Summary
Using Apache reverse proxy on fresh install with email/passowrd- every time user logs in and browser page is refreshed user is logged out. ( also opening new tab in same browser asks for login again ). If page is not refreshed everything works- sending messages , using system console etc.
Steps to reproduce
How can we reproduce the issue (what version are you using?)
Mattermost:
Version: 5.1.0
Build Number: 5.1.0
Build Date: Fri Jul 13 19:03:45 UTC 2018
Build Hash: 54994502241bf40bebd9a9d7719c58f708aef5b1
Build Enterprise Ready: true
DB Version: 5.1.0
Proxy : Apache/2.4.10 ( Debian ) on separate server.
Apache vhost config:
<VirtualHost xxx.xxx.xxx.xxx:80>
ServerName some.sub.domain
ServerAdmin xxx@xxx.xx
ErrorLog ${APACHE_LOG_DIR}/mattermost-error.log
CustomLog ${APACHE_LOG_DIR}/mattermost-access.log combined
# Enforce HTTPS:
RewriteEngine On
RewriteCond %{HTTPS} !=on
RewriteRule ^/?(.*) https://%{SERVER_NAME}/$1 [R,L]
</VirtualHost>
<VirtualHost xxx.xxx.xxx.xxx:443>
ServerName some.sub.domain
ServerAdmin xxx@xxx.xx
ErrorLog ${APACHE_LOG_DIR}/mattermost-error.log
CustomLog ${APACHE_LOG_DIR}/mattermost-access.log combined
RewriteEngine On
RewriteCond %{REQUEST_URI} ^/api/v[0-9]+/(users/)?websocket [NC,OR]
RewriteCond %{HTTP:UPGRADE} ^WebSocket$ [NC,OR]
RewriteCond %{HTTP:CONNECTION} ^Upgrade$ [NC]
RewriteRule .* ws://192.168.0.29:8065%{REQUEST_URI} [P,QSA,L]
RewriteCond %{DOCUMENT_ROOT}/%{REQUEST_FILENAME} !-f
RewriteRule .* http://192.168.0.29:8065%{REQUEST_URI} [P,QSA,L]
RequestHeader set X-Forwarded-Proto "https"
RequestHeader set X-Forwarded-Ssl 'on'
RequestHeader unset If-Modified-Since
RequestHeader unset If-None-Match
<LocationMatch "/api/(?<version>v[0-9]+)/(?<users>users/)?websocket$">
Require all granted
ProxyPassReverse ws://192.168.0.29:8065/api/v%{env:MATCH_VERSION}/%{env:MATCH_USERS}websocket
ProxyPassReverseCookieDomain 192.168.0.29 some.sub.domain
</LocationMatch>
<Location />
Require all granted
ProxyPassReverse http://192.168.0.29:8065/
ProxyPassReverseCookieDomain 192.168.0.29 some.sub.domain
</Location>
SSLEngine on
SSLCertificateFile /etc/apache2/server.crt # valid trusted certificate
SSLCertificateKeyFile /etc/apache2/server.key
SSLCertificateChainFile /etc/apache2/gd_bundle-g2-g1.crt
ProxyPreserveHost On
ProxyRequests Off
</VirtualHost>
In mattermost config SiteURL is set to “some.sub.domain”.
Mattermost log:
{"level":"info","ts":1533836758.4524226,"caller":"mux/mux.go:162","msg":"Invalid session","error":"GetSession: Invalid session token=t8m9pyxb43deigaty8tnwybanw, err=<no value>, "}
{"level":"info","ts":1533836765.1927357,"caller":"mux/mux.go:162","msg":"Invalid session","error":"GetSession: Invalid session token=15or6ies5fyedd7yuimp87hpxo, err=<no value>, "}
{"level":"error","ts":1533836768.9420962,"caller":"app/websocket_router.go:94","msg":"websocket routing error: seq=1 uid= WebSocket connection is not authenticated. Please log in and try again. [details: ]"}
{"level":"info","ts":1533836769.7385144,"caller":"mux/mux.go:162","msg":"Invalid session","error":"GetSession: Invalid session token=r1ro6ywifbfffbfm3heutpktpr, err=<no value>, "}
{"level":"error","ts":1533836772.8043542,"caller":"app/websocket_router.go:94","msg":"websocket routing error: seq=1 uid= WebSocket connection is not authenticated. Please log in and try again. [details: ]"}
{"level":"info","ts":1533836773.4485762,"caller":"mux/mux.go:162","msg":"Invalid session","error":"GetSession: Invalid session token=tmjrn16fjpynfxd8do3yc5x4rc, err=<no value>, "}
{"level":"error","ts":1533836789.3535001,"caller":"web/handlers.go:142","msg":"Invalid or missing channel_id parameter in request URL","path":"/api/v4/channels/posts","request_id":"uw48b6atk7rnjmoh577kosqwjy","ip_addr":"xxx.xxx.xxx.xxx","user_id":"h4cu98hajpdziqfoc74o489ido","method":"GET","err_where":"Context","http_code":400,"err_details":""}
{"level":"info","ts":1533836791.8211064,"caller":"mux/mux.go:162","msg":"Invalid session","error":"GetSession: Invalid session token=au7i6m57xtg8u8bue7bq84sxbr, err=<no value>, "}
session","error":"GetSession: Invalid session token=pqbxfukzrjgpinpq1dngxcwrjh, err=<no value>, "}