Configuring Apache2 (Unofficial)¶
Unofficial, community-maintained guides for configuring Apache as a proxy instead of NGINX.
Configuring Apache2 as a proxy for Mattermost Server (Unofficial)¶
Important
This unofficial guide is maintained by the Mattermost community and this deployment configuration is not yet officially supported by Mattermost, Inc. Community testing, feedback and improvements are welcome and greatly appreciated. You can edit this page on GitHub.
On a Debian-based operating system such as Ubuntu, Apache2 proxy configuration is done in the /etc/apache2/sites-available
directory. Red Hat-based systems organize Apache configuration files differently. If you’re setting up Mattermost on a subdomain, you’ll want to create a new configuration file along the lines of mysubdomain.mydomain.com.conf
.
To configure Apache2 as a proxy
SSH into your server.
Make sure the Apache modules
mod_rewrite
,mod_proxy
,mod_proxy_http
, andmod_proxy_wstunnel
are installed and enabled. If not, follow the instructions from your Linux distribution to do so.Create the above mentioned configuration file. It is often helpful to start with a copy of
000-default.conf
ordefault-ssl.conf
(on Ubuntu).Edit your configuration using the guide below:
If you’re not setting up a subdomain, your
ServerName
will simply be set tomydomain.com
.ServerAlias
can been added too if you want to capturewww.mydomain.com
.Remember to change the values to match your server’s name, etc.
If you have enabled TLS in the Mattermost settings, you must use the protocol
wss://
instead ofws://
in theRewriteRule
.To serve requests on a different port (such as 8443), in addition to setting the port in the VirtualHost element, add
Listen 8443
on a separate line before the VirtualHost line.
<VirtualHost *:80>
# If you're not using a subdomain you may need to set a ServerAlias to:
# ServerAlias www.mydomain.com
ServerName mysubdomain.mydomain.com
ServerAdmin hostmaster@mydomain.com
ProxyPreserveHost On
# Set web sockets
RewriteEngine On
RewriteCond %{REQUEST_URI} /api/v[0-9]+/(users/)?websocket [NC,OR]
RewriteCond %{HTTP:UPGRADE} ^WebSocket$ [NC,OR]
RewriteCond %{HTTP:CONNECTION} ^Upgrade$ [NC]
RewriteRule .* ws://127.0.0.1:8065%{REQUEST_URI} [P,QSA,L]
<Location />
Require all granted
ProxyPass http://127.0.0.1:8065/
ProxyPassReverse http://127.0.0.1:8065/
ProxyPassReverseCookieDomain 127.0.0.1 mysubdomain.mydomain.com
</Location>
</VirtualHost>
(Debian/Ubuntu only) Because you’ll likely have not set up the subdomain before now on Apache2, run
a2ensite mysubdomain.mydomain.com
to enable the site (do not runa2ensite mysubdomain.mydomain.com.conf
).Restart Apache2.
On Ubuntu 14.04 and RHEL 6:
sudo service apache2 restart
On Ubuntu 16.04+ and RHEL 7+:
sudo systemctl restart apache2
You should be all set! Ensure that your Mattermost config file is pointing to the correct URL (which may include a port), and then ensure that your socket connection is not dropping once deployed. To prevent external access to Mattermost on port 8065, in the config file, set ListenAddress
to localhost:8065
instead of :8065
.
Configuring Apache2 with SSL and HTTP/2 (Unofficial)¶
Important
This unofficial guide is maintained by the Mattermost community and this deployment configuration is not yet officially supported by Mattermost, Inc. Community testing, feedback and improvements are welcome and greatly appreciated. You can edit this page on GitHub.
In order to use Apache as a reverse proxy for the Mattermost Server, you need to install and enable the following apache modules: mod_rewrite
, mod_proxy
, mod_proxy_http
, mod_headers
, and mod_proxy_wstunnel
. Follow the installation instructions for your Linux distribution.
Once you’ve configured Apache2 as a proxy for your Mattermost Server, the easiest way to enable SSL on Apache2 is via Let’s Encrypt and Certbot.
Note
If Let’s Encrypt is enabled, forward port 80 through a firewall, with Forward80To443 config.json
setting set to true
to complete the Let’s Encrypt certification.
Once installed, run $ certbot --apache
and follow the guide. Afterwards you should find a new configuration file in /etc/apache2/sites-available
which should follow the format mysubdomain.mydomain.com-le-ssl.conf
.
When opened, edit it to look something like the following:
<IfModule mod_ssl.c>
<VirtualHost *:443>
ServerName mysubdomain.mydomain.com
ServerAdmin hostmaster@mydomain.com
ProxyPreserveHost On
RequestHeader set "X-Forwarded-Proto" expr=%{REQUEST_SCHEME}
RequestHeader set "X-Forwarded-SSL" expr=%{HTTPS}
RewriteEngine On
RewriteCond %{REQUEST_URI} /api/v[0-9]+/(users/)?websocket [NC,OR]
RewriteCond %{HTTP:UPGRADE} ^WebSocket$ [NC,OR]
RewriteCond %{HTTP:CONNECTION} ^Upgrade$ [NC]
RewriteRule .* ws://127.0.0.1:8065%{REQUEST_URI} [P,QSA,L]
<Location />
Require all granted
ProxyPass http://127.0.0.1:8065/
ProxyPassReverse http://127.0.0.1:8065/
ProxyPassReverseCookieDomain 127.0.0.1 mysubdomain.mydomain.com
</Location>
# Generated by Certbot
SSLCertificateFile /etc/letsencrypt/live/mydomain.com/fullchain.pem
SSLCertificateKeyFile /etc/letsencrypt/live/mydomain.com/privkey.pem
Include /etc/letsencrypt/options-ssl-apache.conf
</VirtualHost>
</IfModule>
Restart Apache2
On Ubuntu 14.04 and RHEL 6:
sudo service apache2 restart
On Ubuntu 16.04 and RHEL 7:
sudo systemctl restart apache2
Test that the site is working, that WebSockets are working, and if you enabled HTTP redirect to HTTPS during Certbot installation that the redirect is working.
Lastly, test your SSL configuration with https://www.ssllabs.com/ssltest/index.html.
Using Certbot means that you shouldn’t have to do anything in the configuration of Mattermost.