Using an Outbound Proxy¶
In some scenarios, you may wish to use Mattermost behind a proxy. This can be used to do things such as monitoring outbound traffic from Mattermost or controlling which websites can appear in link previews and other embedded content.
Mattermost’s use of a proxy is configured using the
NO_PROXY environment variables.
HTTPS_PROXY environment variables store the address of the proxy server for HTTP and HTTPS requests respectively. This value should include the protocol and port of the proxy such as
If you wish to have Mattermost authenticate with your proxy, it supports HTTP basic authentication by specifying the address of the proxy such as
Note that when proxying HTTPS resources, you will need to configure your Mattermost server with the root certificate of the proxy. Otherwise, Mattermost will refuse any response from the proxy as it will detect that its connection has been intercepted.
NO_PROXY environment variable can be set to prevent certain requests from going through the proxy, such as to an SSO provider (such as GitLab or SAML) or to intranet sites that should be accessible in link previews. It can be configured as a set of comma-separted IP addresses (e.g. 22.214.171.124), IP address ranges specified in CIDR notation (e.g. 126.96.36.199/8), or domain names. An IP address or domain name can also include a port number.
When specifying a domain name, that domain name also matches its sub domains as well. A domain name with a leading
. matches only sub domains. For example,
example.com matches both
example.com as well as
.example.com only matches the latter.
To set these environment variables while running the Mattermost server via
systemd, modify the
mattermost.service like this:
Be sure to replace 127.0.0.1:3128 with the correct values for your proxy servers.[Unit] Description=Mattermost After=network.target After=postgresql.service Requires=postgresql.service [Service] Type=notify ExecStart=/opt/mattermost/bin/mattermost TimeoutStartSec=3600 Restart=always RestartSec=10 WorkingDirectory=/opt/mattermost User=mattermost Group=mattermost LimitNOFILE=49152 Environment=HTTP_PROXY=http://mattermost:firstname.lastname@example.org:3128 Environment=HTTPS_PROXY=https://mattermost:email@example.com:3128 Environment=NO_PROXY=188.8.131.52:567,.internal.example.com,login.example.com [Install] WantedBy=postgresql.service