Summary
New Docker install, latest pull, have self-signed cert, LAN deployment only
This deployment of MM is for internal communications only. I would be fine with http but the email invites are coded for https. So I need to configure this install to use https since email invites links are for https. Yes I’ve read through the guides and have tried several different deployment methods. Docker was the best deployment for me. Now how can I use my self-signed cert to secure the site? I’m looking for step by step instructions. Thanks in advanced
The e-mail invites are not hardcoded to https, they inherit the value from the environment variable MM_SERVICESETTINGS_SITEURL which can be found at the bottom of your .env file (if you’re using the docker compose deployment method).
For installing your pre-existing certificate and key, please check bullet point 4 in the instructions and especially the part “If using a pre-existing certificate and key:”:
Thank you for responding. I see now where I missed that. And I believe the name in the cert and the server don’t match, that I can fix. However I’m still having the issue of using https. How do I go from http to https? Do I change the listing port to 443?
Not sure what exactly you deployed, but if you followed the official instructions that revolve around docker compose, you will also get an nginx reverse proxy container which will take care of the SSL encryption so you do not have to change anything within the Mattermost container for that to work.
If you specify the paths to the certificate in the .env file as written in the documentation, the docker-compose command will map the certificates into the nginx container and use it there. The redirect will also happen automatically, because that’s part of the nginx config there.
Thanks for pointing that out. I was able to set the paths and then run the docker compose with the nginx. My problem seemed to stem from the ssl certs. I had the wrong DNS entries in them. Plus I didn’t realize that the key needed to be in the .pem extension. So after I reran my config file through openssl, I ran the key through the following CLI CMD: