Apache2 Unofficial installation configuration guide #1200
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,71 @@ | ||
| .. _config-proxy-apache2: | ||
|
|
||
|
There was a problem hiding this comment. Can you add this note: |
||
| Configuring Apache2 as a proxy for Mattermost Server (Unofficial) | ||
| ================================================================== | ||
|
|
||
| .. important:: This unofficial guide is maintained by the Mattermost community and this deployment configuration is not yet officially supported by Mattermost, Inc. Community testing, feedback and improvements are welcome and greatly appreciated. You can `edit this page on GitHub <https://github.com/mattermost/docs/blob/master/source/install/config-proxy-apache2.rst>`_. | ||
|
|
||
| The Apache2 proxy configuration is done through the ``/etc/apache2/sites-available`` directory. If you're setting up Mattermost on a subdomain you'll want to create a new configuration along the lines of ``mysubdomain.mydomain.com.conf``. | ||
|
|
||
| Copy the `default` configuration file found in the same directory. | ||
|
|
||
| **To configure Apache2 as a proxy** | ||
|
|
||
| 1. SSH into your server | ||
| 2. Create/open the above mentioned, correct file (000-default or a new subdomain configuration). | ||
| 3. Edit your configuration using the guide below. | ||
|
|
||
| 1. If you're not setting up a subdomain your ``ServerName`` will simply be set to ``mydomain.com``. | ||
| 2. ``ServerAlias`` can been added too if you want to capture ``www.mydomain.com``. | ||
| 3. Remember to change the values to match your server's name etc. | ||
| 4. Save once finished | ||
|
|
||
| .. code-block:: apacheconf | ||
|
|
||
| <VirtualHost *:80> | ||
| # If you're not using a subdomain you may need to set a ServerAlias to: | ||
| # ServerAlias www.mydomain.com | ||
| ServerName mysubdomain.mydomain.com | ||
| ServerAdmin hostmaster@mydomain.com | ||
| ProxyPreserveHost On | ||
|
|
||
| # setup the proxy | ||
| <Proxy *> | ||
| Order allow,deny | ||
| Allow from all | ||
| </Proxy> | ||
|
|
||
| # Set web sockets | ||
| RewriteEngine On | ||
| RewriteCond %{REQUEST_URI} ^/api/v3/users/websocket [NC,OR] | ||
| RewriteCond %{HTTP:UPGRADE} ^WebSocket$ [NC,OR] | ||
| RewriteCond %{HTTP:CONNECTION} ^Upgrade$ [NC] | ||
| RewriteRule .* wss://127.0.0.1:8065%{REQUEST_URI} [P,QSA,L] | ||
| RewriteCond %{DOCUMENT_ROOT}/%{REQUEST_FILENAME} !-f | ||
| # This line simply forces HTTPS | ||
| RewriteRule (.*) https://%{SERVER_NAME}%{REQUEST_URI} [END,QSA,R=permanent] | ||
|
|
||
| <Location /api/v3/users/websocket> | ||
| Require all granted | ||
| ProxyPass ws://127.0.0.1:8065/api/v3/users/websocket | ||
| ProxyPassReverse ws://127.0.0.1:8065/api/v3/users/websocket | ||
| ProxyPassReverseCookieDomain 127.0.0.1 mysubdomain.mydomain.com | ||
| </Location> | ||
|
|
||
| <Location /> | ||
| Require all granted | ||
| ProxyPass http://127.0.0.1:8065/ | ||
| ProxyPassReverse http://127.0.0.1:8065/ | ||
| ProxyPassReverseCookieDomain 127.0.0.1 mysubdomain.mydomain.com | ||
| </Location> | ||
|
|
||
| </VirtualHost> | ||
|
|
||
| 4. Because you'll likely have not set up the subdomain before now on Apache2, run ``a2ensite mysubdomain.mydomain.com`` to enable the site (do not run ``a2ensite mysubdomain.mydomain.com.conf``) | ||
|
|
||
| 5. Restart Apache2 | ||
|
|
||
| - On Ubuntu 14.04 and RHEL 6: ``sudo service apache2 restart`` | ||
| - On Ubuntu 16.04 and RHEL 7: ``sudo systemctl restart apache2`` | ||
|
|
||
| You should be all set! Ensure that your Mattermost config file is pointing to the correct URL and then ensure that once deployed your socket connection is not dropping. | ||
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,65 @@ | ||
| .. _config-ssl-http2-apache2: | ||
|
|
||
|
There was a problem hiding this comment. Can you add this note: This note is slightly different than the one for |
||
| Configuring Apache2 with SSL and HTTP/2 (Unofficial) | ||
| ===================================================== | ||
|
|
||
| .. important:: This unofficial guide is maintained by the Mattermost community and this deployment configuration is not yet officially supported by Mattermost, Inc. Community testing, feedback and improvements are welcome and greatly appreciated. You can `edit this page on GitHub <https://github.com/mattermost/docs/blob/master/source/install/config-ssl-http2-apache2.rst>`_. | ||
|
|
||
| Once you've configured Apache2 as a proxy for your Mattermost Server, the easiest way to enable SSL on Apache2 is via Let's Encrypt and `Certbot <https://certbot.eff.org/#ubuntuxenial-apache>`_. | ||
|
There was a problem hiding this comment. Is there a link we can give for Let's Encrypt, to help an admin? There was a problem hiding this comment. Again, not entirely sure about this as I only installed Let's Encrypt via Certbot. There was a problem hiding this comment. Sounds good. We can tweak the guide later if someone configures it with Let's Encrypt. |
||
|
|
||
| Once installed, run ``$ certbot --apache`` and follow the guide. Afterwards you should find a new configuration file in ``/etc/apache2/sites-available`` which should follow the format ``mysubdomain.mydomain.com-le-ssl.conf``. | ||
|
|
||
| When opened, edit it to look something like the following: | ||
|
|
||
| .. code-block:: apacheconf | ||
|
|
||
| <IfModule mod_ssl.c> | ||
| <VirtualHost *:443> | ||
| ServerName mysubdomain.mydomain.com | ||
| ServerAdmin hostmaster@mydomain.com | ||
| ProxyPreserveHost On | ||
|
|
||
| # setup the proxy | ||
| <Proxy *> | ||
| Order allow,deny | ||
| Allow from all | ||
| </Proxy> | ||
|
|
||
| RewriteEngine On | ||
| RewriteCond %{REQUEST_URI} ^/api/v3/users/websocket [NC,OR] | ||
| RewriteCond %{HTTP:UPGRADE} ^WebSocket$ [NC,OR] | ||
| RewriteCond %{HTTP:CONNECTION} ^Upgrade$ [NC] | ||
| RewriteRule .* ws://127.0.0.1:8065%{REQUEST_URI} [P,QSA,L] | ||
| RewriteCond %{DOCUMENT_ROOT}/%{REQUEST_FILENAME} !-f | ||
| RewriteRule .* http://127.0.0.1:8065%{REQUEST_URI} [P,QSA,L] | ||
|
|
||
| <Location /api/v3/users/websocket> | ||
| Require all granted | ||
| ProxyPass ws://127.0.0.1:8065/api/v3/users/websocket | ||
| ProxyPassReverse ws://127.0.0.1:8065/api/v3/users/websocket | ||
| ProxyPassReverseCookieDomain 127.0.0.1 mysubdomain.mydomain.com | ||
| </Location> | ||
|
|
||
| <Location /> | ||
| Require all granted | ||
| ProxyPass http://127.0.0.1:8065/ | ||
| ProxyPassReverse http://127.0.0.1:8065/ | ||
| ProxyPassReverseCookieDomain 127.0.0.1 mysubdomain.mydomain.com | ||
| </Location> | ||
|
|
||
| # Generated by Certbot | ||
| SSLCertificateFile /etc/letsencrypt/live/mydomain.com/fullchain.pem | ||
| SSLCertificateKeyFile /etc/letsencrypt/live/mydomain.com/privkey.pem | ||
| Include /etc/letsencrypt/options-ssl-apache.conf | ||
| </VirtualHost> | ||
| </IfModule> | ||
|
|
||
| 1. Restart Apache2 | ||
|
|
||
| - On Ubuntu 14.04 and RHEL 6: ``sudo service apache2 restart`` | ||
| - On Ubuntu 16.04 and RHEL 7: ``sudo systemctl restart apache2`` | ||
|
|
||
| 2. Test that the site is working, that WebSockets are working, and if you enabled HTTP redirect to HTTPS during Certbot installation that the redirect is working. | ||
| 3. Lastly, test your SSL configuration with https://www.ssllabs.com/ssltest/index.html. | ||
|
|
||
| Using Certbot means that you shouldn't have to do anything in the configuration of Mattermost. | ||
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Is this correct formatting?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
No idea, just copied and pasted what was suggested.