Mattermost - Token Request Failed when using Gitlab SSO
Our Mattermost server throws a Token Request Failed error whenever a user tries to logon.
[2017/11/23 10:29:53 CET] [EROR] AuthorizeOAuthUser: Token request failed, Post https://mygitlaburl.com/oauth/token: dial tcp: i/o timeout
The server is located behind a Nginx reverse proxy. All the URLs use SSL to connect, including our gitlab.
I can reproduce the error by just doing a logout, clear browser cookies and login again. If a try to login inmediatly after the error, it works and I can log into mattermost without any problem.
Any help would be greatly appreciated.
The requested data:
- Include the omnibus-gitlab package version with: dpkg-query -W gitlab or rpm -q gitlab
gitlab-ce-10.1.3-ce.0.el7.x86_64
2.- Relevant sections of /etc/gitlab/gitlab.rb
(make sure to omit any sections that start with # and passwords)
external_url 'https://mygitlaburl.com' postgresql['enable'] = false redis['enable'] = false logging['logrotate_frequency'] = "daily" # rotate logs daily logging['logrotate_size'] = nil # do not rotate by size by default logging['logrotate_rotate'] = 30 # keep 30 rotated logs logging['logrotate_compress'] = "compress" # see 'man logrotate' logging['logrotate_method'] = "copytruncate" # see 'man logrotate' logging['logrotate_postrotate'] = nil # no postrotate command by default logging['logrotate_dateformat'] = nil # use date extensions for rotated files rather than numbers e.g. a value of "-%Y-%m-%d" would give rotated files like production.log-2016-03-09.gz logrotate['enable'] = true mattermost_external_url 'https://mymattermosturl.com' mattermost['enable'] = true mattermost['service_use_ssl'] = true mattermost['service_address'] = "Mattermost server IP Address" mattermost['service_port'] = "8065" mattermost['service_site_url'] = "https://mymattermosturl.com" mattermost['service_maximum_login_attempts'] = 5 mattermost['service_enable_incoming_webhooks'] = true mattermost['team_site_name'] = "Teams" mattermost['team_max_users_per_team'] = 150 mattermost['team_enable_user_creation'] = true mattermost['team_allow_public_link'] = false mattermost['team_restrict_creation_to_domains'] = '' mattermost['team_restrict_team_names'] = true mattermost['sql_driver_name'] = 'postgres' mattermost['sql_data_source'] = "postgres://mattermost:mypostgrespwd@postgresserver:5432/team?sslmode=disable&connect_timeout=10" mattermost['log_file_directory'] = '/var/log/gitlab/mattermost/' mattermost['log_console_enable'] = true mattermost['log_console_level'] = 'INFO' mattermost['log_enable_file'] = true mattermost['log_file_level'] = 'INFO' mattermost['gitlab_enable'] = true mattermost['gitlab_id'] = "gitlabID" mattermost['gitlab_secret'] = "gitlabSecret" mattermost['gitlab_scope'] = "" mattermost['gitlab_auth_endpoint'] = "https://mygitlaburl.com/oauth/authorize" mattermost['gitlab_token_endpoint'] = "https://mygitlaburl.com/oauth/token" mattermost['gitlab_user_api_endpoint'] = "https://mygitlaburl.com/api/v4/user" mattermost['email_enable_sign_up_with_email'] = false mattermost['email_enable_sign_in_with_email'] = false mattermost['email_enable_sign_in_with_username'] = true mattermost['email_send_email_notifications'] = true mattermost['email_require_email_verification'] = false mattermost['email_smtp_server'] = "smtp server" mattermost['email_smtp_port'] = 25 mattermost['email_connection_security'] = nil mattermost['email_feedback_name'] = "Teams" mattermost['email_feedback_email'] = "teams@foobar.com" mattermost['email_enable_batching'] = true mattermost['file_max_file_size'] = 52428800 mattermost['support_email'] = "alerts@foobar.com" mattermost_nginx['enable'] = true mattermost_nginx['redirect_http_to_https'] = true mattermost_nginx['ssl_certificate'] = "/etc/gitlab/ssl/bundle.crt" mattermost_nginx['ssl_certificate_key'] = "/etc/gitlab/ssl/gitlab.key" mattermost_nginx['ssl_ciphers'] = "ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:RSA+AESGCM:RSA+AES:!aNULL:!MD5:!DSS" mattermost_nginx['ssl_prefer_server_ciphers'] = "on" mattermost_nginx['ssl_protocols'] = "TLSv1.2" mattermost_nginx['ssl_dhparam'] = "/etc/gitlab/ssl/dhparam.pem" mattermost_nginx['proxy_set_headers'] = { "X-Forwarded-Proto" => "https", "X-Forwarded-Ssl" => "on", } mattermost_nginx['real_ip_trusted_addresses'] = [ 'nginxreverseproxyserveripaddress' ] mattermost_nginx['real_ip_header'] = 'X-Real-IP' mattermost_nginx['real_ip_recursive'] = 'on' gitlab_rails['enable'] = false prometheus_monitoring['enable'] = false node_exporter['enable'] = false gitaly['enable'] = false gitlab_monitor['enable'] = false
3.- Whether the problems are caused on a fresh install or an upgrade(Describe the upgrade history)
Not sure
4.- Describe the OS and the system environment GitLab is installed on (Is it a clean VM, is anything else running on it, etc.)
Centos 7 VM with only Gitlab Mattermost installed