Configure the network environment in which Mattermost is deployed by going to System Console > Environment > Web Server, or by updating the config.json
file as described in the following tables. Changes to configuration settings in this section require a server restart before taking effect.
Site URL
Available in legacy Enterprise Edition E10/E20
The URL that users use to access Mattermost. The port number is required if it’s not a standard port, such as 80 or 443. This field is required. Select the Test Live URL button in the System Console to validate the Site URL. |
|
Notes:
|
Web server listen address
Available in legacy Enterprise Edition E10/E20
The address and port to which to bind and listen.
Specifying If you choose a port of a lower level (called “system ports” or “well-known ports”, in the range of 0-1023), you must have permissions to bind to that port. |
|
Forward port 80 to 443
Available in legacy Enterprise Edition E10/E20
Forward insecure traffic from port 80 to port 443.
|
|
Web server connection security
Available in legacy Enterprise Edition E10/E20
Connection security between Mattermost clients and the server.
|
|
TLS certificate file
Available in legacy Enterprise Edition E10/E20
The path to the certificate file to use for TLS connection security. String input. |
|
TLS key file
Available in legacy Enterprise Edition E10/E20
The path to the TLS key file to use for TLS connection security. String input. |
|
Use Let’s Encrypt
Available in legacy Enterprise Edition E10/E20
Enable the automatic retrieval of certificates from Let’s Encrypt. See the configuring TLS on Mattermost documentation for more details on setting up Let’s Encrypt.
|
|
Let’s Encrypt certificate cache file
Available in legacy Enterprise Edition E10/E20
The path to the file where certificates and other data about the Let’s Encrypt service will be stored. File path input. |
|
Read timeout
Available in legacy Enterprise Edition E10/E20
Maximum time allowed from when the connection is accepted to when the request body is fully read. Numerical input in seconds. Default is 300 seconds. |
|
Write timeout
Available in legacy Enterprise Edition E10/E20
Numerical input in seconds. Default is 300 seconds. |
|
Idle timeout
Available in legacy Enterprise Edition E10/E20
Set an explicit idle timeout in the HTTP server. This is the maximum time allowed before an idle connection is disconnected. Numerical input in seconds. Default is 300 seconds. |
|
Webserver mode
Available in legacy Enterprise Edition E10/E20
We recommend gzip to improve performance unless your environment has specific restrictions, such as a web proxy that distributes gzip files poorly.
|
|
Enable insecure outgoing connections
Available in legacy Enterprise Edition E10/E20
Configure Mattermost to allow insecure outgoing connections.
|
|
Security note: Enabling this feature makes these connections susceptible to man-in-the-middle attacks. |
Managed resource paths
Available in legacy Enterprise Edition E10/E20
A comma-separated list of paths within the Mattermost domain that are managed by a third party service instead of Mattermost itself. Links to these paths will be opened in a new tab/window by Mattermost apps. For example, if Mattermost is running on
|
|
Note: When using the Mattermost Desktop App, additional configuration is required to open the link within the Desktop App instead of in a browser. See the desktop managed resources documentation for details. |
Reload configuration from disk
Note
Available only on Enterprise plans
Available in legacy Enterprise Edition E10/E20
You must change the database line in the Select the Reload configuration from disk button in the System Console after changing your database configuration. Then, go to Environment > Database and select Recycle Database Connections to complete the reload. |
|
Purge all caches
Available in legacy Enterprise Edition E10/E20
Purge all in-memory caches for sessions, accounts, and channels. Select the Purge All Caches button in the System Console to purge all caches. |
|
Note: Purging the caches may adversely impact performance. Deployments using high availability clusters will attempt to purge all the servers in the cluster |
Websocket URL
Available in legacy Enterprise Edition E10/E20
You can configure the server to instruct clients on where they should try to connect websockets to. String input. |
|
License file location
Note
Available only on Enterprise and Professional plans
Available in legacy Enterprise Edition E10/E20
The path and filename of the license file on disk. On startup, if Mattermost can’t find a valid license in the database from a previous upload, it looks in this path for the license file. String input. Can be an absolute path or a path
relative to the |
|
TLS minimum version
Available in legacy Enterprise Edition E10/E20
The minimum TLS version used by the Mattermost server. String input. Default is 1.2. |
|
Note: This setting only takes effect if you are using the built-in server binary directly, and not using a reverse proxy layer, such as NGINX. |
Trusted proxy IP header
Available in legacy Enterprise Edition E10/E20
Specified headers that will be checked, one by one, for IP addresses (order is important). All other headers are ignored. String array input consisting of header names,
such as |
|
Notes:
|
Enable Strict Transport Security (HSTS)
Available in legacy Enterprise Edition E10/E20
|
|
See the Strict-Transport-Security documentation for details. |
Secure TLS transport expiry
Available in legacy Enterprise Edition E10/E20
The time, in seconds, that the browser remembers a
site is only to be accessed using HTTPS. After this
period, a site can’t be accessed using HTTP unless
Numerical input. Default is 63072000 (2 years). |
|
See the Strict-Transport-Security documentation for details. |
TLS cipher overwrites
Available in legacy Enterprise Edition E10/E20
Set TLS ciphers overwrites to meet requirements from legacy clients which don’t support modern ciphers, or to limit the types of accepted ciphers. If none specified, the Mattermost server assumes a set of currently considered secure ciphers, and allows overwrites in the edge case. String array input. |
|
Notes:
|
Goroutine health threshold
Available in legacy Enterprise Edition E10/E20
Set a threshold on the number of goroutines when the Mattermost system is considered to be in a healthy state. When goroutines exceed this limit, a warning is returned in the server logs. Numeric input. Default is -1 which turns off checking for the threshold. |
|
Cluster log timeout
Note
Available only on Enterprise plans
Available in legacy Enterprise Edition E20
Define the frequency, in milliseconds, of cluster request time logging for performance monitoring. Numerical input. Default is 2000 milliseconds (2 seconds). |
|
See the performance monitoring documentation for details. |