Mattermost, Inc.

Mattermost Refuses to Connect to Internal Slashcommand Server

Summary

mattermost refuses to connect to internal slashcommand server and suggests adding to AllowedUntrustedInternalConnections in log.

Steps to reproduce

I am using

Mattermost Version: 5.17.3
Database Schema Version: 5.17.0
Database: postgres
Join the Mattermost community at mattermost.org
Copyright 2015 - 2020 Mattermost, Inc. All rights reserved
Terms of Service - Privacy Policy
Mattermost is made possible by the open source software used in our server, desktop and mobile apps.

Build Hash: 35ea48a071f2837d30217cefb2de7d7855fe7f77
EE Build Hash: none
Webapp Build Hash: 77c98e5d8a2da5be8c613dcb0ce9661e02c938f8
Build Date: Wed Jan 8 18:58:54 UTC 2020

I run in a docker container behind an ssl terminating HA Proxy and in general things works well.

I have checked the websockets and they work just fine.

I have the /var/opt/gitlab/mattermost/config.json below [1] with AllowedUntrustedInternalConnections set.

I have tried to…

… Alter the AllowedUntrustedInternalConnections
… enable cors. To restart and rebuild docker images.
gitlab-ctl reconfigure

I would like to set those settings from the system console, but it is not showing up. I dont know if that is a related problem.

Expected behavior

I would expect to be able to run my slash command

Observed behavior

I get this error in the logs

{
	"level": "error",
	"ts": 1581938226.0263855,
	"caller": "mlog/log.go:174",
	"msg": "Command with a trigger of 'standup' failed",
	"path": "/api/v4/commands/execute",
	"request_id": "nzinbux67pgrxp39hhkaamdj7e",
	"ip_addr": "192.168.2.54",
	"user_id": "--------------------------------------",
	"method": "POST",
	"err_where": "command",
	"http_code": 500,
	"err_details": "Post http://slashbot.i.my.doma.in/standup: address forbidden, you may need to set AllowedUntrustedInternalConnections to allow an integration access to your internal network"
}

Question

What do I need to do in order to allow requests to slashbot.i.my.doma.in ?

Attachments

1. /var/opt/gitlab/mattermost/config.json
{
    "ServiceSettings": {
        "SiteURL": "http://chat.i.my.doma.in",
        "WebsocketURL": "",
        "LicenseFileLocation": "",
        "ListenAddress": "127.0.0.1:8065",
        "ConnectionSecurity": "",
        "TLSCertFile": "",
        "TLSKeyFile": "",
        "TLSMinVer": "1.2",
        "TLSStrictTransport": false,
        "TLSStrictTransportMaxAge": 63072000,
        "TLSOverwriteCiphers": [],
        "UseLetsEncrypt": false,
        "LetsEncryptCertificateCacheFile": "./config/letsencrypt.cache",
        "Forward80To443": false,
        "TrustedProxyIPHeader": [
            "X-Forwarded-For",
            "X-Real-IP"
        ],
        "ReadTimeout": 300,
        "WriteTimeout": 300,
        "MaximumLoginAttempts": 10,
        "GoroutineHealthThreshold": -1,
        "GoogleDeveloperKey": "",
        "EnableOAuthServiceProvider": false,
        "EnableIncomingWebhooks": true,
        "EnableOutgoingWebhooks": true,
        "EnableCommands": true,
        "EnableOnlyAdminIntegrations": true,
        "EnablePostUsernameOverride": false,
        "EnablePostIconOverride": false,
        "EnableLinkPreviews": false,
        "EnableTesting": false,
        "EnableDeveloper": false,
        "EnableSecurityFixAlert": true,
        "EnableInsecureOutgoingConnections": false,
        "AllowedUntrustedInternalConnections": " slashbot.i.my.doma.in git.i.my.doma.in",
        "EnableMultifactorAuthentication": false,
        "EnforceMultifactorAuthentication": false,
        "EnableUserAccessTokens": false,
        "AllowCorsFrom": "*",
        "CorsExposedHeaders": "",
        "CorsAllowCredentials": false,
        "CorsDebug": true,
        "AllowCookiesForSubdomains": false,
        "SessionLengthWebInDays": 180,
        "SessionLengthMobileInDays": 180,
        "SessionLengthSSOInDays": 30,
        "SessionCacheInMinutes": 10,
        "SessionIdleTimeoutInMinutes": 43200,
        "WebsocketSecurePort": 443,
        "WebsocketPort": 80,
        "WebserverMode": "gzip",
        "EnableCustomEmoji": true,
        "EnableEmojiPicker": true,
        "EnableGifPicker": false,
        "GfycatApiKey": "-------",
        "GfycatApiSecret": "------------------------------------------------",
        "RestrictCustomEmojiCreation": "all",
        "RestrictPostDelete": "all",
        "AllowEditPost": "always",
        "PostEditTimeLimit": -1,
        "TimeBetweenUserTypingUpdatesMilliseconds": 5000,
        "EnablePostSearch": true,
        "MinimumHashtagLength": 3,
        "EnableUserTypingMessages": true,
        "EnableChannelViewedMessages": true,
        "EnableUserStatuses": true,
        "ExperimentalEnableAuthenticationTransfer": true,
        "ClusterLogTimeoutMilliseconds": 2000,
        "CloseUnusedDirectMessages": false,
        "EnablePreviewFeatures": true,
        "EnableTutorial": true,
        "ExperimentalEnableDefaultChannelLeaveJoinMessages": true,
        "ExperimentalGroupUnreadChannels": "disabled",
        "ExperimentalChannelOrganization": false,
        "ImageProxyType": "",
        "ImageProxyURL": "",
        "ImageProxyOptions": "",
        "EnableAPITeamDeletion": true,
        "ExperimentalEnableHardenedMode": false,
        "DisableLegacyMFA": true,
        "ExperimentalStrictCSRFEnforcement": false,
        "EnableEmailInvitations": false,
        "ExperimentalLdapGroupSync": false,
        "DisableBotsWhenOwnerIsDeactivated": true,
        "EnableBotAccountCreation": false,
        "EnableSVGs": true,
        "EnableLatex": true
    },
    "TeamSettings": {
        "SiteName": "my.doma.in  Mattermost",
        "MaxUsersPerTeam": 50,
        "EnableTeamCreation": true,
        "EnableUserCreation": true,
        "EnableOpenServer": false,
        "EnableUserDeactivation": false,
        "RestrictCreationToDomains": "",
        "EnableCustomBrand": false,
        "CustomBrandText": "",
        "CustomDescriptionText": "",
        "RestrictDirectMessage": "any",
        "RestrictTeamInvite": "all",
        "RestrictPublicChannelManagement": "all",
        "RestrictPrivateChannelManagement": "all",
        "RestrictPublicChannelCreation": "all",
        "RestrictPrivateChannelCreation": "all",
        "RestrictPublicChannelDeletion": "all",
        "RestrictPrivateChannelDeletion": "all",
        "RestrictPrivateChannelManageMembers": "all",
        "EnableXToLeaveChannelsFromLHS": false,
        "UserStatusAwayTimeout": 300,
        "MaxChannelsPerTeam": 2000,
        "MaxNotificationsPerChannel": 1000000,
        "EnableConfirmNotificationsToChannel": true,
        "TeammateNameDisplay": "username",
        "ExperimentalViewArchivedChannels": false,
        "ExperimentalEnableAutomaticReplies": false,
        "ExperimentalHideTownSquareinLHS": false,
        "ExperimentalTownSquareIsReadOnly": false,
        "ExperimentalPrimaryTeam": "",
        "ExperimentalDefaultChannels": []
    },
    "ClientRequirements": {
        "AndroidLatestVersion": "",
        "AndroidMinVersion": "",
        "DesktopLatestVersion": "",
        "DesktopMinVersion": "",
        "IosLatestVersion": "",
        "IosMinVersion": ""
    },
"SqlSettings": {
        "DriverName": "postgres",
        "DataSource": "user=gitlab_mattermost host=/var/opt/gitlab/postgresql port=5432 dbname=mattermost_production",
        "DataSourceReplicas": [],
        "DataSourceSearchReplicas": [],
        "MaxIdleConns": 20,
        "ConnMaxLifetimeMilliseconds": 3600000,
        "MaxOpenConns": 300,
        "Trace": false,
        "AtRestEncryptKey": "--------------------------",
        "QueryTimeout": 30
    },
    "LogSettings": {
        "EnableConsole": true,
        "ConsoleLevel": "INFO",
        "ConsoleJson": true,
        "EnableFile": true,
        "FileLevel": "INFO",
        "FileJson": true,
        "FileLocation": "/var/log/gitlab/mattermost",
        "EnableWebhookDebugging": true,
        "EnableDiagnostics": true
    },
    "NotificationLogSettings": {
        "EnableConsole": true,
        "ConsoleLevel": "DEBUG",
        "ConsoleJson": true,
        "EnableFile": true,
        "FileLevel": "INFO",
        "FileJson": true,
        "FileLocation": ""
    },
    "PasswordSettings": {
        "MinimumLength": 5,
        "Lowercase": false,
        "Number": false,
        "Uppercase": false,
        "Symbol": false
    },

snip