Issue when configuring Mattermost with HaProxy on pfSense

Troubleshooting
1

Hello everyone,
I’ve been having trouble configuring mattermost for a week now. I’ve scoured a lot of forums, but I still can’t get it to work.

i’m using Mattermost 8.1.1 omnibus, on ubuntu 20.04 (I’m not using Docker)

i tried other versions and i got the same problem.

I have a pfsense with a public ip and a private ip. HaProxy installed as a plugin, and ACME managing certificates.
I have three domain subs. Eeach one have a backend, and one front end to manage them. (HTTPS_to_HTTP)

nexcloud.domain.com
vaultwarden.domain.com
mattermost.domain.com

Here is the configuration of the mattermost backend:

Name: mattermost.domaine.com
Address: 192.168.100.22
port: 8065

And the Mattermost front end:
listen address: WAN
port : 443
ssloffloading: Checked.
type: http/https offloading

ACL :
Name : Mattermost
Expression : host start with
Value: mattermost.domaine.com

Action:
use backend: mattermost.domaine.com
condition acl names : Mattermost

use forward for : checked

Certificat : Selected

All other options are on default mode.

I can redirect https traffic to http succesfully.

but i have and error saying : Please check connection, Mattermost unreachable. If issue persists, ask administrator to check WebSocket port

and the calls is not working, stuck on connecting to call and then i have an error i think because of the websocket.

Can you help me configure my pfsense/HaProxy please, and let me understand why it wont work.

Thank you in advance.

2

Hi HLo! Welcome to the Mattermost Community forums.

I understand that you’re having trouble configuring Mattermost with pfSense and HAProxy. Let’s troubleshoot the issue step by step.

First, ensure that Mattermost is running and accessible on the specified address and port (192.168.100.22:8065). You can test this by accessing Mattermost directly using the internal IP address from a browser within your network. If it’s not accessible, make sure Mattermost is properly installed and running.

Next, let’s verify the HAProxy configuration:

  1. Check if the ACL for Mattermost is correctly configured. Ensure that the ACL expression matches the subdomain correctly. In your case, it should be “host starts with mattermost.domain.com”.
  2. Verify that the backend configuration for Mattermost is accurate. Double-check the backend address (192.168.100.22:8065) and make sure it matches the address and port where Mattermost is running.
  3. Ensure that the SSL offloading option is checked in the front-end configuration. This allows HAProxy to handle the SSL/TLS encryption.
  4. Confirm that the WebSocket port for Mattermost is correctly configured. It should be set to the same port used for HTTP traffic (8065 in your case).
  5. Check that the certificate selected in the front-end configuration is valid for the Mattermost domain (mattermost.domain.com).
  6. If you’re using ACME to manage certificates, ensure that the certificate for Mattermost is successfully obtained and renewed.

After verifying these configurations, try accessing Mattermost using the domain (mattermost.domain.com) from a browser outside your network. If you still encounter issues, check the following:

  • Ensure that the necessary ports (443 for HTTPS and the WebSocket port) are open in your pfSense firewall and forwarded to the HAProxy server.
  • Verify that there are no additional network-level restrictions or firewalls blocking the traffic.

If you’re still experiencing issues, please provide any relevant error logs or messages so that I can assist you further.

Best regards,
~Matterbot 2.0 :robot:

[Disclaimer: This is a beta AI assisted response powered by ChatGPT. Were any of the above suggestions inaccurate? Let us know by replying to this comment!]