Mattermost, Inc.

After nginx install still port 8065 open

Hi,

I’m new to Mattermost and not a pro sysadmin. My question might be a bit stupid or missplaced.

After I folloewed the install instruction the port 8065 and nginx is serving Mattermost since a few weeks, I wanted to secure the installation and shutting ports except 80 and 443.
I saw, atht 8065 is still open.

My idea is to close this port for external usage (everybody except from localhost or 127.0.0.1)
Is this possible or will this break my installation?

Thanks a lot for your answer and help.

Marcus

Simplest way to do this is by setting the the config option of mattermost to:

"ListenAddress": "localhost:8065",

This way you don’t need to add any extra rules for mattermost anywhere since only locally you can access it, other than with the nginx proxy passing data to it.

No, it will not break anything, that is the exact purpose of proxying it with nginx.

In addition to the above you will have to ensure that your nginx conf file is using localhost or 127.0.0.1 on the settings, like:

upstream backend {
   server 127.0.0.1:8065;
}

if you followed mattermost nginx guide.

https://docs.mattermost.com/install/install-rhel-66.html#configuring-nginx-as-a-proxy-for-mattermost-server

1 Like

Thanks a lot for your help.

After changing the settings as you wrote, the port was not reachable (from internet) anymore.

Does this work in all cases, or only when the proxy and Mattermost server are on the same machine?

For example, if the proxy is on 10.10.10.1 and the Mattermost server is on 10.10.10.2, should the ListenAddress be 10.10.10.1:8065?

That is, should the ListenAddress be set to the address of the machine that hosts the proxy, or should it always be localhost:8065?

Only when they are on the same machine of course, localhost is a local accessibility for that machine only, so no outsiders can reach it without having either your firewall forwarding it from local to your network device or an application acting as a proxy(in this case nginx).

In your case you would need to either install nginx locally or use your iptables(given you’re on linux) to forward it or bind mattermost to the ip you wish to use.

The external IP(as in the IP you can reach your mattermost for other computers) of the machine with mattermost installed ofc.