How to properly set Connection Security through env variable?

fbartels · May 29, 2018, 8:18am

Hi everyone,

yesterday I’ve noticed in the manual that you can also force some settings through environment variables.

I"m maintaining an app for Mattermost in the Univention app center, since I’ve had it happen already that an admin has set connectionsecurity to tls and then complain that he cannot access Mattermost anymore I want to prevent users from changing this setting.

Unfortunately when setting the env for it to empty (see https://stash.z-hub.io/projects/K4U/repos/mattermost/browse/Dockerfile?at=refs%2Fheads%2Fenv-readonly-settings#12 for my current state) will not pick up the setting in Mattermost:

Do you have a proposal how to set this setting though an env variable? Why isn’t this way of setting up Mattermost used in the official Docker images (at least I did not spot it there)?

PS: the technical workaround I would see for this is modifying Mattermost to accept "ConnectionSecurity": "None", in addition to "ConnectionSecurity": "",

amy.blais · May 29, 2018, 1:55pm

Hi @fbartels! Thank you for reporting this.

Just to confirm, what Mattermost server version are you using and are you seeing any errors in logs or the console?

fbartels · May 29, 2018, 2:22pm

Hi @amy.blais,

I’m running the current release, e.g. 4.10.0. No apparent errors in the Mattermost output (apart from the sandboxing error since I’m not running a privileged container):

{"level":"info","ts":1527602917.1925097,"caller":"utils/i18n.go:83","msg":"Loaded system translations for 'en' from '/opt/mattermost/i18n/en.json'"}
{"level":"info","ts":1527602917.1937377,"caller":"app/app.go:181","msg":"Server is initializing..."}
{"level":"info","ts":1527602917.202806,"caller":"sqlstore/supplier.go:198","msg":"Pinging SQL master database"}
{"level":"info","ts":1527602920.138553,"caller":"sqlstore/upgrade.go:89","msg":"The database schema has been set to version 4.10.0"}
{"level":"info","ts":1527602927.2814572,"caller":"commands/server.go:73","msg":"Current version is 4.10.0 (4.10.0/Wed May 16 00:31:32 UTC 2018/9301e575c880970dc5642605adcc37903d176227/fac85cb7ec5d2ae21e925db4fd5ec27859e19cb0)"}
{"level":"info","ts":1527602927.2817714,"caller":"commands/server.go:74","msg":"Enterprise Enabled: true"}
{"level":"info","ts":1527602927.2818253,"caller":"commands/server.go:75","msg":"Current working directory is /opt/mattermost"}
{"level":"info","ts":1527602927.2819023,"caller":"commands/server.go:76","msg":"Loaded config file from /etc/mattermost/config.json"}
{"level":"info","ts":1527602927.282239,"caller":"utils/file_backend_local.go:30","msg":"Able to write files to local storage."}
{"level":"info","ts":1527602927.2955668,"caller":"app/license.go:44","msg":"License key from https://mattermost.com required to unlock enterprise features."}
{"level":"info","ts":1527602927.297827,"caller":"app/app.go:527","msg":"Migrating roles to database."}
{"level":"info","ts":1527602927.4109747,"caller":"sqlstore/post_store.go:1243","msg":"Post.Message supports at most 16383 characters (65535 bytes)"}
{"level":"info","ts":1527602927.4777496,"caller":"app/plugin.go:374","msg":"Starting up plugins"}
{"level":"warn","ts":1527602927.5337932,"caller":"app/plugin.go:404","msg":"plugin sandboxing is not supported. plugins will run with the same access level as the server. See documentation to learn more: https://developers.mattermost.com/extend/plugins/security/","error":"unable to prepare namespace: unable to make root private: permission denied","errorVerbose":"unable to make root private: permission denied\nunable to prepare namespace\ngithub.com/mattermost/mattermost-server/plugin/rpcplugin/sandbox.checkSupport\n\t/var/lib/jenkins/jobs/msr/jobs/d/jobs/enterprise-release/workspace/src/github.com/mattermost/mattermost-server/plugin/rpcplugin/sandbox/sandbox_linux.go:482\ngithub.com/mattermost/mattermost-server/plugin/rpcplugin/sandbox.CheckSupport\n\t/var/lib/jenkins/jobs/msr/jobs/d/jobs/enterprise-release/workspace/src/github.com/mattermost/mattermost-server/plugin/rpcplugin/sandbox/sandbox.go:33\ngithub.com/mattermost/mattermost-server/app.(*App).InitPlugins\n\t/var/lib/jenkins/jobs/msr/jobs/d/jobs/enterprise-release/workspace/src/github.com/mattermost/mattermost-server/app/plugin.go:403\ngithub.com/mattermost/mattermost-server/cmd/commands.runServer\n\t/var/lib/jenkins/jobs/msr/jobs/d/jobs/enterprise-release/workspace/src/github.com/mattermost/mattermost-server/cmd/commands/server.go:92\ngithub.com/mattermost/mattermost-server/cmd/commands.serverCmdF\n\t/var/lib/jenkins/jobs/msr/jobs/d/jobs/enterprise-release/workspace/src/github.com/mattermost/mattermost-server/cmd/commands/server.go:54\ngithub.com/mattermost/mattermost-server/vendor/github.com/spf13/cobra.(*Command).execute\n\t/var/lib/jenkins/jobs/msr/jobs/d/jobs/enterprise-release/workspace/src/github.com/mattermost/mattermost-server/vendor/github.com/spf13/cobra/command.go:756\ngithub.com/mattermost/mattermost-server/vendor/github.com/spf13/cobra.(*Command).ExecuteC\n\t/var/lib/jenkins/jobs/msr/jobs/d/jobs/enterprise-release/workspace/src/github.com/mattermost/mattermost-server/vendor/github.com/spf13/cobra/command.go:846\ngithub.com/mattermost/mattermost-server/vendor/github.com/spf13/cobra.(*Command).Execute\n\t/var/lib/jenkins/jobs/msr/jobs/d/jobs/enterprise-release/workspace/src/github.com/mattermost/mattermost-server/vendor/github.com/spf13/cobra/command.go:794\ngithub.com/mattermost/mattermost-server/cmd.Run\n\t/var/lib/jenkins/jobs/msr/jobs/d/jobs/enterprise-release/workspace/src/github.com/mattermost/mattermost-server/cmd/cmd.go:14\nmain.main\n\t/var/lib/jenkins/jobs/msr/jobs/d/jobs/enterprise-release/workspace/src/github.com/mattermost/mattermost-server/main.go:31\nruntime.main\n\t/usr/local/go/src/runtime/proc.go:198\nruntime.goexit\n\t/usr/local/go/src/runtime/asm_amd64.s:2361"}
{"level":"info","ts":1527602928.0766299,"caller":"app/plugin.go:113","msg":"Activated plugin","plugin_id":"jira"}
{"level":"info","ts":1527602928.6196475,"caller":"app/server.go:100","msg":"Starting Server..."}
{"level":"info","ts":1527602928.6199677,"caller":"app/server.go:139","msg":"Server is listening on [::]:8065"}
{"level":"info","ts":1527602928.6606016,"caller":"app/web_hub.go:67","msg":"Starting 8 websocket hubs"}
{"level":"info","ts":1527602928.8260381,"caller":"jobs/workers.go:57","msg":"Starting workers"}
{"level":"info","ts":1527602928.8270597,"caller":"jobs/schedulers.go:62","msg":"Starting schedulers."}

fbartels · May 29, 2018, 2:30pm

@amy.blais coincidentally this Github issues is exactly the same problem I am having as well. just with a different configuration setting: https://github.com/mattermost/mattermost-server/issues/8857

hmhealey · May 29, 2018, 3:15pm

Funny how that happens. I’ve filed a Jira ticket to look into this with some more details

https://mattermost.atlassian.net/browse/MM-10730

Topic		Replies	Views
Configuring Mattermost Server for Secure Connection (HTTPS) in Docker Environment Troubleshooting	3	1118	September 7, 2023
Can't update PluginSettings.ConnectionSecurity Troubleshooting	3	265	April 14, 2023
How to change http to https url in docker Troubleshooting	4	6374	February 9, 2017
[SOLVED] How to set HTTP_PROXY variable in order to use external proxy? Installation	5	25450	January 10, 2018
[SOLVED] Unable to connect to Matermost server when secure connection is Enabled Troubleshooting	6	4408	January 23, 2018

How to properly set Connection Security through env variable?

Related Topics