GitLab SSO login throught NAT gateway


The error “The redirect URI included is not valid.” when connecting to mattermost with gitlab.

Steps to reproduce

Version of gitlab and mattermost : Latest (updated today)

Gitlab and Mattermost are booth installed on separate servers on a platform but are still in the same local subnet.
They are behind a nat gateway that redirect ports for usage outside the this platform.
Mattermost site url is: http://“local IP”:8065 but is fine being called by http://“nat IP”:8065
On mattermost, gitlab site url is:
http://“gitlab nat ip”
As the configuration is made on the interface the userAPI endpoint, Auth Endpoint and token Endpoint are autofilled so I assume they are corrects.

On Gitlab the mattermost module is configured with the following urls :
http://“mattermost nat ip”:8065/login/gitlab/complete
http://“mattermost nat ip”:8065/signup/gitlab/complete

I tried to do it locally using only the local IP for gitlab site url and the callback urls and it worked fine, so I’m pretty sure this is a problem with the nat gateway, but I have no clue why.

I did found many other issues about this problem, but in none of them a nat gateway was involved.

Expected behavior

Being loggued into mattermost using gitlab sso

Observed behavior

I am redirected to gitlab in which I can sucessfully log in, but then this error is displayed by gitlab :

Hi @Junn-Sorran,

Wondering if any of these previous threads might help: