[TIP] Capturing Mattermost User IDs with Nginx

Troubleshooting
1

Because Nginx has the ability to capture HTTP cookies in log files, this gives you the ability to view the user ID making a request to your Mattermost server. While it can’t give you the content of posts or files, it can give you interesting insights into which teams, channels, and files are getting the most traffic from your users.

To add the Mattermost user ID to your logs, first add this line at the beginning of your Mattermost Nginx config:

log_format mmst_users '$time_local - $remote_addr - $cookie_MMUSERID - "$request" - $status';

Then, adjust the access_log line to use this format:

access_log /var/logs/nginx/mattermost.example.com/access.log mmst_users;

Here’s a full config file for reference:

# Mattermost Nginx Config
# Custom log format to capture user IDs
log_format mmst_users '$time_local - $remote_addr - $cookie_MMUSERID - "$request" - $status';

upstream mattermost {
   server 127.0.0.1:8065;
   keepalive 32;
}

proxy_cache_path /var/cache/nginx levels=1:2 keys_zone=mattermost_cache:10m max_size=3g inactive=120m use_temp_path=off;

# Redirect to TLS
server {
    listen 80;
    server_name mattermost.example.com;
    return 302 https://mattermost.example.com$request_uri;
}

server {
    listen 443 ssl;

    ssl_certificate /etc/letsencrypt/live/mattermost.example.com/fullchain.pem;
    ssl_certificate_key /etc/letsencrypt/live/mattermost.example.com/privkey.pem;

    server_name mattermost.example.com;

    error_log /home/admin/logs/mattermost.example.com/error.log warn;
    # Add custom format to this line
    access_log /home/admin/logs/mattermost.example.com/access.log mmst_users;

    location ~ /api/v[0-9]+/(users/)?websocket$ {
       proxy_set_header Upgrade $http_upgrade;
       proxy_set_header Connection "upgrade";
       client_max_body_size 50M;
       proxy_set_header Host $http_host;
       proxy_set_header X-Real-IP $remote_addr;
       proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
       proxy_set_header X-Forwarded-Proto $scheme;
       proxy_set_header X-Frame-Options SAMEORIGIN;
       proxy_buffers 256 16k;
       proxy_buffer_size 16k;
       client_body_timeout 60;
       send_timeout 300;
       lingering_timeout 5;
       proxy_connect_timeout 90;
       proxy_send_timeout 300;
       proxy_read_timeout 90s;
       proxy_pass http://mattermost;
   }

   location / {
       client_max_body_size 50M;
       proxy_set_header Connection "";
       proxy_set_header Host $http_host;
       proxy_set_header X-Real-IP $remote_addr;
       proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
       proxy_set_header X-Forwarded-Proto $scheme;
       proxy_set_header X-Frame-Options SAMEORIGIN;
       proxy_buffers 256 16k;
       proxy_buffer_size 16k;
       proxy_read_timeout 600s;
       proxy_cache mattermost_cache;
       proxy_cache_revalidate on;
       proxy_cache_min_uses 2;
       proxy_cache_use_stale timeout;
       proxy_cache_lock on;
       proxy_http_version 1.1;
       proxy_pass http://mattermost;
   }
}
1 Like