We're Hiring!

Mattermost, Inc.

Installing in docker, can't activate TLS. Help

I had the docker container running once, but if i enable the mattermost settings to enable TSL, LetsEncrypt, and Forward80to443, the container will then crash. How am I supposed to enable my security?

It’s currently listening on port 8000. I don’t understand if i should change this?

Hello @Stiffbeard! I’m sorry to hear that your having problems with your TLS connection setup!
Could you clarify a few things for me so I can better understand the issue?

  • Are you referring to port 8000 as the port that the mattermost web instance is listening on, before it is reverse proxied?

  • When you are enabling TLS, are you keeping port 8000 the same, or changing it to port 443 or port 80?

  • Have you verified that you correctly generated your encryption keys, and are correctly writing the path files to them?

  • What web server are you using as a reverse proxy/engine?

Thanks!

Hello, thanx a ton for the reply. Yes right now Mattermost is configured to “listen on port” 8000. I tried to change it to 443. This broke my docker container. Took some work overwriting the config.Json to undo that so that docker would start it again.

I really don’t want to try that again, so my preference now is to run Nginx in my host OS and use that to proxy to port 8000 on the container network. Anything special I need to set with Mattermost to run that way?

Hello! I’m sorry to hear that it caused you a lot of trouble, I didn’t expect that, but I also am not running my Mattermost installation with Docker.

I suggest following the Official Documentation to set up the Nginx reverse proxy, as it generally is going to work. However, if there are any issues you experience with getting it set up, please don’t hesitate to continue this thread or open a new topic, I’ll be glad to help out!

Followed the Nginx install guide as much as possible. Managed to get the SSL cert installed. My docker and mattermost app are running as normal. However, Nginx doesn’t appear to be working as intended. When I curl http://localhost i get the 301 nginx error page. When I curl https://localhost it gives me an error about he cert not matching the domain, which seems correct. But when I curl or browse to the actual domain I get 504 gateway timeout.

I think I got it!

I did not see where the install guide https://docs.mattermost.com/install/prod-docker.html?src=dl said anything about you’d have to PUBLISH the ports used in the docker network, so that the host machine (and outside world) could access them. Once that was done ~ boom! My Nginx was unable to get a response from something that wasn’t there…

1 Like

That’s great, I’m glad you were able to get it working! That’s actually what my next question would have been if you hadn’t, was if the firewall was set to allow the correct ports. Is your Mattermost instance fully functioning as expected now?

Yes, I think it is. But i just want to clarify for those doing the same type of install, you have to expose the ports on the mattermost app container to the docker network, but also have to use the -p (publish option) to publish the ports so that the host OS can see them. Not mentioned anywhere that I saw and very difficult to guess. You can edit your docker-compose.yml file to do this each time the container is created:

Ports:
  - "8000:8000"
1 Like

Thanx for the help though.

1 Like