For feature requests, please see: https://mattermost.com/suggestions/.
For troubleshooting questions, please post in the following format:
Summary
I’ve deployed this ChatGPT bot docker image for use with our company Mattermost server: GitHub - yGuy/chatgpt-mattermost-bot: A very simple implementation of a service for a mattermost bot that uses ChatGPT in the backend.
The container is caught in a reboot loop as it attempts to authenticate against /api/v4/websocket receiving a 401 response.
Expected behavior
That the bot would successfully connect.
Observed behavior
websocket connecting to wss://chat.arcadalabs.com/api/v4/websocket
/app/node_modules/@mattermost/client/lib/client4.js:1793
throw new ClientError(this.getUrl(), {
^
ClientError: Invalid or expired session, please login again.
at Client4.<anonymous> (/app/node_modules/@mattermost/client/lib/client4.js:1793:19)
at Generator.next (<anonymous>)
at fulfilled (/app/node_modules/@mattermost/client/lib/client4.js:7:58)
at processTicksAndRejections (node:internal/process/task_queues:96:5) {
url: 'https://chat.arcadalabs.com/api/v4/users/me',
server_error_id: 'api.context.session_expired.app_error',
status_code: 401
}
Here’s my nginx config, I suspect it’s an nginx problem:
server {
server_name chat.arcadalabs.com;
location ~ /api/v[0-9]+/(users/)?websocket$ {
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
client_max_body_size 50M;
proxy_set_header Host $http_host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Frame-Options SAMEORIGIN;
proxy_buffers 256 16k;
proxy_buffer_size 16k;
client_body_timeout 60;
send_timeout 300;
lingering_timeout 5;
proxy_connect_timeout 90;
proxy_send_timeout 300;
proxy_read_timeout 90s;
proxy_pass http://chat;
}
location / {
client_max_body_size 50M;
proxy_set_header Connection "";
proxy_set_header Host $http_host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Frame-Options SAMEORIGIN;
proxy_buffers 256 16k;
proxy_buffer_size 16k;
proxy_read_timeout 600s;
proxy_cache mattermost_cache;
proxy_cache_revalidate on;
proxy_cache_min_uses 2;
proxy_cache_use_stale timeout;
proxy_cache_lock on;
proxy_http_version 1.1;
proxy_pass http://chat;
}
listen 443 ssl http2; # managed by Certbot
ssl_certificate /etc/letsencrypt/live/chat.arcadalabs.com/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/chat.arcadalabs.com/privkey.pem; # managed by Certbot
# include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
http2_push_preload on; # Enable HTTP/2 Server Push
# Enable TLS versions (TLSv1.3 is required upcoming HTTP/3 QUIC).
ssl_protocols TLSv1.2 TLSv1.3;
# Enable TLSv1.3's 0-RTT. Use $ssl_early_data when reverse proxying to
# prevent replay attacks.
#
# @see: https://nginx.org/en/docs/http/ngx_http_ssl_module.html#ssl_early_data
ssl_early_data on;
ssl_ciphers 'ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384';
ssl_prefer_server_ciphers on;
ssl_session_cache shared:SSL:50m;
# HSTS (ngx_http_headers_module is required) (15768000 seconds = six months)
add_header Strict-Transport-Security max-age=15768000;
# OCSP Stapling ---
# fetch OCSP records from URL in ssl_certificate and cache them
ssl_stapling on;
ssl_stapling_verify on;
add_header X-Early-Data $tls1_3_early_data;
}
server {
if ($host = chat.arcadalabs.com) {
return 301 https://$host$request_uri;
} # managed by Certbot
server_name chat.arcadalabs.com;
listen 80;
return 404; # managed by Certbot
}
# This block is useful for debugging TLS v1.3. Please feel free to remove this
# and use the `$ssl_early_data` variable exposed by NGINX directly should you
# wish to do so.
map $ssl_early_data $tls1_3_early_data {
"~." $ssl_early_data;
default "";
}
I also posted about this here: Bot is caught in a reboot loop on a mattermost server behind an nginx proxy, failing to auth as bot · Issue #22 · yGuy/chatgpt-mattermost-bot · GitHub
Thanks for any help!