Unable to Enable HTTPS and Change Port in Mattermost Omnibus Deployment

Troubleshooting
1

Summary
I am attempting to deploy Mattermost according to the manual provided on the official website (Install Mattermost Omnibus — Mattermost documentation). However, I am encountering issues in achieving two objectives:

  1. Enable HTTPS
  2. Use port 80 instead of 8065

Environment

  • Amazon Lightsail
  • Ubuntu 22.04 LTS

Steps to reproduce

  1. Run the following command in the terminal:
$ curl -o- https://deb.packages.mattermost.com/repo-setup.sh | sudo bash
  1. Install Mattermost Omnibus by running the following command:
$ sudo apt install mattermost-omnibus -y
  1. Enter the domain and email address when prompted.
  2. Access the domain.

access to my domain

Expected Behavior.

  1. The website should be accessible at https://example.com/.
  2. If accessed at http://example.com/, the website should redirect to https://example.com.

Observed behavior

I am only able to access the website at http://example.com:8065, and not on port 80. and I can’t use https.

What I tried

I tried changing the settings from the web console, but I was unable to make any changes. Here is a screenshot of the error:

image
image925×462 50.9 KB

I also tried changing the settings from the file /etc/mattermost/mmomni.mattermost.env, but the changes were not saved. After rebooting, the files were restored to their original state.

2

Hey @Taiki and welcome to the Mattermost forums!

The omnibus setup comes with SSL enabled by default as it uses Let’s encrypt. Could it be that there has been an error with the Let’s encrypt certificate generation during the setup or did you maybe answer the question if you want to have Let’s encrypt with no?

When you change settings in /etc/mattermost/mmomni.mattermost.env you need to restart Mattermost, so that it recognizes the new environment variables, but please do not touch this file for now and instead please run mmomni reconfigure and post the output here.

1 Like
3

@agriesser
Thank you for your reply.
This is output. “Generate SSL Certificate” has been skipped.

$ sudo mmomni reconfigure
[WARNING]: No inventory was parsed, only implicit localhost is available
[WARNING]: provided hosts list is empty, only localhost is available. Note that the implicit localhost does not match 'all'

PLAY [localhost] ***************************************************************************************************************************

TASK [Gathering Facts] *********************************************************************************************************************
ok: [localhost]

TASK [Update debconf variables with json file values] **************************************************************************************
ok: [localhost] => (item={'key': 'mattermost-omnibus/domain', 'value': 'example.jp'})
ok: [localhost] => (item={'key': 'mattermost-omnibus/email', 'value': 'mail@gmail.com'})

TASK [Ensure that NGINX is running] ********************************************************************************************************
ok: [localhost]

TASK [Check if certificate already exists] *************************************************************************************************
ok: [localhost]

TASK [Generate SSL Certificate] ************************************************************************************************************
skipping: [localhost]

TASK [Renew SSL certificate] ***************************************************************************************************************
changed: [localhost]

TASK [Configure NGINX https template] ******************************************************************************************************
ok: [localhost]

TASK [Delete default NGINX configuration file] *********************************************************************************************
ok: [localhost]

TASK [Restart NGINX service with the new configuration] ************************************************************************************
changed: [localhost]

TASK [Create database user] ****************************************************************************************************************
ok: [localhost]

TASK [Create database for Mattermost] ******************************************************************************************************
ok: [localhost]

TASK [Create system user] ******************************************************************************************************************
ok: [localhost]

TASK [Ensure file permissions] *************************************************************************************************************
ok: [localhost] => (item=/opt/mattermost)
ok: [localhost] => (item=/var/opt/mattermost/data)
ok: [localhost] => (item=/var/log/mattermost)

TASK [Generate mattermost env variables] ***************************************************************************************************
ok: [localhost]

TASK [Generate systemd service] ************************************************************************************************************
ok: [localhost]

TASK [Enable and restart Mattermost service] ***********************************************************************************************
changed: [localhost]

PLAY RECAP *********************************************************************************************************************************
localhost                  : ok=15   changed=3    unreachable=0    failed=0    skipped=1    rescued=0    ignored=0
4

OK, interesting. Please provide more outputs (all with sudo or in a root shell and I’ve added examples of what it should look like):

Check if nginx is running and listening on port 443:

# lsof -i :443
COMMAND    PID  USER   FD   TYPE  DEVICE SIZE/OFF NODE NAME
nginx   362823  root    8u  IPv4 6810358      0t0  TCP *:https (LISTEN)
nginx   362823  root    9u  IPv6 6810359      0t0  TCP *:https (LISTEN)
nginx   362824 nginx    8u  IPv4 6810358      0t0  TCP *:https (LISTEN)
nginx   362824 nginx    9u  IPv6 6810359      0t0  TCP *:https (LISTEN)
nginx   362825 nginx    8u  IPv4 6810358      0t0  TCP *:https (LISTEN)
nginx   362825 nginx    9u  IPv6 6810359      0t0  TCP *:https (LISTEN)

Verify that the certificates have been generated and are configured in nginx:

# grep ssl_certificate /etc/nginx/conf.d/mattermost.conf
    ssl_certificate /etc/letsencrypt/live/mmtest2.anexia.dev/fullchain.pem;
  ssl_certificate_key /etc/letsencrypt/live/mmtest2.anexia.dev/privkey.pem;

Restart nginx and post the last few lines of the log:

# systemctl restart nginx
# tail -50 /var/log/nginx/error.log
1 Like
5

Thank you.
First, I try sudo lsof -i :443. As I was checking, I noticed something. So I checked the Lightsail console and found that port 443 was not allowed. I reconfigured and restarted Lightsail. Then everything was resolved.
Thanks for your support.

6

Awesome, thanks for letting us know and glad to hear you’re up and running now :slight_smile:

1 Like