Using an Outbound Proxy¶
In some scenarios, you may wish to use Mattermost behind a proxy. This can be used to do things such as monitoring outbound traffic from Mattermost or controlling which websites can appear in link previews and other embedded content. If you only want to use a proxy for images, the image proxy is also an option.
Mattermost’s use of a proxy is configured using the
NO_PROXY environment variables.
HTTPS_PROXY environment variables store the address of the proxy server for HTTP and HTTPS requests respectively. This value should include the protocol and port of the proxy such as
If you wish to have Mattermost authenticate with your proxy, it supports HTTP basic authentication by specifying the address of the proxy such as
Note that when proxying HTTPS resources, you will need to configure your Mattermost server with the root certificate of the proxy. Otherwise, Mattermost will refuse any response from the proxy as it will detect that its connection has been intercepted.
NO_PROXY environment variable can be set to prevent certain requests from going through the proxy, such as to an SSO provider (e.g. GitLab or SAML) or intranet sites that should be accessible in link previews. It can be configured as a set of comma-separated IP addresses (e.g.
126.96.36.199), IP address ranges specified in CIDR notation (e.g.
188.8.131.52/8), or domain names. An IP address or domain name can also include a port number.
When a domain name is specified, the domain and all of its subdomains are matched, however a domain name with a leading
. only matches the subdomains. For example,
example.com matches both
.example.com only matches the latter.
To set these environment variables while running the Mattermost server via
systemd, modify the
mattermost.service like this:
Be sure to replace
127.0.0.1:3128with the correct values for your proxy servers.[Unit] Description=Mattermost After=network.target After=postgresql.service Requires=postgresql.service [Service] Type=notify ExecStart=/opt/mattermost/bin/mattermost TimeoutStartSec=3600 Restart=always RestartSec=10 WorkingDirectory=/opt/mattermost User=mattermost Group=mattermost LimitNOFILE=49152 Environment=HTTP_PROXY=http://mattermost:email@example.com:3128 Environment=HTTPS_PROXY=https://mattermost:firstname.lastname@example.org:3128 Environment=NO_PROXY=184.108.40.206:567,.internal.example.com,login.example.com [Install] WantedBy=postgresql.service
For GitLab Mattermost follow the details at https://docs.gitlab.com/omnibus/gitlab-mattermost/#setting-custom-environment-variables instead.