Web proxy causing issues when behind another proxy.

[jdoubleu]

Theres a long issue on the official Mattermost repository pointing out a bug.

I figured out that this isn't a problem with the Mattermost platform itself but with the docker stup provided by this setup.

I used the docker-compose file provided here. Because I'm running multiple applications on my host I set up a reverse proxy. This reverse proxy serves HTTPS to the clients but communicates over HTTP with the backend, so this web proxy isn't using SSL. And there is the point!

By using HTTP in the backend this web proxy detects HTTP and passes it with the X-Forwared-Proto header to the Mattermost platform/app where it causes issues (explained in the other thread).

I'm creating a PR with a workaround for this.
For me I just dropped the additional proxy and pass everything from the reverse proxy directly to the Mattermost app.

[sushruth]

EDIT

Making these changes manually did not work. Maybe I am missing something. I get a 500 error.

EDIT

I have to note that if you are using jwilder/nginx-proxy, the documentation says:

If you would like to connect to your backend using HTTPS instead of HTTP, set VIRTUAL_PROTO=https on the backend container.

In which case specifying it in docker-compose.yml should help in some way. I will verify and update here if I get through.

---

Was having this EXACT issue myself. Thanks a lot for solving it.

Is there any temporary workaround? (like making those changes in the PR, myself in nginx.conf inside mattermost container?)

[jdoubleu]

In which case specifying it in docker-compose.yml should help in some way. I will verify and update here if I get through.

Actually this is for the backend. If your backend proxy support https the reveres proxy can cnnect via https to it. This will then pass the correct Protocol in the HTTP headers but you have to configure https for mattermost too.

You can simply drop the web container and pass every request to the app container of the mattermost setup like I did. This is just another proxy to the mattermost app itself.

[sushruth]

@jdoubleu Thanks! But here is the thing, I want to use the nginx reverse proxy container to manage my subdomains. I am using same SSL certificates for both mattermost container and the proxy container.

Another observation is that I can access mattermost fine without https, which is the main issue. I can access it using HTTPS (using the IP and not the server name, tested using curl -k) from inside the mattermost container itself, also from the nginx proxy container and also from the host operating system. But anything outside that like any other device from within the same physical network, fails in error 500.

Not sure if any of this information makes sense, But I will post any results I get here just in case anyone may be interested.

[xcompass]

@sushruth have you resolved this issue? Do you still need any help?

[sushruth]

@xcompass I have gone ahead with not using Mattermost at all. Thank you.

[jdoubleu]

Sorry for the delay!

But here is the thing, I want to use the nginx reverse proxy container to manage my subdomains. I am using same SSL certificates for both mattermost container and the proxy container.

[..] But anything outside that like any other device from within the same physical network, fails in error 500.

I don't think this has to do with this fix. This is more a problem with your overall configuration and how you setup your containers, etc.

Like described in the linked PR, my issue only resolved the bug where Mattermost internally detects the wrong URL if it was accessed via http from the reverse proxy no matter how the frontend was configured.

EDIT: Is it possible that @alecisec 's post was deleted?

[xcompass]

@jdoubleu which post?
OK. I'll close this issue for now. Will open if there is any issue.

[xcompass]

@jdoubleu found the post. It seem he/she moved the post into a new issue.