Letsencrypt on RHEL


#1

I have installed Mattermost on a RHEL7 Server and is working fine, I want to run this on HTTPS with letsencrypt but when I make changes to Configuration Settings from Admin Console, I get error as “502 Bad Gateway”. Neither site is redirecting to HTTPS.

Certificates are fetched correctly without any error, but I feel there is something wrong as the directory /etc/nginx/sites-available/ is not available for me, I manually created /etc/nginx/sites-available/mattermost file and added contents to it.

I had followed the steps of SSL from
https://docs.mattermost.com/install/install-rhel-71.html#configuring-tls-on-mattermost-server
https://docs.mattermost.com/install/config-ssl-http2-nginx.html


#2

Normally you only need to install TLS on one of NGINX or Mattermost, not both.

There are three scenarios:

  1. Access Mattermost through a reverse proxy. You can use any webserver for that, but the instructions in the Mattermost docs are for NGINX. In this scenario, NGINX listens on port 80 and receives all requests from the client. NGINX forwards those requests to Mattermost, which is listening on port 8065. Mattermost sends the response back to NGINX which then sends that response to the client. You would use this configuration when you have more than a couple hundred users. In this scenario https is on NGINX only, and you follow these instructions: https://docs.mattermost.com/install/config-ssl-http2-nginx.html.

  2. Access Mattermost directly. You can do this via port 8065, so that the address that people type in their browser navigation bars is, for example, http://mattermost.example.com:8065. In this case there is no proxy and no set up of NGINX. In this scenario, you follow these instructions : https://docs.mattermost.com/install/install-rhel-71.html#configuring-tls-on-mattermost-server, and don’t install NGINX. You can also configure Mattermost to listen on port 80 instead of 8065, so the that address becomes http://mattermost.example.com.

  3. The third scenario is similar to the first one, except that communications between the proxy and the Mattermost server are encrypted (ie, via https). In this scenario you implement TLS on both the NGINX server and on Mattermost. You normally don’t need to do this, and the instructions don’t cover this scenario.


#3

Hi Jeff-

I was using the 1st method that you had referred, the issue I faced with this was that sites-available directory was not there before, I created that directory in installation steps earlier.

Secondly after performing these steps my site wasn’t redirecting to https, so then I added https link from Console > Configuration which resulted in 502 error.


#4

Did you set up /etc/nginx/sites-available/mattermost like in these instructions: https://docs.mattermost.com/install/install-rhel-71.html#configuring-nginx-as-a-proxy-for-mattermost-server? They include creating /etc/nginx/sites-available/mattermost and have appropriate values.


#5

Yes I had done the same way.

Still I’ll do it again and check if it works.