I’m new to Mattermost and not a pro sysadmin. My question might be a bit stupid or missplaced.
After I folloewed the install instruction the port 8065 and nginx is serving Mattermost since a few weeks, I wanted to secure the installation and shutting ports except 80 and 443.
I saw, atht 8065 is still open.
My idea is to close this port for external usage (everybody except from localhost or 127.0.0.1)
Is this possible or will this break my installation?
Simplest way to do this is by setting the the config option of mattermost to:
"ListenAddress": "localhost:8065",
This way you don’t need to add any extra rules for mattermost anywhere since only locally you can access it, other than with the nginx proxy passing data to it.
No, it will not break anything, that is the exact purpose of proxying it with nginx.
In addition to the above you will have to ensure that your nginx conf file is using localhost or 127.0.0.1 on the settings, like:
Only when they are on the same machine of course, localhost is a local accessibility for that machine only, so no outsiders can reach it without having either your firewall forwarding it from local to your network device or an application acting as a proxy(in this case nginx).
In your case you would need to either install nginx locally or use your iptables(given you’re on linux) to forward it or bind mattermost to the ip you wish to use.
The external IP(as in the IP you can reach your mattermost for other computers) of the machine with mattermost installed ofc.