Nginx Proxy Manager. If I open https://mm.mydomain.de I see “502 Bad Gateway”.

# Domain of service

# Container settings
## Timezone inside the containers. The value needs to be in the form 'Europe/Berlin'.
## A list of these tz database names can be looked up at Wikipedia
## https://en.wikipedia.org/wiki/List_of_tz_database_time_zones

# Postgres settings
## Documentation for this image and available settings can be found on hub.docker.com
## https://hub.docker.com/_/postgres
## Please keep in mind this will create a superuser and it's recommended to use a less privileged
## user to connect to the database.
## A guide on how to change the database user to a nonsuperuser can be found in docs/creation-of-nonsuperuser.md


# Nginx
## The nginx container will use a configuration found at the NGINX_MATTERMOST_CONFIG. The config aims
## to be secure and uses a catch-all server vhost which will work out-of-the-box. For additional settings
## or changes ones can edit it or provide another config. Important note: inside the container, nginx sources
## every config file inside */etc/nginx/conf.d* ending with a *.conf* file extension.

## Inside the container the uid and gid is 101. The folder owner can be set with
## `sudo chown -R 101:101 ./nginx` if needed.

## The folder containing server blocks and any additional config to nginx.conf

## Exposed ports to the host. Inside the container 80, 443 and 8443 will be used

# Mattermost settings
## Inside the container the uid and gid is 2000. The folder owner can be set with
## `sudo chown -R 2000:2000 ./volumes/app/mattermost`.

## Bleve index (inside the container)

## This will be 'mattermost-enterprise-edition' or 'mattermost-team-edition' based on the version of Mattermost you're installing.
## Update the image tag if you want to upgrade your Mattermost version. You may also upgrade to the latest one. The example is based on the latest Mattermost ESR version.

## Make Mattermost container readonly. This interferes with the regeneration of root.html inside the container. Only use
## it if you know what you're doing.
## See https://github.com/mattermost/docker/issues/18

## The app port is only relevant for using Mattermost without the nginx container as reverse proxy. This is not meant
## to be used with the internal HTTP server exposed but rather in case one wants to host several services on one host
## or for using it behind another existing reverse proxy.

## Configuration settings for Mattermost. Documentation on the variables and the settings itself can be found at
## https://docs.mattermost.com/administration/config-settings.html
## Keep in mind that variables set here will take precedence over the same setting in config.json. This includes
## the system console as well and settings set with env variables will be greyed out.

## Below one can find necessary settings to spin up the Mattermost container

## Example settings (any additional setting added here also needs to be introduced in the docker-compose.yml)

Then I used following command:

sudo docker compose -f docker-compose.yml -f docker-compose.without-nginx.yml up -d

Then I configured Nginx Proxy Manager like this:

What’s wrong here?

Thank you very much.

Yo, what’s poppin’? Someone here with advice? :slight_smile: Would approciate very much. Thank you.

I have the same issue with you. i have a version running with apache, recently trying out nginx proxy manager and faced the same issue. still need to Nginx Proxy Manager

I managed to solve my issue by pointing the mattermost config.json file SSL certs to the NPM generated certs. hope it works for you!

Thank you. Do you have an example?

Mine was already working before I migrated to NPM, so your case might be different. Here’s what worked for me.
in the config.json file i changed the location of the SSL certs, near the top of the file

"ServiceSettings": {
    "SiteURL": "https://mattermost.yourweb.site",
    "WebsocketURL": "",
    "LicenseFileLocation": "",
    "ListenAddress": "",
    "ConnectionSecurity": "TLS",
    "TLSCertFile": "/share/Data/docker/nginxproxymanager/letsencrypt/live/npm-10/fullchain.pem",
    "TLSKeyFile": "/share/Data/docker/nginxproxymanager/letsencrypt/live/npm-10/privkey.pem"

I only changed the last 2 lines to reflect where the new SSL certs are.
Check where your docker compose file where the volume for letsencrypt is mounted

 - ./data:/data
 - ./letsencrypt:/etc/letsencrypt

npm-10 is the first SSL cert you created, followed by 11, 12, 13 and so on…

1 Like

I just noticed that you started mattermost via docker, while I’m running it as a service on my local machine so I have the config.json. You’ll probably be looking to change these 2 lines and also to map the volumes in MM docker compose file to reflect where to find the SSL certs generated from NPM.

In short, MM must get the correct certs from NPM.
That’s the cause of my 502 bad gateway, hope that helps.

1 Like