Mattermost, Inc.

[SOLVED] No access to System Console

Summary

System Console not available

Steps to reproduce

Always present. Have not seen the system console yet

Expected behavior

I’m expecting to have system_admin options available in the menu to reach the system console

Observed behavior

No errors associated with it

I’m evaluating Mattermost in a newly created stack hosted in AWS EC2 and RDS. It’s version 5.14

Upon logging in, there were no teams to join, no channels, users, chat…essentially only a blank page is displayed. Using the CLI to create users and teams and assign roles, the experience became more as expected. I assigned the system_admin role to other users besides myself, but none of us have System console options available in the menu. I’ve confirmed the role is assigned to each each user in the database. The issue is the same with the mac client, linux client, Firefox, and Chrome.

The architecture looks like this:
AWS ELB Classic - TCP listeners (not terminating SSL), internet-facing
Proxy: HAProxy on AWS EC2 - RHEL7 w/DISA STIGs
AWS ELB Classic - TCP listeners (not terminating SSL), internal
Server: AWS EC2 - RHEL7 w/DISA STIGs
Database: AWS RDS PostgreSQL

mattermost config:
{ "ServiceSettings": { "SiteURL": "https://ourmattermosturl.net", "WebsocketURL": "wss://ourmattermosturl.net/wss/", "LicenseFileLocation": "", "ListenAddress": ":443", "ConnectionSecurity": "TLS", "TLSCertFile": "/opt/mattermost/config/ourmattermosturl.net.cer", "TLSKeyFile": "/opt/mattermost/config/ourmattermosturl.net.key", "TLSMinVer": "1.2", "TLSStrictTransport": false, "TLSStrictTransportMaxAge": 63072000, "TLSOverwriteCiphers": [], "UseLetsEncrypt": false, "LetsEncryptCertificateCacheFile": "./config/letsencrypt.cache", "Forward80To443": true, "TrustedProxyIPHeader": [ "X-Forwarded-For", "X-Real-IP" ], "ReadTimeout": 300, "WriteTimeout": 300, "MaximumLoginAttempts": 10, "GoroutineHealthThreshold": -1,

HAProxy config:
`
global
ulimit-n 40010
maxconn 09999
ssl-default-bind-options no-sslv3
ssl-default-bind-ciphers ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:RSA+AESGCM:RSA+AES:!aNULL:!MD5:!DSS
ssl-default-server-options no-sslv3
ssl-default-server-ciphers ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:RSA+AESGCM:RSA+AES:!aNULL:!MD5:!DSS
tune.ssl.default-dh-param 2048
maxpipes 09999
tune.maxaccept 500
chroot /var/lib/haproxy
user haproxy
group haproxy

defaults
mode http
log global
log 127.0.0.1 local6
log /dev/log local0 info
log /dev/log local0 notice
option httplog
timeout connect 5000ms
timeout client 50000ms
timeout server 50000ms
timeout tunnel 1h

frontend www-https
bind *:443 ssl crt /etc/pki/tls/certs/ourmattermosturl.net.cer alpn http/1.1,h2
mode http
acl stats path_beg /haproxy_stats
use_backend stats if stats
default_backend mattermost

backend stats
stats enable
mode http
stats realm Haproxy\ Statistics # Title text for popup window
stats uri /haproxy_stats
stats auth haproxy:q6K7TAtMyHzjHH
stats refresh 5s

backend mattermost
balance roundrobin
mode http
timeout server 60s
timeout check 5s
retries 2
option httpchk GET /system/ping
server ourmattermosturl.net internal-elb-name.region-name.elb.amazonaws.com:443 check ssl verify none
`
image

Any help would be appreciated. Thank you, Garrett

Hi @BlackJeep, these previous threads might have ideas on how you can resolve this:

I had been through most of these posts several times already to no avail but one of the posts contained the ‘admin_console’ URL…so I tried it directly with dev tools on. Sure enough, I was having a ‘websocket pending’ issue. Actually it was present even at the main chat. I had been under the (wrong) assumption that chat would not work without websockets working, but not true. We removed the WebsocketURL from the Mattermost config and now everything seems to be working. Thank you.

1 Like