Hi,
I already have nginx running on a host and wanted to use Mattermost via docker. Here is what I did.
- Cloned git repo
- create and set folder permission
- docker-compose up -d
- created teams and logged in
- enabled email notification via system settings and set SMTP host and other details. Test was successful.
Now I get 2 messages, one is to configure site url and then FF says “Firefox can’t establish a connection to the server at wss://mm.teej.xyz/api/v4/websocket.”
Here is my docker-compose.yml
version: "3"
services:
db:
build: db
read_only: true
restart: unless-stopped
volumes:
- ./volumes/db/var/lib/postgresql/data:/var/lib/postgresql/data
- /etc/localtime:/etc/localtime:ro
environment:
- POSTGRES_USER=mmuser
- POSTGRES_PASSWORD=mmuser_password
- POSTGRES_DB=mattermost
# uncomment the following to enable backup
# - AWS_ACCESS_KEY_ID=XXXX
# - AWS_SECRET_ACCESS_KEY=XXXX
# - WALE_S3_PREFIX=s3://BUCKET_NAME/PATH
# - AWS_REGION=us-east-1
app:
build:
context: app
# uncomment following lines for team edition or change UID/GID
args:
- edition=team
- PUID=2000
- PGID=2000
restart: unless-stopped
volumes:
- ./volumes/app/mattermost/config:/mattermost/config:rw
- ./volumes/app/mattermost/data:/mattermost/data:rw
- ./volumes/app/mattermost/logs:/mattermost/logs:rw
- ./volumes/app/mattermost/plugins:/mattermost/plugins:rw
- ./volumes/app/mattermost/client-plugins:/mattermost/client/plugins:rw
- /etc/localtime:/etc/localtime:ro
# When you want to use SSO with GitLab, you have to add the cert pki chain of GitLab inside Alpine
# to avoid Token request failed: certificate signed by unknown authority (link: https://github.com/mattermost/mattermost-server/issues/13059)
# - <path_to_your_gitlab_pki>/pki_chain.pem:/etc/ssl/certs/pki_chain.pem:ro
environment:
# set same as db credentials and dbname
- MM_USERNAME=mmuser
- MM_PASSWORD=mmuser_password
- MM_DBNAME=mattermost
# - VIRTUAL_HOST=mm.teej.xyz
# use the credentials you've set above, in the format:
# MM_SQLSETTINGS_DATASOURCE=postgres://${MM_USERNAME}:${MM_PASSWORD}@db:5432/${MM_DBNAME}?sslmode=disable&connect_timeout=10
- MM_SQLSETTINGS_DATASOURCE=postgres://mmuser:mmuser_password@db:5432/mattermost?sslmode=disable&connect_timeout=10
# expose:
# - "8722:80"
# in case your config is not in default location
#- MM_CONFIG=/mattermost/config/config.json
web:
build: web
ports:
- "127.0.0.1:5880:80"
- "127.0.0.1:6443:443"
read_only: true
restart: unless-stopped
volumes:
# This directory must have cert files if you want to enable SSL
- ./volumes/web/cert:/cert:ro
- /etc/localtime:/etc/localtime:ro
I know nginx is not required here but anyways I dont know if thats causing the issue.
on my server host, I have nginx running and config as below,
server {
listen 443 ssl http2;
server_name mm.teej.xyz;
ssl_certificate /etc/letsencrypt/live/teej.xyz/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/teej.xyz/privkey.pem;
#proxy_set_header X-Real-IP $remote_addr;
# Enable TLS versions (TLSv1.3 is required upcoming HTTP/3 QUIC).
ssl_protocols TLSv1.2 TLSv1.3;
# Enable TLSv1.3's 0-RTT. Use $ssl_early_data when reverse proxying to
# prevent replay attacks.
#
# @see: https://nginx.org/en/docs/http/ngx_http_ssl_module.html#ssl_early_data
# ssl_early_data on;
#
ssl_ciphers 'ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES>
ssl_prefer_server_ciphers on;
#ssl_session_cache shared:SSL:50m;
# HSTS (ngx_http_headers_module is required) (15768000 seconds = 6 months)
add_header Strict-Transport-Security max-age=15768000;
# OCSP Stapling ---
# fetch OCSP records from URL in ssl_certificate and cache them
ssl_stapling on;
ssl_stapling_verify on;
#add_header X-Early-Data $tls1_3_early_data;
location ~ /api/v[0-9]+/(users/)?websocket$ {
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
client_max_body_size 50M;
proxy_set_header Host $http_host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Frame-Options SAMEORIGIN;
proxy_buffers 256 16k;
proxy_buffer_size 16k;
client_body_timeout 60;
send_timeout 300;
lingering_timeout 5;
proxy_connect_timeout 90;
proxy_send_timeout 300;
proxy_read_timeout 90s;
proxy_pass http://localhost:5800;
}
location / {
#proxy_read_timeout 310s;
#proxy_set_header Host $host;
#proxy_set_header Forwarded "for=$remote_addr;proto=$scheme";
#proxy_set_header X-Forwarded-For $remote_addr;
#proxy_set_header X-Forwarded-Proto $scheme;
#proxy_set_header X-Real-IP $remote_addr;
#proxy_set_header Connection "";
#proxy_http_version 1.1;
proxy_pass http://localhost:5880;
client_max_body_size 50M;
proxy_set_header Connection "";
proxy_set_header Host $http_host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Frame-Options SAMEORIGIN;
proxy_buffers 256 16k;
proxy_buffer_size 16k;
proxy_read_timeout 600s;
#proxy_cache mattermost_cache;
proxy_cache_revalidate on;
proxy_cache_min_uses 2;
proxy_cache_use_stale timeout;
proxy_cache_lock on;
proxy_http_version 1.1;
}
}
I gave “https://mm.teej.xyz” as site url and left other values unchanged, restarted app docker. When I do Test Live URL, get error Test unsuccessful: This is not a valid live URL.
On top of the above, red ribbon with " Please check connection, Mattermost unreachable. If issue persists, ask administrator to check WebSocket port."
Can somebody please help.