Taiki
April 5, 2023, 6:08pm
1
Summary
I am attempting to deploy Mattermost according to the manual provided on the official website (Install Mattermost Omnibus — Mattermost documentation ). However, I am encountering issues in achieving two objectives:
Enable HTTPS
Use port 80 instead of 8065
Environment
Amazon Lightsail
Ubuntu 22.04 LTS
Steps to reproduce
Run the following command in the terminal:
$ curl -o- https://deb.packages.mattermost.com/repo-setup.sh | sudo bash
Install Mattermost Omnibus by running the following command:
$ sudo apt install mattermost-omnibus -y
Enter the domain and email address when prompted.
Access the domain.
access to my domain
Expected Behavior .
The website should be accessible at https://example.com/
.
If accessed at http://example.com/
, the website should redirect to https://example.com
.
Observed behavior
I am only able to access the website at http://example.com:8065
, and not on port 80. and I can’t use https.
What I tried
I tried changing the settings from the web console, but I was unable to make any changes. Here is a screenshot of the error:
I also tried changing the settings from the file /etc/mattermost/mmomni.mattermost.env
, but the changes were not saved. After rebooting, the files were restored to their original state.
Hey @Taiki and welcome to the Mattermost forums!
The omnibus setup comes with SSL enabled by default as it uses Let’s encrypt. Could it be that there has been an error with the Let’s encrypt certificate generation during the setup or did you maybe answer the question if you want to have Let’s encrypt with no?
When you change settings in /etc/mattermost/mmomni.mattermost.env
you need to restart Mattermost, so that it recognizes the new environment variables, but please do not touch this file for now and instead please run mmomni reconfigure
and post the output here.
1 Like
Taiki
April 6, 2023, 4:57am
3
@agriesser
Thank you for your reply.
This is output. “Generate SSL Certificate” has been skipped.
$ sudo mmomni reconfigure
[WARNING]: No inventory was parsed, only implicit localhost is available
[WARNING]: provided hosts list is empty, only localhost is available. Note that the implicit localhost does not match 'all'
PLAY [localhost] ***************************************************************************************************************************
TASK [Gathering Facts] *********************************************************************************************************************
ok: [localhost]
TASK [Update debconf variables with json file values] **************************************************************************************
ok: [localhost] => (item={'key': 'mattermost-omnibus/domain', 'value': 'example.jp'})
ok: [localhost] => (item={'key': 'mattermost-omnibus/email', 'value': 'mail@gmail.com'})
TASK [Ensure that NGINX is running] ********************************************************************************************************
ok: [localhost]
TASK [Check if certificate already exists] *************************************************************************************************
ok: [localhost]
TASK [Generate SSL Certificate] ************************************************************************************************************
skipping: [localhost]
TASK [Renew SSL certificate] ***************************************************************************************************************
changed: [localhost]
TASK [Configure NGINX https template] ******************************************************************************************************
ok: [localhost]
TASK [Delete default NGINX configuration file] *********************************************************************************************
ok: [localhost]
TASK [Restart NGINX service with the new configuration] ************************************************************************************
changed: [localhost]
TASK [Create database user] ****************************************************************************************************************
ok: [localhost]
TASK [Create database for Mattermost] ******************************************************************************************************
ok: [localhost]
TASK [Create system user] ******************************************************************************************************************
ok: [localhost]
TASK [Ensure file permissions] *************************************************************************************************************
ok: [localhost] => (item=/opt/mattermost)
ok: [localhost] => (item=/var/opt/mattermost/data)
ok: [localhost] => (item=/var/log/mattermost)
TASK [Generate mattermost env variables] ***************************************************************************************************
ok: [localhost]
TASK [Generate systemd service] ************************************************************************************************************
ok: [localhost]
TASK [Enable and restart Mattermost service] ***********************************************************************************************
changed: [localhost]
PLAY RECAP *********************************************************************************************************************************
localhost : ok=15 changed=3 unreachable=0 failed=0 skipped=1 rescued=0 ignored=0
OK, interesting. Please provide more outputs (all with sudo or in a root shell and I’ve added examples of what it should look like):
Check if nginx is running and listening on port 443:
# lsof -i :443
COMMAND PID USER FD TYPE DEVICE SIZE/OFF NODE NAME
nginx 362823 root 8u IPv4 6810358 0t0 TCP *:https (LISTEN)
nginx 362823 root 9u IPv6 6810359 0t0 TCP *:https (LISTEN)
nginx 362824 nginx 8u IPv4 6810358 0t0 TCP *:https (LISTEN)
nginx 362824 nginx 9u IPv6 6810359 0t0 TCP *:https (LISTEN)
nginx 362825 nginx 8u IPv4 6810358 0t0 TCP *:https (LISTEN)
nginx 362825 nginx 9u IPv6 6810359 0t0 TCP *:https (LISTEN)
Verify that the certificates have been generated and are configured in nginx:
# grep ssl_certificate /etc/nginx/conf.d/mattermost.conf
ssl_certificate /etc/letsencrypt/live/mmtest2.anexia.dev/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/mmtest2.anexia.dev/privkey.pem;
Restart nginx and post the last few lines of the log:
# systemctl restart nginx
# tail -50 /var/log/nginx/error.log
1 Like
Taiki
April 6, 2023, 5:52am
5
Thank you.
First, I try sudo lsof -i :443
. As I was checking, I noticed something. So I checked the Lightsail console and found that port 443 was not allowed. I reconfigured and restarted Lightsail. Then everything was resolved.
Thanks for your support.
Awesome, thanks for letting us know and glad to hear you’re up and running now
1 Like