Token Request Error on Omnibus with Reverse Proxy

I am trying to get SSO for mattermost from gitlab working in the Omnibus installation. Any ideas on how to troubleshoot would be greatly appreciated.

Setup

I have the Omnibus package installed in an lxc container running Ubuntu 16.04 with traffic from the internet routed through nginx running in another container. I’m terminating the ssl connections in the nginx container where the certs are, and then forwarding traffic to the gitlab lxc container via server configurations for each of my gitlab and mattermost urls.

The Problem

When I click the sign in with gitlab button it takes me to the authorization url, but then when I click authorize, I get:

Token request failed

and in /var/log/gitlab/mattermost/mattermost.log, I get:

[2017/01/13 22:36:08 UTC] [EROR] websocket connect err: websocket: could not find connection header with token 'upgrade' [2017/01/13 22:36:08 UTC] [EROR] /api/v3/users/websocket:connect code=500 rid=ojqur6wyubybmqyhegpptbmwey uid= ip=76.90.41.133, 10.29.248.10 Failed to upgrade websocket connection [details: ] [2017/01/13 22:37:28 UTC] [EROR] SMTP server settings do not appear to be configured properly err=Failed to open connection details=dial tcp :0: getsockopt: connection refused [2017/01/13 22:37:45 UTC] [EROR] /signup/gitlab/complete:AuthorizeOAuthUser code=500 rid=i9eat3i7e7gjjpxddnp168oj9c uid= ip=76.90.41.133, 10.29.248.10 Token request failed [details: Post https://git.calebeverett.io:80/oauth/token: dial tcp 45.79.111.122:80: getsockopt: connection refused]

What is odd to me is that initial request to https://git.calebeverett.io/oauth/authorize was successful.

Configuration Settings

Here are the mattermost-nginx settings:

mattermost_nginx['listen_port'] = 8081
mattermost_nginx['listen_https'] = false
mattermost_nginx['proxy_set_headers'] = {
  "Host" => "$http_host",
  "X-Real-IP" => "$remote_addr",
  "X-Forwarded-For" => "$proxy_add_x_forwarded_for",
  "X-Frame-Options" => "SAMEORIGIN",
  "X-Forwarded-Proto" => "https",
  "X-Forwarded-Ssl" => "on",
  "Upgrade" => "$http_upgrade",
  "Connection" => "$connection_upgrade"
}

and here are the nginx settings:

nginx['listen_port'] = 80
nginx['listen_https'] = false
nginx['proxy_set_headers'] = {
 "X-Forwarded-Proto" => "https",
 "X-Forwarded-Ssl" => "on",
}

Resources

Documentation

Gitlab-Mattermost Docs
SSO documentation

Other Posts

Hey @CalebEverett and really, really sorry for the slow response.

Looks like this might be an error on GitLab Omnibus, can you help cross-post your note in the GitLab troubleshooting forums?

They’ll have more expertise on how to resolve it.

I know it’s been a while, but was this ever resolved? I’m having exactly the same issue.

Hi @lnxm8 - thank you for your question! Looks like this was/is an issue on Gitlab’s side, so you might want to check with Gitlab on this and/or look if an issue related to this was opened in their troubleshooting forum that Jason linked above ^