Mattermost, Inc.

[SOLVED] Incorrect Redirect URI on Gitlab 8.9.3 + bundled Mattermost + Apache

Using Apache 2.4.7 on Ubuntu 14.04.4. Gitlab SSL configuration derived from https://gitlab.com/gitlab-org/gitlab-recipes/blob/master/web-server/apache/gitlab-omnibus-ssl-apache24.conf; copied and modified for Mattermost as well.

When a user navigates to https://mattermost.servername.com, a sign-in screen is presented. The button to “Login via Gitlab” is shown. Clicking this button initiates a request to https://mattermost.servername.com/api/v3/oauth/gitlab/signup, which returns a 302 Redirect to: https://gitlab.servername.com/oauth/authorize?response_type=code&client_id=xxxx&redirect_uri=http%3A%2F%2Fmattermost.servername.com%3A4443%2Fsignup%2Fgitlab%2Fcomplete&state=xxxx. Notice that the redirect_uri is missing the ‘s’ for HTTPS. This causes the loaded Gitlab page to return “The redirect URI included is not valid.”

Relevant gitlab.rb lines:

mattermost_external_url 'https://mattermost.servername.com' mattermost['enable'] = true mattermost['service_use_ssl'] = true mattermost['service_address'] = "127.0.0.1" mattermost['service_port'] = "8065" mattermost_nginx['enable'] = false mattermost_nginx['redirect_http_to_https'] = true # this likely does nothing

How can I fix the redirect_uri that is presented by the main Mattermost login page?

Solved. Apache conf file for site had the following two lines in the VirtualHost section:

RequestHeader set X_FORWARDED_PROTO 'https' RequestHeader set X-Forwarded-Ssl on

Adding this third line did the trick:

RequestHeader set X-Forwarded-Proto "https"

Note how the original file (https://gitlab.com/gitlab-org/gitlab-recipes/commit/b9afcfd8f9543342df46bfb4327be6466d1097ce) does NOT include the correct header.