502 Bad Gateway with Nginx Proxy Manager

Troubleshooting
1

Hi,

I try to install Mattermost behind our Nginx Proxy Manager. If I open https://mm.mydomain.de I see “502 Bad Gateway”.

# Domain of service
DOMAIN=mm.mydomain.de

# Container settings
## Timezone inside the containers. The value needs to be in the form 'Europe/Berlin'.
## A list of these tz database names can be looked up at Wikipedia
## https://en.wikipedia.org/wiki/List_of_tz_database_time_zones
TZ=UTC
RESTART_POLICY=unless-stopped

# Postgres settings
## Documentation for this image and available settings can be found on hub.docker.com
## https://hub.docker.com/_/postgres
## Please keep in mind this will create a superuser and it's recommended to use a less privileged
## user to connect to the database.
## A guide on how to change the database user to a nonsuperuser can be found in docs/creation-of-nonsuperuser.md
POSTGRES_IMAGE_TAG=13-alpine
POSTGRES_DATA_PATH=./volumes/db/var/lib/postgresql/data

POSTGRES_USER=mmuser
POSTGRES_PASSWORD=mmuser_passwordjeoeo3886693
POSTGRES_DB=mattermost

# Nginx
## The nginx container will use a configuration found at the NGINX_MATTERMOST_CONFIG. The config aims
## to be secure and uses a catch-all server vhost which will work out-of-the-box. For additional settings
## or changes ones can edit it or provide another config. Important note: inside the container, nginx sources
## every config file inside */etc/nginx/conf.d* ending with a *.conf* file extension.

## Inside the container the uid and gid is 101. The folder owner can be set with
## `sudo chown -R 101:101 ./nginx` if needed.
NGINX_IMAGE_TAG=alpine

## The folder containing server blocks and any additional config to nginx.conf
NGINX_CONFIG_PATH=./nginx/conf.d
NGINX_DHPARAMS_FILE=./nginx/dhparams4096.pem

CERT_PATH=./volumes/web/cert/cert.pem
KEY_PATH=./volumes/web/cert/key-no-password.pem
## Exposed ports to the host. Inside the container 80, 443 and 8443 will be used
HTTPS_PORT=443
HTTP_PORT=80
CALLS_PORT=8443

# Mattermost settings
## Inside the container the uid and gid is 2000. The folder owner can be set with
## `sudo chown -R 2000:2000 ./volumes/app/mattermost`.
MATTERMOST_CONFIG_PATH=./volumes/app/mattermost/config
MATTERMOST_DATA_PATH=./volumes/app/mattermost/data
MATTERMOST_LOGS_PATH=./volumes/app/mattermost/logs
MATTERMOST_PLUGINS_PATH=./volumes/app/mattermost/plugins
MATTERMOST_CLIENT_PLUGINS_PATH=./volumes/app/mattermost/client/plugins
MATTERMOST_BLEVE_INDEXES_PATH=./volumes/app/mattermost/bleve-indexes

## Bleve index (inside the container)
MM_BLEVESETTINGS_INDEXDIR=/mattermost/bleve-indexes

## This will be 'mattermost-enterprise-edition' or 'mattermost-team-edition' based on the version of Mattermost you're installing.
MATTERMOST_IMAGE=mattermost-enterprise-edition
## Update the image tag if you want to upgrade your Mattermost version. You may also upgrade to the latest one. The example is based on the latest Mattermost ESR version.
MATTERMOST_IMAGE_TAG=8.1.9

## Make Mattermost container readonly. This interferes with the regeneration of root.html inside the container. Only use
## it if you know what you're doing.
## See https://github.com/mattermost/docker/issues/18
MATTERMOST_CONTAINER_READONLY=false

## The app port is only relevant for using Mattermost without the nginx container as reverse proxy. This is not meant
## to be used with the internal HTTP server exposed but rather in case one wants to host several services on one host
## or for using it behind another existing reverse proxy.
APP_PORT=8065

## Configuration settings for Mattermost. Documentation on the variables and the settings itself can be found at
## https://docs.mattermost.com/administration/config-settings.html
## Keep in mind that variables set here will take precedence over the same setting in config.json. This includes
## the system console as well and settings set with env variables will be greyed out.

## Below one can find necessary settings to spin up the Mattermost container
MM_SQLSETTINGS_DRIVERNAME=postgres
MM_SQLSETTINGS_DATASOURCE=postgres://${POSTGRES_USER}:${POSTGRES_PASSWORD}@postgres:5432/${POSTGRES_DB}?sslmode=disable&connect_timeout=10

## Example settings (any additional setting added here also needs to be introduced in the docker-compose.yml)
MM_SERVICESETTINGS_SITEURL=https://${DOMAIN}

Then I used following command:

sudo docker compose -f docker-compose.yml -f docker-compose.without-nginx.yml up -d

Then I configured Nginx Proxy Manager like this:

2024-03-11 19_03_19-Nginx Proxy Manager – Firefox Developer Edition
2024-03-11 19_03_19-Nginx Proxy Manager – Firefox Developer Edition750×816 33.2 KB

2024-03-11 19_04_02-Nginx Proxy Manager – Firefox Developer Edition
2024-03-11 19_04_02-Nginx Proxy Manager – Firefox Developer Edition751×399 10.9 KB

2024-03-11 19_04_26-Nginx Proxy Manager – Firefox Developer Edition
2024-03-11 19_04_26-Nginx Proxy Manager – Firefox Developer Edition747×571 23.1 KB

2024-03-11 19_05_06-Nginx Proxy Manager – Firefox Developer Edition
2024-03-11 19_05_06-Nginx Proxy Manager – Firefox Developer Edition750×907 31.5 KB

What’s wrong here?

Thank you very much.

2

Yo, what’s poppin’? Someone here with advice? :slight_smile: Would approciate very much. Thank you.

3

I have the same issue with you. i have a version running with apache, recently trying out nginx proxy manager and faced the same issue. still need to Nginx Proxy Manager

4

I managed to solve my issue by pointing the mattermost config.json file SSL certs to the NPM generated certs. hope it works for you!

5

Thank you. Do you have an example?

6

Mine was already working before I migrated to NPM, so your case might be different. Here’s what worked for me.
in the config.json file i changed the location of the SSL certs, near the top of the file

"ServiceSettings": {
    "SiteURL": "https://mattermost.yourweb.site",
    "WebsocketURL": "",
    "LicenseFileLocation": "",
    "ListenAddress": "192.168.10.12:8065",
    "ConnectionSecurity": "TLS",
    "TLSCertFile": "/share/Data/docker/nginxproxymanager/letsencrypt/live/npm-10/fullchain.pem",
    "TLSKeyFile": "/share/Data/docker/nginxproxymanager/letsencrypt/live/npm-10/privkey.pem"

I only changed the last 2 lines to reflect where the new SSL certs are.
Check where your docker compose file where the volume for letsencrypt is mounted

volumes:
 - ./data:/data
 - ./letsencrypt:/etc/letsencrypt

npm-10 is the first SSL cert you created, followed by 11, 12, 13 and so on…

1 Like
7

I just noticed that you started mattermost via docker, while I’m running it as a service on my local machine so I have the config.json. You’ll probably be looking to change these 2 lines and also to map the volumes in MM docker compose file to reflect where to find the SSL certs generated from NPM.

In short, MM must get the correct certs from NPM.
That’s the cause of my 502 bad gateway, hope that helps.

1 Like