Summary
Version 2.0 official app showing “The server is not reachable” error main page.
But send/receive message is no problem.
And mobile beta (2.0.0 / build 440) / web / desktop 5.2.2 : no error.
Steps to reproduce
Expected behavior
Observed behavior
Device : iPhone 13 pro / iOS 16.2
App Version: 2.0.0 (Build 452)
Server Version: 7.7.0
Database: postgres 13 (schema 100)
Hi Eooooq,
does this error go away after some time or does it persist across app restarts and refreshes? Any other functionality impacted, like notifications?
Did you already try to switch networks (wifi → gsm, gsm → wifi) in order to verify that the problem is not related to a specific connection?
Does your Mattermost domain have an IPv6 record and is it reachable via IPv6 properly?
When you send a message on mobile, the new message appears immediately on desktop app.
However, messages sent from the desktop will not be refreshed from the mobile app.
Thanks, this sounds like a problem with the websockets which also indicates the error your seeing, so your mobile client is not able to establish a solid websocket connection to the server. The websocket is used for streaming events and notifying the mobile app about a new post f.ex.
Trying to find out how to further debug that and will update you once I know.
Also, can you please verify the build number of your app? Click on your profile picture on the bottom right, then on Settings and then on “About ”. It should be build 452.
Also, if it really is 452, can you please click on the “Report a problem” link at the bottom of the Settings screen and send yourself the logs and attach the relevant parts here? Not sure if they contain sensitive information, you might want to DM them to me or strip the relevant parts out of it first before posting them publicly.
Got the same issue: App showing “The server is not reachable” and no notification on incoming messages.
Could it be an incompatibility with the new Android app and our server which is still on the previous version ?
Server Version: 7.4.0 (Build 7.4.0)
App Version: 2.0.0 (Build 6000452)
App Platform: android
2023/01/23 17:35:19.121 INFO Launch app in Home screen
2023/01/23 17:35:19.200 INFO Running "Home
2023/01/23 17:35:21.195 INFO websocket connecting to wss://xxxxxxxxx.com:443/api/v4/websocket
2023/01/23 17:35:22.279 WARN Handling Javascript error websocket error false
2023/01/23 17:35:22.281 ERROR websocket error wss://xxxxxxxxx.com:443/api/v4/websocket
2023/01/23 17:35:22.283 WARN Handling Javascript error WEBSOCKET ERROR EVENT false
2023/01/23 17:35:22.290 ERROR WEBSOCKET ERROR EVENT {
"message": {
"error": "Forbidden"
},
"url": "wss:\/\/xxxxxxxxx.com:443\/api\/v4\/websocket"
}
On my computer, in the browser, the web socket call works fine.
wss://xxxxxxxxx.com/api/v4/websocket?connection_id=&sequence_number=0
Status Code: 101 Switching Protocols
WARNING Handling Javascript error WEBSOCKET ERROR EVENT 0
ERROR WEBSOCKET ERROR EVENT {
message = {
error = {
message = "Error Domain=NSOSStatusErrorDomain Code=-9836 \"(null)\" UserInfo={_kCFStreamErrorCodeKey=-9836, _kCFStreamErrorDomainKey=3}";
};
};
url = "wss://mattermost/api/v4/websocket";
}
Any solution for this error?
Hi @cgsp and welcome to the Mattermost forums!
Are you two probably using self signed certificates or any other forum of non-official or path-broken certificates in your Mattermost server that could explain this behaviour?
The useragent changed for the new mobile app, do you maybe have a reverse proxy with useragent filtering in front of your Mattermost application server?
I am in this scenario and yes, I have mine behind a reverse proxy, but without useragent filtering. This began for me when I updated my android app to the latest version as of right now.
Hi @c-lombardi and welcome to the Mattermost forums!
So you’re using a selfsigned certificate here on your server?
You’re also getting a “the server is not reachable” message and cannot use it at all, right?
Same problem. Using the latest Mattermost server (on Docker) with Let’s Encrypt SSL.
Nginx config:
upstream backend {
server 127.0.0.1:8065;
keepalive 32;
}
proxy_cache_path /var/cache/nginx levels=1:2 keys_zone=mattermost_cache:10m max_size=3g inactive=120m use_temp_path=off;
server {
server_name domain.tld;
location ~ /api/v[0-9]+/(users/)?websocket$ {
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
client_max_body_size 50M;
proxy_set_header Host $http_host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Frame-Options SAMEORIGIN;
proxy_buffers 256 16k;
proxy_buffer_size 16k;
client_body_timeout 60;
send_timeout 300;
lingering_timeout 5;
proxy_connect_timeout 90;
proxy_send_timeout 300;
proxy_read_timeout 90s;
proxy_pass http://backend;
}
location / {
client_max_body_size 50M;
proxy_set_header Connection "";
proxy_set_header Host $http_host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Frame-Options SAMEORIGIN;
proxy_buffers 256 16k;
proxy_buffer_size 16k;
proxy_read_timeout 600s;
proxy_cache mattermost_cache;
proxy_cache_revalidate on;
proxy_cache_min_uses 2;
proxy_cache_use_stale timeout;
proxy_cache_lock on;
proxy_http_version 1.1;
proxy_pass http://backend;
}
listen 443 ssl http2; # managed by Certbot
ssl_certificate /etc/letsencrypt/live/domain.tld/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/domain.tld/privkey.pem; # managed by Certbot
# include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
# ssl_session_timeout 1d;
# Enable TLS versions (TLSv1.3 is required upcoming HTTP/3 QUIC).
ssl_protocols TLSv1.2 TLSv1.3;
# Enable TLSv1.3's 0-RTT. Use $ssl_early_data when reverse proxying to
# prevent replay attacks.
#
# @see: https://nginx.org/en/docs/http/ngx_http_ssl_module.html#ssl_early_data
ssl_early_data on;
# ssl_ciphers ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES256->
# ssl_prefer_server_ciphers on;
# ssl_session_cache shared:SSL:50m;
# HSTS (ngx_http_headers_module is required) (15768000 seconds = six months)
add_header Strict-Transport-Security max-age=15768000;
# OCSP Stapling ---
# fetch OCSP records from URL in ssl_certificate and cache them
ssl_stapling on;
ssl_stapling_verify on;
}
server {
if ($host = domain.tld) {
return 301 https://$host$request_uri;
} # managed by Certbot
listen 80 default_server;
server_name domain.tld;
return 404; # managed by Certbot
}
Hi @daniel_rie and welcome to the Mattermost forums!
What server and mobile app versions are you running and can you connect to your server just fine when you use the browser on your mobile app? Also, can you verify that the SiteUrl configuration variable of your Mattermost server is set to exactly the value you’re using in the mobile app’s connection profile?
Hi,
latest version of server and app + site url set correctly.
Browser app works just fine. Some users cannot start calls, because they drop out after seconds - or while „connecting“.
Daniel
@Eooooq I just got word that the error code 9836 in your setup translates to A bad protocol version was encountered, so this sounds like an issue with the TLS ciphers and/or version. Can you make sure that the server is also supporting recent cipher suites and TLS versions and not just outdated ones?
@daniel_rie Alright, thanks for verifying. Can you check your logs (click on your profile picture → settings → report a problem) and send them to your mail and upload them here then (at least the relevant parts)?
2023/02/27 16:45:18:404 INFO Running "BottomSheet
2023/02/27 16:45:20:768 INFO Running "BottomSheet
2023/02/27 16:45:22:371 INFO Running "Server
2023/02/27 16:45:25:818 INFO Running "BottomSheet
2023/02/27 17:00:14:715 INFO websocket connecting to wss://domain.tld/api/v4/websocket
2023/02/27 17:00:14:805 WARNING Handling Javascript error websocket error 0
2023/02/27 17:00:14:805 ERROR websocket error wss://domain.tld/api/v4/websocket
2023/02/27 17:00:14:807 WARNING Handling Javascript error WEBSOCKET ERROR EVENT 0
2023/02/27 17:00:14:807 ERROR WEBSOCKET ERROR EVENT {
message = {
error = {
message = “Error Domain=NSOSStatusErrorDomain Code=-9836 "(null)" UserInfo={_kCFStreamErrorCodeKey=-9836, _kCFStreamErrorDomainKey=3}”;
};
};
url = “wss://domain.tld/api/v4/websocket”;
}
2023/02/27 17:00:14:808 WARNING Handling Javascript error websocket error 0
2023/02/27 17:00:14:808 ERROR websocket error wss://domain.tld/api/v4/websocket
2023/02/27 17:00:14:808 WARNING Handling Javascript error WEBSOCKET ERROR EVENT 0
2023/02/27 17:00:14:808 ERROR WEBSOCKET ERROR EVENT {
message = {
error = {
message = “Error Domain=NSOSStatusErrorDomain Code=-9836 "(null)" UserInfo={_kCFStreamErrorCodeKey=-9836, _kCFStreamErrorDomainKey=3}”;
};
};
url = “wss://domain.tld/api/v4/websocket”;
}
Thanks, you’re getting the same error code here (9836) so the question with regards to the TLS protocols and cipher suites also applies to you.
Is your Mattermost server publicly reachable? If so, you could verify the settings using the Qualys SSL Server Test.
Yes, rating “A”
This site works only in browsers with SNI support.
This server supports TLS 1.3.
HTTP Strict Transport Security (HSTS) with long duration deployed on this server. MORE INFO »
| Serial Number | 03c0bf605407a8bbc87a3a803834230e33ce |
|---|---|
| Valid from | Fri, 24 Feb 2023 17:52:39 UTC |
| Valid until | Thu, 25 May 2023 17:52:38 UTC (expires in 2 months and 24 days) |
| Key | RSA 2048 bits (e 65537) |
| Weak key (Debian) | No |
| Issuer | R3 |
| AIA: http://r3.i.lencr.org/ | |
| Signature algorithm | SHA256withRSA |
| Extended Validation | No |
| Certificate Transparency | Yes (certificate) |
| OCSP Must Staple | No |
| Revocation information | OCSP |
| OCSP: http://r3.o.lencr.org | |
| Revocation status | Good (not revoked) |
| DNS CAA | No (more info) |
| Trusted | Yes |
| Mozilla Apple Android Java Windows |
| TLS 1.3 | Yes |
|---|---|
| TLS 1.2 | No |
| TLS 1.1 | No |
| TLS 1.0 | No |
| SSL 3 | No |
| SSL 2 | No |
Further investigation: My nginx log shows the following error:
recv() failed (104: Unknown error) while reading response header from upstream, client: XXX.XXX.XX.XX, server: domain.tld, request: “GET /api/v4/users/me/sessions HTTP/2.0”, upstream: “http://127.0.0.1:8065/api/v4/users/me/sessions”, host: “domain.tld”
I am using Cloudflare.
Only using TLS 1.3, TLS_AES_128_GCM_SHA256.
SSL LABS grade is “A”
May not solved this problem.