Please check connection, Mattermost unreachable. If issue persists(...) check WebSocket port

Troubleshooting
1

Hello there ! First message, hopefully not bothering you.

Summary
Fresh install on last Ubuntu 22.04.2, EC2 instance on AWS.
Everything works like a charm, but I do have this message on top “Please check connection, Mattermost unreachable. If issue persists, ask administrator to check WebSocket port.”

Steps to reproduce
Deploy last mattermost version on last ubuntu version, instance EC2 on AWS, nginx server.

Expected behavior
Websocket connection should work.

Observed behavior
Everything works, except this message.

Mattermost conf file
(at least the beginning)

sudo head -n 50 /opt/mattermost/config/config.json 
{
    "ServiceSettings": {
        "SiteURL": "https://mattermost.myawesomewebsite.fr",
        "WebsocketURL": "wss://mattermost.myawesomewebsite.fr/api/v4/websocket",
        "LicenseFileLocation": "",
        "ListenAddress": ":8065",
        "ConnectionSecurity": "",
        "TLSCertFile": "/etc/letsencrypt/live/mattermost.myawesomewebsite.fr/fullchain.pem",
        "TLSKeyFile": "/etc/letsencrypt/live/mattermost.myawesomewebsite.fr/privkey.pem",
        "TLSMinVer": "1.2",
        "TLSStrictTransport": false,
        "TLSStrictTransportMaxAge": 63072000,
        "TLSOverwriteCiphers": [],
        "UseLetsEncrypt": false,
        "LetsEncryptCertificateCacheFile": "./config/letsencrypt.cache",
        "Forward80To443": false,
        "TrustedProxyIPHeader": [],
        "ReadTimeout": 300,
        "WriteTimeout": 300,
        "IdleTimeout": 60,
        "MaximumLoginAttempts": 10,
        "GoroutineHealthThreshold": -1,
        "EnableOAuthServiceProvider": true,
        "EnableIncomingWebhooks": true,
        "EnableOutgoingWebhooks": true,
        "EnableCommands": true,
        "EnablePostUsernameOverride": false,
        "EnablePostIconOverride": false,
        "GoogleDeveloperKey": "",
        "EnableLinkPreviews": true,
        "EnablePermalinkPreviews": true,
        "RestrictLinkPreviews": "",
        "EnableTesting": false,
        "EnableDeveloper": false,
        "DeveloperFlags": "",
        "EnableClientPerformanceDebugging": false,
        "EnableOpenTracing": false,
        "EnableSecurityFixAlert": true,
        "EnableInsecureOutgoingConnections": false,
        "AllowedUntrustedInternalConnections": "",
        "EnableMultifactorAuthentication": false,
        "EnforceMultifactorAuthentication": false,
        "EnableUserAccessTokens": false,
        "AllowCorsFrom": "",
        "CorsExposedHeaders": "",
        "CorsAllowCredentials": false,
        "CorsDebug": false,
        "AllowCookiesForSubdomains": false,
        "ExtendSessionLengthWithActivity": true,
        "SessionLengthWebInDays": 30,

My nginx conf file

server {
    listen 80;
    server_name mattermost.myawesomewebsite.fr;
    location ^~ /.well-known/acme-challenge/ {
        default_type "text/plain";
        root /var/www/html;
    }
    location / {
        return 301 https://$host$request_uri;
    }
}

server {
    listen 443 ssl http2;
    server_name mattermost.myawesomewebsite.fr;

    ssl_certificate /etc/letsencrypt/live/mattermost.myawesomewebsite.fr/fullchain.pem;
    ssl_certificate_key /etc/letsencrypt/live/mattermost.myawesomewebsite.fr/privkey.pem;
    ssl_session_timeout 1d;
    ssl_protocols TLSv1.2 TLSv1.3;
    ssl_ciphers HIGH:!aNULL:!MD5;
    ssl_prefer_server_ciphers on;

    location / {
        gzip off;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header X-Forwarded-Proto $scheme;
        proxy_set_header Host $http_host;
        proxy_set_header X-NginX-Proxy true;
        proxy_pass http://localhost:8065;
        proxy_redirect off;
        # WebSocket Support
        proxy_http_version 1.1;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection "upgrade";
        proxy_read_timeout 86400;
    }
}
2

Hey there !

Any update please ? Anyone knowing how to solve this ? :slight_smile: :pray:

3

Desperately trying to solve this. Any idea guys ? I’m begging you :sweat_smile:

4

Hi @maximilien , welcome to the Mattermost forums and sorry for my late reply!

Please check out the official documentation on how to configure nginx as a reverse proxy for Mattermost. Your configuration file is missing the relevant part for the websockets which is also the reason for the message you’re seeing:

https://docs.mattermost.com/install/config-proxy-nginx.html

5

Thanks so much for your answer, agriesser ! :slight_smile:

I’ve just made the relevant corrections and yet, I have the same ugly red message and no improvements…

Here is what the mattermost.conf looks like now. (obviously I’ve anonymised it)


upstream backend {
   server localhost:8065;
   keepalive 32;
}

proxy_cache_path /var/cache/nginx levels=1:2 keys_zone=mattermost_cache:10m max_size=3g inactive=120m use_temp_path=off;

server {
  listen 80 default_server;
  server_name   mattermost.your-domain.com;
  return 301 https://$server_name$request_uri;
}

server {
   listen 443 ssl http2;
   server_name    mattermost.your-domain.com;

   http2_push_preload on;

   ssl on;
   ssl_certificate /etc/letsencrypt/live/your-domain/fullchain.pem;
   ssl_certificate_key /etc/letsencrypt/live/your-domain/privkey.pem;
   ssl_session_timeout 1d;

   ssl_protocols TLSv1.2 TLSv1.3;

   ssl_early_data on;

   ssl_ciphers 'ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384';
   ssl_prefer_server_ciphers on;
   ssl_session_cache shared:SSL:50m;

   add_header Strict-Transport-Security max-age=15768000;

   ssl_stapling on;
   ssl_stapling_verify on;

   add_header X-Early-Data $tls1_3_early_data;

   location ~ /api/v[0-9]+/(users/)?websocket$ {
       proxy_set_header Upgrade $http_upgrade;
       proxy_set_header Connection "upgrade";
       client_max_body_size 50M;
       proxy_set_header Host $http_host;
       proxy_set_header X-Real-IP $remote_addr;
       proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
       proxy_set_header X-Forwarded-Proto $scheme;
       proxy_set_header X-Frame-Options SAMEORIGIN;
       proxy_buffers 256 16k;
       proxy_buffer_size 16k;
       client_body_timeout 60;
       send_timeout 300;
       lingering_timeout 5;
       proxy_connect_timeout 90;
       proxy_send_timeout 300;
       proxy_read_timeout 90s;
       proxy_http_version 1.1;
       proxy_pass http://backend;
   }

   location / {
       client_max_body_size 50M;
       proxy_set_header Connection "";
       proxy_set_header Host $http_host;
       proxy_set_header X-Real-IP $remote_addr;
       proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
       proxy_set_header X-Forwarded-Proto $scheme;
       proxy_set_header X-Frame-Options SAMEORIGIN;
       proxy_buffers 256 16k;
       proxy_buffer_size 16k;
       proxy_read_timeout 600s;
       proxy_cache mattermost_cache;
       proxy_cache_revalidate on;
       proxy_cache_min_uses 2;
       proxy_cache_use_stale timeout;
       proxy_cache_lock on;
       proxy_http_version 1.1;
       proxy_pass http://backend;
   }
}

map $ssl_early_data $tls1_3_early_data {
  "~." $ssl_early_data;
  default "";
}

Any idea what I’m missing ?

6

You did reload nginx, right?
Please remove the WebSocketURL configuration from your config file again, it’s not needed (the default should work just fine).

1 Like
7

Yes I did reload nginx with no effect.

But removing the WebSocketURL did the trick ! :heart_eyes: Thanks so much ! You made my day ! :pray:

8

Awesome, thanks for letting us know that this fixed it :slight_smile: I guess you tried to play around with the settings when you first noticed the error message and did not revert it since then.

9

Hi.

Almost a year later, and this problem still persists! I have a clean installation on Ubuntu, and connecting directly to it’s 8065 port. No web server to proxy. STILL have this issue!

Any resolve?

Thanks

10

@Herman where are you connecting from? WebSocket is a different protocol than HTTP. You need to look at everything between your client and Mattermost server… any firewall, load balancer, security groups, everything. Something is allowing HTTP on 8065 but not WebSocket.