Mattermost as an external site in Nextcloud

Hi all,

I have already seen some integrations of Mattermost in Nextcloud as an “External Site” (so I guess using Iframe), but I’m not able to figure out how to do so.

So if you have a clear explanation of how I can handle :
1 - Iframe integration of Mattermost (to use it inside Nextcloud - I use apache and not nginx)
2 - Authentication using Nextcloud credentials
would be super nice !

Thanks :wink:

Just install the external site plugin from Nextcloud in you Nextcloud and define the url from your Mattermost Instance.

There is currently no authentication from Nextcloud to Mattermost possible.

1 Like

For 1 one has to note that if both Mattermost and Nextcloud share the domain embedding Mattermost with an iframe will work out of the box (but you will miss browser notifications since they generally do not work through an iframe).
What I mean with “share the domain” is Mattermost being available via your-server.domain.com/mattermost and Nextcloud being available via your-server.domain.com/nextcloud.

A way around the missing notifications would be https://github.com/Kopano-dev/mattermost-plugin-notifymatters which implements a post message api in Mattermost, but then afaik the “external site” plugin still needs to understand how to use this api.

In case Mattermost and Nextcloud are running on different (sub) domains you need to modify the csp through your vhost to make it possible to load Mattermost in an iframe from a different domain.

edit: for 2 your best choice is probably to find an external authentication source that works with both Nextcloud and Mattermost (like LDAP, or possibly Gitlabs Oauth)

2 Likes

Thanks for you answer @fbartels ! Unfortunetly Nextcloud and MM do not share the same domain but are on a different sub domains. I found a lot of solutions concerning vhost config for installations running nginx but it’s more difficult to find something up to date for apache. Would you have some advices for such an installation on the parameters I would have to specify in my vhost apache config ?

Concerning point 2- could this be useful ? : https://github.com/mattermost/mattermost-redux

Thanks :wink:

Hi @batgau71,

for apache you need to do the following (in the mattermost vhost):

  1. set x-frame-options and edit csp to include the domain of your nextcloud:
        Header set X-Frame-Options "ALLOW-FROM https://your-nextcloud.server.com"
        Header edit Content-Security-Policy ^(.*)$ "$1;frame-ancestors 'self' https://your-nextcloud.server.com"
  1. unset csp and f-frame in the location block for the api and the mattermost ui by adding
Header unset X-Frame-Options
Header unset Content-Security-Policy

though the way this ultimately works is that 2 enables you to embed mattermost on any site, so you could even skip 1. (with Nginx this is indeed more secure, since you can unset the header only for the proxied request).

Depends on the use case but likely no. What you linked is the toolkit to integrate with Mattermost. So you could technically login to Mattermost. But this does not mean that usernames and passwords will be the same between Mattermost and Nextcloud.

As long as Mattermost does not support OpenID Connect I have already given you two of the existing choices.

Please let me know. I’m nginx.

ex)
a.mydomain.com > nextcloud site
b.mydomain.com > mattermost site

add_header X-Frame-Options "ARROW-FROM http://a.mydomain.com";
add_header Content-Security-Policy "default-src 'self' a.mycomain.com";

Even if I add the above to Mattermost’s nginx, it will be rejected.
It is blank if it is Chrome.
Below is Firefox.

Blocked by content security policy

An error occurred while connecting to b.mydomain.com.

This page has been canceled because it contains content that is prohibited to be read by the security policy.

Regards,