SSL installed and working, but setting Mattermost to SSL breaks it

Summary
I’ve installed Mattermost 7.9.1 on Ubuntu 20.04 with Node.js/OpenLiteSpeed and set up Let’s Encrypt certificate. Mattermost on http://lgms-mm.lt:8065 works fine, but when I set it to SSL settings, on Mattermost restart it reports errors and stuck.

Steps to reproduce
Launched VPS from my hosting provider with Ubuntu 20.04 + Node.js/OpenLiteSpeed installed.
Successfully installed Let’s Encrypt sertificate by initial OpenLiteSpeed setup
Installed MySQL and Mattermost through SSH, as described in Installing-ubuntu-2004-LTS.html.
Opened up firewall port 8065 with ufw allow to any port 8065
At that point I successfully can access Mattermost by lgms-mm.lt:8065.
lgms-mm.lt shows Apache2 landing page.
lgms-mm.lt shows text message “Hello World! From OpenLiteSpeed NodeJS”

I set Mattermost to using SSL by these instructions:

MM_TLS_settings1038×706 63 KB

After I restart server through SSH, I get errors and MM server doesn’t start.
If I manually edit config.json file and revert to non-SSL settings, MM is available again at :8065.

I checked certificate at ssllabs.com - as I understand it shows normal results - category B.

Additionally - Apache2 landing page informs that:

The configuration layout for an Apache2 web server installation on Ubuntu systems is as follows:
/etc/apache2/

But I checked with ls and there is no apache2 dir in etc directory.
I was reading page “Configuring Apache2 with SSL and HTTP/2 (unofficial)” and wondering if I should follow it, but I couldn’t find above mentioned directories.

Any help would be appreciated.

Andrius

Hi @andriusba and welcome to the Mattermost forums!

If you already have OLS running with SSL, you do not need to set up SSL for Mattermost, all you’d need to do is make sure that https://lgms-mm.lt has a reverse proxy configuration to your locally running Mattermost instance on port 8065, that’s all. You also do not need to open port 8065 to the public, because the connection will be local only from your OLS to your Mattermost application server directly on the same host.

The only thing you have to change in Mattermost is the SiteUrl setting in your config.json, it has to point to https://lgms-mm.lt then.

Please check out this thread for a working OLS configuration a user shared with us and let me know if that helped you:

Thank you for the prompt reply, Alexander.
Your help is really appreciated.

Considering, that this is my first experience with VPS, Linux and server configurations and it might be helpfull to others, I will try to give detailed explanation, as this solved my problem.
As I can’t upload pictures on this forum yet, please add https://i.postimg.cc/ to every link to screenshot manually.

The hint to follow from your answer was “you need to set-up reverse proxy for openlitespeed”, which led me to https://openlitespeed.org/kb/reverse-proxy-basics

I’ve started with 3rd method - " Method 3: Proxying with Rewrite Rules (The most versatile way to proxy — and the simplest for name-based virtual hosting.)", but failed, so I started from the beginning - “Create a Web Server External Application at the Server or Virtual Host level” and then used “Method 1. Proxy with context”.
Now I understand that Method 3 didn’t work maybe because I skipped creating external application as the first step, nevertheless below described procedure worked for me.

First I created External app called mattermost.

01_ExtApp1072×320 28.5 KB

I guess app name is not important, but port is, so I filled them like this:
5t7kV4Gj/02-Ext-App-Set.png

Now I continued to my Virtual Hosts.
In my case, as it is written in documentation, Example was present.

On Context tab I had to add new context, but the problem is, that the was already context with URI /, so I was not allowed to create it as it was stated in documentation.

Pondering a bit on the fact that I had no app installed by myself to which this / should be pointing I decided to delete it and then create it according to the guide.

After that I had this:

And now it worked - trying to access lgms-mm.lt lead to Mattermost server.

Awesome, thanks for sharing your experience and how you got it working!
I’ve edited your post to include the pictures and have also marked this issue as resolved now