Mattermost, Inc.

Variations in mattermost.conf in installation docs

There are eight separate install docs for Linux:

ee-prod-rhel-6.rst
ee-prod-rhel-7.rst
ee-prod-ubuntu.rst
prod-debian.rst
prod-rhel-6.rst
prod-rhel-7.rst
prod-ubuntu-16.04.rst
prod-ubuntu-1404.rst

They don’t all have the same setup for /etc/nginx/conf.d/mattermost.conf. Is there a best one that can be used consistently? This is what’s there now:

For ee-prod-ubuntu.rst, prod-debian.rst, prod-rhel-6.rst, and prod-rhel-7.rst:

  server {
	 listen         80;
	 server_name    mattermost.example.com;
	 return         301 https://$server_name$request_uri;
	}

	server {
	 listen 443 ssl;
	 server_name mattermost.example.com;

	 ssl on;
	 ssl_certificate /etc/letsencrypt/live/yourdomainname/fullchain.pem;
	 ssl_certificate_key /etc/letsencrypt/live/yourdomainname/privkey.pem;
	 ssl_session_timeout 5m;
	 ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
	 ssl_ciphers 'EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH';
	 ssl_prefer_server_ciphers on;
	 ssl_session_cache shared:SSL:10m;

	 location / {
		gzip off;
		proxy_set_header X-Forwarded-Ssl on;
		client_max_body_size 50M;
		proxy_set_header Upgrade $http_upgrade;
		proxy_set_header Connection "upgrade";
		proxy_set_header Host $http_host;
		proxy_set_header X-Real-IP $remote_addr;
		proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
		proxy_set_header X-Forwarded-Proto $scheme;
		proxy_set_header X-Frame-Options SAMEORIGIN;
		proxy_pass http://10.10.10.2:8065;
	 }
	}

For ee-prod-rhel-6.rst and ee-prod-rhel-7.rst:

  server {
	 listen         80;
	 server_name    mattermost.example.com;
  }

  server {
	 listen 443 ssl;
	 server_name mattermost.example.com;

	 ssl on;
	 ssl_certificate /etc/letsencrypt/live/yourdomainname/fullchain.pem;
	 ssl_certificate_key /etc/letsencrypt/live/yourdomainname/privkey.pem;
	 ssl_session_timeout 5m;
	 ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
	 ssl_ciphers 'EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH';
	 ssl_prefer_server_ciphers on;
	 ssl_session_cache shared:SSL:10m;

	 location / {
		gzip off;
		proxy_set_header X-Forwarded-Ssl on;
		client_max_body_size 50M;
		proxy_set_header Upgrade $http_upgrade;
		proxy_set_header Connection "upgrade";
		proxy_set_header Host $http_host;
		proxy_set_header X-Real-IP $remote_addr;
		proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
		proxy_set_header X-Forwarded-Proto $scheme;
		proxy_set_header X-Frame-Options SAMEORIGIN;
		proxy_pass http://10.10.10.2:8065;
	 }
  }

For prod-ubuntu-16.04.rst and prod-ubuntu-1404.rst:

        upstream backend {
            server 10.10.10.2:8065;
        }

        proxy_cache_path /var/cache/nginx levels=1:2 keys_zone=mattermost_cache:10m max_size=3g inactive=120m use_temp_path=off;

        server {
            listen 80;
            server_name    mattermost.example.com;

            location /api/v3/users/websocket {
                proxy_set_header Upgrade $http_upgrade;
                proxy_set_header Connection "upgrade";
                client_max_body_size 50M;
                proxy_set_header Host $http_host;
                proxy_set_header X-Real-IP $remote_addr;
                proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
                proxy_set_header X-Forwarded-Proto $scheme;
                proxy_set_header X-Frame-Options SAMEORIGIN;
                proxy_buffers 256 16k;
                proxy_buffer_size 16k;
                proxy_read_timeout 600s;
                proxy_pass http://backend;
            }

            location / {
                client_max_body_size 50M;
                proxy_set_header Connection "";
                proxy_set_header Host $http_host;
                proxy_set_header X-Real-IP $remote_addr;
                proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
                proxy_set_header X-Forwarded-Proto $scheme;
                proxy_set_header X-Frame-Options SAMEORIGIN;
                proxy_buffers 256 16k;
                proxy_buffer_size 16k;
                proxy_read_timeout 600s;
                proxy_cache mattermost_cache;
                proxy_cache_revalidate on;
                proxy_cache_min_uses 2;
                proxy_cache_use_stale timeout;
                proxy_cache_lock on;
                proxy_pass http://backend;
            }
        }

Hi @JeffSchering, good point, would you mind moving this to a Github issue on the docs repo? Also feel free to post in the developers channel on pre-release as all of our devs have different areas of expertise.