I’m not really sure how I can forcibly reproduce it - they just don’t work. I would say maybe 1 out of every 100 messages now, if that, I get the badge number.
I’m looking through the logs and these are the only errors I see:
{“level”:“error”,“ts”:1585623183.4068193,“caller”:“app/web_conn.go:282”,“msg”:“Invalid session.”,“error”:"GetSession: Invalid session token=mm74btdgwino3r5ws186oez69a, err=, "}
{“level”:“info”,“ts”:1585623184.7250674,“caller”:“mlog/log.go:167”,“msg”:“Invalid session”,“error”:"GetSession: Invalid session token=1km9optryb8hig1p5oquwtr4jh, err=, "}
The second one repeats a few times.
A little bit on my setup (and, again, this all worked fine before upgrading to version 5.x - the only difference was I was using an Apache proxy but I had this in place still post-upgrade and it was not working with Apache either):
Chat server: CentOS 8, went through the Mattermost Documentation for the setup and didn’t modify anything. SELinux is running.
Proxy Server: CentOS 8, nginx 1.14.1, here’s the conf file for the proxy:
upstream backend {
server 10.20.5.30:8065;
keepalive 32;
}proxy_cache_path /var/cache/nginx levels=1:2 keys_zone=mattermost_cache:10m max_size=3g inactive=120m use_temp_path=off;
server {
listen 80;
server_name chat.domain.com;include snippets/letsencrypt.conf; return 301 https://$server_name$request_uri;}
server {
listen 443 ssl http2;
server_name chat.domain.com;ssl on; ssl_certificate /etc/letsencrypt/live/domain.com/fullchain.pem; ssl_certificate_key /etc/letsencrypt/live/domain.com/privkey.pem; ssl_trusted_certificate /etc/letsencrypt/live/domain.com/chain.pem; ssl_session_timeout 1d; ssl_protocols TLSv1.2; ssl_ciphers 'ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256'; ssl_prefer_server_ciphers on; ssl_session_cache shared:SSL:50m; location ~ /api/v[0-9]+/(users/)?websocket$ { proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection "upgrade"; client_max_body_size 50M; proxy_set_header Host $http_host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto $scheme; proxy_set_header X-Frame-Options SAMEORIGIN; proxy_buffers 256 16k; proxy_buffer_size 16k; client_body_timeout 60; send_timeout 300; lingering_timeout 5; proxy_connect_timeout 90; proxy_send_timeout 300; proxy_read_timeout 90s; proxy_pass http://backend; } location / { client_max_body_size 50M; proxy_set_header Connection ""; proxy_set_header Host $http_host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto $scheme; proxy_set_header X-Frame-Options SAMEORIGIN; proxy_buffers 256 16k; proxy_buffer_size 16k; proxy_read_timeout 600s; proxy_cache mattermost_cache; proxy_cache_revalidate on; proxy_cache_min_uses 2; proxy_cache_use_stale timeout; proxy_cache_lock on; proxy_http_version 1.1; proxy_pass http://backend; }}
Let me know what else I can provide that’d be helpful