[SOLVED] Incorrect Redirect URI on Gitlab 8.9.3 + bundled Mattermost + Apache

Using Apache 2.4.7 on Ubuntu 14.04.4. Gitlab SSL configuration derived from web-server/apache/gitlab-omnibus-ssl-apache24.conf · master · GitLab.org / GitLab recipes · GitLab; copied and modified for Mattermost as well.

When a user navigates to https://mattermost.servername.com, a sign-in screen is presented. The button to “Login via Gitlab” is shown. Clicking this button initiates a request to https://mattermost.servername.com/api/v3/oauth/gitlab/signup, which returns a 302 Redirect to: https://gitlab.servername.com/oauth/authorize?response_type=code&client_id=xxxx&redirect_uri=http%3A%2F%2Fmattermost.servername.com%3A4443%2Fsignup%2Fgitlab%2Fcomplete&state=xxxx. Notice that the redirect_uri is missing the ‘s’ for HTTPS. This causes the loaded Gitlab page to return “The redirect URI included is not valid.”

Relevant gitlab.rb lines:

mattermost_external_url 'https://mattermost.servername.com' mattermost['enable'] = true mattermost['service_use_ssl'] = true mattermost['service_address'] = "127.0.0.1" mattermost['service_port'] = "8065" mattermost_nginx['enable'] = false mattermost_nginx['redirect_http_to_https'] = true # this likely does nothing

How can I fix the redirect_uri that is presented by the main Mattermost login page?

Solved. Apache conf file for site had the following two lines in the VirtualHost section:

RequestHeader set X_FORWARDED_PROTO 'https' RequestHeader set X-Forwarded-Ssl on

Adding this third line did the trick:

RequestHeader set X-Forwarded-Proto "https"

Note how the original file (Add the ErrorDocument for 502 and fix 503 for GitLab 8.8 release (b9afcfd8) · Commits · GitLab.org / GitLab recipes · GitLab) does NOT include the correct header.