Mattermost WebSocket port issue after installing self-signed certificate


#1

Hi all,

I’ve just installed Mattermost 3.10 Team Edition in my local server, currently login to it using http://:8065.
I wish to encrypt all conversations in Mattermost due to security concern and I followed the instructions in here and here for the SSL installation (I’m using self-signed certificate, not using Let’s Encrypt).

Now login using https://:8065 seems working fine in my desktop app and chrome, but when I tried to login using Mattermost Classic app downloaded from AppStore, there will be error message like “Please check connection, Mattermost unreachable. If issue persist, ask administrator to check WebSocket port”.

And I login to Mattermost server side, execute “service mattermost status”, with the error message displayed:

root@mmclone bin]# service mattermost status
Redirecting to /bin/systemctl status mattermost.service
● mattermost.service - Mattermost is an open source, self-hosted Slack-alternative
Loaded: loaded (/etc/systemd/system/mattermost.service; enabled; vendor preset: disabled)
Active: active (running) since Wed 2017-08-09 15:52:30 +08; 20min ago
Main PID: 2623 (platform)
CGroup: /system.slice/mattermost.service
└─2623 /opt/mattermost/bin/platform

Aug 09 16:05:32 mmclone platform[2623]: 2017/08/09 16:05:32 http: TLS handshake error from 192.168.2.1:55792: EOF
Aug 09 16:06:25 mmclone platform[2623]: 2017/08/09 16:06:25 http: TLS handshake error from 192.168.2.1:55794: EOF
Aug 09 16:06:41 mmclone platform[2623]: 2017/08/09 16:06:41 http: TLS handshake error from 192.168.2.1:49576: EOF
Aug 09 16:07:32 mmclone platform[2623]: 2017/08/09 16:07:32 http: TLS handshake error from 192.168.2.1:49577: EOF
Aug 09 16:07:57 mmclone platform[2623]: 2017/08/09 16:07:57 http: TLS handshake error from 192.168.2.1:55797: EOF

Is there something wrong with my SSL installation? Any suggestion to fix this issue?
I’ve no issue logging in with http in all platforms (desktop app, iOS, Android)

Thank you.
Best regards,
Kong


#2

Hi @kongyc,

Thanks for your feedback,

Perhaps this documentation will help?


#3

Hi Lindy65,

I tried with the steps you provided earlier, but I don’t have a FQDN for nginx setup, is this causing the websocket error as well? I have the same issue in safari and iOS native apps, but it just working fine in chrome and mozilla firefox. Or is it iOS or apple tried to block the untrusted https access?

Thank you.
Best regards,
Kong


#4

Well I can’t really say about the classic apps but for the new apps self sign cerificates are not and will not be supported.

Why wouldn’t use lets encrypt? Is a valid free certificate :wink:


#5

Hi @elias,

I don’t have a FQDN for my mattermost, basically I login to mattermost using http://192.168.x.x:8065, is it possible to install Letsencrypt SSL using IP or port forwarding address?


#6

From Let’s Encrypt staff:

I think the current Baseline Requirements norm is not to issue certificates for private (RFC 1918-reserved) IP addresses, while certificates for public IP addresses are still permitted. However, Let’s Encrypt has decided not to issue certificates for bare IP addresses even if this would be permitted by the Baseline Requirements.

In resume they don’t do certificates for IPs.

But from your example IP it seems to be a local network, are you forwarding it to an external public IP at any point? If you are the simplest thing I can think of would be to buy the cheapest domain around, some will cost you cents and use that with Let’s Encrypt.


#7

Hi,

I have a ddns.net domain setup for my server, which is http://xxx.ddns.net:8065, which is pointing to my mattermost server, and the xxx.ddns.net is pointing to a public IP. Is it possible for Letsencrypt to setup the trusted SSL for it?

Thank you.
Best regards,
Kong


#8

Yes, you can setup the SSL for that subdomain.


#9

Please refer to the below post and narrow your environment wherever applicable.
https://forum.mattermost.org/t/solved-mattermost-websocket-notification/3686

Thanks,