8.1 omnibus and MatterMost using apache proxy
I have configured mattermost to run under apache as a vhost (http://mattermost.example.com) and am able to have it redirect to my gitlab instance after trying to create a new team with the gitlab server but get:
An error has occurred
Client authentication failed due to unknown client, no client authentication included, or unsupported authentication method.
my gitlab.rb
is:
mattermost_external_url 'https://mattermost.example.com'
mattermost['enable'] = true
mattermost['service_use_ssl'] = true
mattermost_nginx['enable'] = false
my vhost for apache is based on my vhost for gitlab:
<VirtualHost *:80>
ServerName mattermost.example.com
ServerSignature Off
RewriteEngine on
RewriteCond %{HTTPS} !=on
RewriteRule .* https://%{SERVER_NAME}%{REQUEST_URI} [NE,R,L]
</VirtualHost>
<VirtualHost *:443>
SSLEngine on
SSLProtocol all -SSLv2 -SSLv3
SSLHonorCipherOrder on
SSLCipherSuite "ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:ECDH+3DES:DH+3DES:RSA+AESGCM:RSA+AES:RSA+3DES:!aNULL:!MD5:!DSS"
Header add Strict-Transport-Security: "max-age=15768000;includeSubdomains"
SSLCompression Off
SSLCertificateFile path_to.crt
SSLCertificateKeyFile path_to.key
SSLCertificateChainFile path_to.ca.pem
ServerName mattermost.example.com
ServerSignature Off
ProxyPreserveHost On
# Ensure that encoded slashes are not decoded but left in their encoded state.
# http://doc.gitlab.com/ce/api/projects.html#get-single-project
AllowEncodedSlashes NoDecode
<Location />
Require all granted
ProxyPassReverse http://127.0.0.1:8065
</Location>
RewriteEngine on
RewriteCond %{REQUEST_URI} [-\/\w\.]+\.git\/
RewriteRule .* http://127.0.0.1:8065%{REQUEST_URI} [P,QSA]
RewriteCond %{DOCUMENT_ROOT}/%{REQUEST_FILENAME} !-f [OR]
RewriteCond %{REQUEST_URI} ^/uploads
RewriteRule .* http://127.0.0.1:8065%{REQUEST_URI} [P,QSA]
RequestHeader set X_FORWARDED_PROTO 'https'
RequestHeader set X-Forwarded-Ssl on
DocumentRoot /var/opt/gitlab/mattermost
LogFormat "%{X-Forwarded-For}i %l %u %t \"%r\" %>s %b" common_forwarded
ErrorLog /var/log/apache2/mattermost/mattermost.example.com_error.log
CustomLog /var/log/apache2/mattermost/mattermost.example.com_forwarded.log common_forwarded
CustomLog /var/log/apache2/mattermost/mattermost.example.com_access.log combined env=!dontlog
CustomLog /var/log/apache2/mattermost/mattermost.example.com.log combined
</VirtualHost>
As I read the http://doc.gitlab.com/omnibus/gitlab-mattermost/ docs it seems since I am using the gitlab bundle of mattermost - even with apache proxying it - it should be this simple. But it seems as though I am missing something.
I have tried setting the following in gitlab.rb
but get the same error (sanitized tokens with **):
mattermost['gitlab'] = {'Enable' => true, 'Secret' => "b**5", 'Id' => "1**6", "AuthEndpoint" => \
"http://127.0.0.1:8080/oauth/authorize", "TokenEndpoint" => "http://127.0.0.1:8080/oauth/token", \
"UserApiEndpoint" => "http://127.0.0.1:8080/api/v3/user", "Scope" => "" }
Perhaps I am missing some string for the "scope"?