Mattermost, Inc.

No connection to https nginx reverse proxy with lets encrypt cert

I am running the mattermost docker app with an nginx proxy, which uses a lets encrypt cert.
The web and linux clients are able to connect, everything works fine.
The android app refuses the connection, having a look in the nginx logs shows no attempt to connect (the url in the app is correct i have doubled checked it a couple of times).
The app works fine via http.

My nginx config is:

server {
listen 80;
server_name XXXXXX;
return 301 https://XXXXXX$request_uri;
}

#server {
#listen 80;
#server_name XXXXXX;

#location ~ /api/v[0-9]+/(users/)?websocket$ {

#proxy_set_header Upgrade $http_upgrade;
#proxy_set_header X-Forwarded-Ssl on;
#proxy_set_header Connection “upgrade”;

#client_max_body_size 50M;
#proxy_set_header Host $http_host;
#proxy_set_header X-Real-IP $remote_addr;
#proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
#proxy_set_header X-Forwarded-Proto https;
#proxy_set_header X-Frame-Options SAMEORIGIN;
#proxy_buffers 256 16k;
#proxy_buffer_size 16k;
#proxy_read_timeout 600s;
#proxy_pass http://mattermost;
#}
#location / {
#proxy_set_header X-Forwarded-Ssl on;
#client_max_body_size 50M;
#proxy_set_header Connection “”;
#proxy_set_header Host $http_host;
#proxy_set_header X-Real-IP $remote_addr;
#proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
#proxy_set_header X-Forwarded-Proto https;
#proxy_set_header X-Frame-Options SAMEORIGIN;
#proxy_buffers 256 16k;
#proxy_buffer_size 16k;
#proxy_read_timeout 600s;
#proxy_pass http://mattermost;
#}
#}

server {
server_name XXXXXX;
listen 443 ssl http2;

ssl_session_timeout 5m;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers 'EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH';
ssl_prefer_server_ciphers on;
ssl_session_cache shared:SSL:10m;
ssl on;

location ~ /api/v[0-9]+/(users/)?websocket$ {

    proxy_set_header Upgrade $http_upgrade;
    proxy_set_header X-Forwarded-Ssl on;
    proxy_set_header Connection "upgrade";

    client_max_body_size 50M;
    proxy_set_header Host $http_host;
    proxy_set_header X-Real-IP $remote_addr;
    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
    proxy_set_header X-Forwarded-Proto https;
    proxy_set_header X-Frame-Options SAMEORIGIN;
    proxy_buffers 256 16k;
    proxy_buffer_size 16k;
    proxy_read_timeout 600s;
proxy_pass http://mattermost;
}



location / {
   
    proxy_set_header X-Forwarded-Ssl on;

    client_max_body_size 50M;
    proxy_set_header Connection "";
    proxy_set_header Host $http_host;
    proxy_set_header X-Real-IP $remote_addr;
    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
    proxy_set_header X-Forwarded-Proto https;
    proxy_set_header X-Frame-Options SAMEORIGIN;
    proxy_buffers 256 16k;
    proxy_buffer_size 16k;
    proxy_read_timeout 600s;

    proxy_pass http://mattermost;
}
ssl_certificate /etc/letsencrypt/live/XXXXXX/cert.pem;
ssl_certificate_key /etc/letsencrypt/live/XXXXXX/privkey.pem;

}

The commented out http lines will make the app work fine with http, https does not work.
Looks to me like an issue with the lets encrypt certs? The nginx handles some more certs on the same ip address, maybe there is a problem with getting the correct cert?

Best regards
Steffen

Can you verify you cert and chain with ssllabs.com? Sounds like a problem with the cert

Hi Elias

thanks a lot for the quick reply.

I have checked mattermost.sonormed.com, screenshot is attached.

Best regards

Steffen

You need to fix your chain issues, once that’s fixed the app should connect without problems

This is the result of our pre-release serverC3AA3859-FB6C-4D58-9223-21A61FBFAEF6