Configuring Apache2 (Unofficial)

Unofficial, community-maintained guides for configuring Apache as a proxy instead of NGINX.

Configuring Apache2 as a proxy for Mattermost Server (Unofficial)

Important

This unofficial guide is maintained by the Mattermost community and this deployment configuration is not yet officially supported by Mattermost, Inc. Community testing, feedback and improvements are welcome and greatly appreciated. You can edit this page on GitHub.

The Apache2 proxy configuration is done through the /etc/apache2/sites-available directory. If you’re setting up Mattermost on a subdomain you’ll want to create a new configuration along the lines of mysubdomain.mydomain.com.conf.

Copy the default configuration file found in the same directory.

To configure Apache2 as a proxy

  1. SSH into your server

  2. Create/open the above mentioned, correct file (000-default or a new subdomain configuration).

  3. Edit your configuration using the guide below.

    1. If you’re not setting up a subdomain your ServerName will simply be set to mydomain.com.
    2. ServerAlias can been added too if you want to capture www.mydomain.com.
    3. Remember to change the values to match your server’s name etc.
    4. Save once finished
<VirtualHost *:80>
  # If you're not using a subdomain you may need to set a ServerAlias to:
  # ServerAlias www.mydomain.com
  ServerName mysubdomain.mydomain.com
  ServerAdmin hostmaster@mydomain.com
  ProxyPreserveHost On

  # setup the proxy
  <Proxy *>
         Order allow,deny
         Allow from all
  </Proxy>

  # Set web sockets
  RewriteEngine On
  RewriteCond %{REQUEST_URI} ^/api/v3/users/websocket [NC,OR]
  RewriteCond %{HTTP:UPGRADE} ^WebSocket$ [NC,OR]
  RewriteCond %{HTTP:CONNECTION} ^Upgrade$ [NC]
  RewriteRule .* wss://127.0.0.1:8065%{REQUEST_URI} [P,QSA,L]
  RewriteCond %{DOCUMENT_ROOT}/%{REQUEST_FILENAME} !-f
        # This line simply forces HTTPS
  RewriteRule (.*) https://%{SERVER_NAME}%{REQUEST_URI} [END,QSA,R=permanent]

  <Location /api/v3/users/websocket>
        Require all granted
        ProxyPass ws://127.0.0.1:8065/api/v3/users/websocket
        ProxyPassReverse ws://127.0.0.1:8065/api/v3/users/websocket
        ProxyPassReverseCookieDomain 127.0.0.1 mysubdomain.mydomain.com
  </Location>

  <Location />
        Require all granted
        ProxyPass http://127.0.0.1:8065/
        ProxyPassReverse http://127.0.0.1:8065/
        ProxyPassReverseCookieDomain 127.0.0.1 mysubdomain.mydomain.com
  </Location>

</VirtualHost>

  1. Because you’ll likely have not set up the subdomain before now on Apache2, run a2ensite mysubdomain.mydomain.com to enable the site (do not run a2ensite mysubdomain.mydomain.com.conf)

  2. Restart Apache2

    • On Ubuntu 14.04 and RHEL 6: sudo service apache2 restart
    • On Ubuntu 16.04 and RHEL 7: sudo systemctl restart apache2

You should be all set! Ensure that your Mattermost config file is pointing to the correct URL and then ensure that once deployed your socket connection is not dropping.

Configuring Apache2 with SSL and HTTP/2 (Unofficial)

Important

This unofficial guide is maintained by the Mattermost community and this deployment configuration is not yet officially supported by Mattermost, Inc. Community testing, feedback and improvements are welcome and greatly appreciated. You can edit this page on GitHub.

Once you’ve configured Apache2 as a proxy for your Mattermost Server, the easiest way to enable SSL on Apache2 is via Let’s Encrypt and Certbot.

Once installed, run $ certbot --apache and follow the guide. Afterwards you should find a new configuration file in /etc/apache2/sites-available which should follow the format mysubdomain.mydomain.com-le-ssl.conf.

When opened, edit it to look something like the following:

<IfModule mod_ssl.c>
<VirtualHost *:443>
        ServerName mysubdomain.mydomain.com
        ServerAdmin hostmaster@mydomain.com
        ProxyPreserveHost On

        # setup the proxy
        <Proxy *>
          Order allow,deny
          Allow from all
        </Proxy>

        RewriteEngine On
        RewriteCond %{REQUEST_URI} ^/api/v3/users/websocket [NC,OR]
        RewriteCond %{HTTP:UPGRADE} ^WebSocket$ [NC,OR]
        RewriteCond %{HTTP:CONNECTION} ^Upgrade$ [NC]
        RewriteRule .* ws://127.0.0.1:8065%{REQUEST_URI} [P,QSA,L]
        RewriteCond %{DOCUMENT_ROOT}/%{REQUEST_FILENAME} !-f
        RewriteRule .* http://127.0.0.1:8065%{REQUEST_URI} [P,QSA,L]

        <Location /api/v3/users/websocket>
          Require all granted
          ProxyPass ws://127.0.0.1:8065/api/v3/users/websocket
          ProxyPassReverse ws://127.0.0.1:8065/api/v3/users/websocket
          ProxyPassReverseCookieDomain 127.0.0.1 mysubdomain.mydomain.com
        </Location>

        <Location />
          Require all granted
          ProxyPass http://127.0.0.1:8065/
          ProxyPassReverse http://127.0.0.1:8065/
          ProxyPassReverseCookieDomain 127.0.0.1 mysubdomain.mydomain.com
        </Location>

        # Generated by Certbot
        SSLCertificateFile /etc/letsencrypt/live/mydomain.com/fullchain.pem
        SSLCertificateKeyFile /etc/letsencrypt/live/mydomain.com/privkey.pem
        Include /etc/letsencrypt/options-ssl-apache.conf
</VirtualHost>
</IfModule>

  1. Restart Apache2

    • On Ubuntu 14.04 and RHEL 6: sudo service apache2 restart
    • On Ubuntu 16.04 and RHEL 7: sudo systemctl restart apache2

  2. Test that the site is working, that WebSockets are working, and if you enabled HTTP redirect to HTTPS during Certbot installation that the redirect is working.

  3. Lastly, test your SSL configuration with https://www.ssllabs.com/ssltest/index.html.

Using Certbot means that you shouldn’t have to do anything in the configuration of Mattermost.