https redirect block not being created for mattermost on nginx
These are the settings I have enabled so far (some of them don't appear in the docs and I've taken them from ginx-gitlab-mattermost-http.conf.erb I followed mostly the documentation from here
mattermost_external_url 'http://matter.example.com'
mattermost['enable'] = true
mattermost_nginx['redirect_http_to_https'] = true
mattermost_nginx['redirect_http_to_https_port'] = 80
mattermost_nginx['listen_port'] = 443
mattermost_nginx['https'] = true
mattermost_nginx['enable'] = true
mattermost_nginx['ssl_certificate'] = "/etc/gitlab/ssl/elbrus.example.com.crt"
mattermost_nginx['ssl_certificate_key'] = "/etc/gitlab/ssl/elbrus.example.com.key"
The problem is that in gitlab-mattermost-http.conf there's no redirect block
# This file is managed by gitlab-ctl. Manual changes will be
# erased! To change the contents below, edit /etc/gitlab/gitlab.rb
# and run `sudo gitlab-ctl reconfigure`.
## GitLab Mattermost
upstream gitlab_mattermost {
server 127.0.0.1:8065;
}
server {
listen *:443;
server_name matter.example.com;
server_tokens off; # don't show the version number, a security best practice
client_max_body_size 0;
## Real IP Module Config
## http://nginx.org/en/docs/http/ngx_http_realip_module.html
add_header Referrer-Policy strict-origin-when-cross-origin;
access_log /var/log/gitlab/nginx/gitlab_mattermost_access.log gitlab_mattermost_access;
error_log /var/log/gitlab/nginx/gitlab_mattermost_error.log;
location / {
## If you use HTTPS make sure you disable gzip compression
## to be safe against BREACH attack.
proxy_read_timeout 3600;
proxy_connect_timeout 300;
proxy_redirect off;
proxy_set_header Host $http_host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto http;
proxy_set_header X-Frame-Options SAMEORIGIN;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection $connection_upgrade;
proxy_pass http://gitlab_mattermost;
}
}
At this point I am yet to test more the mattermost setup because first I wanted to resolve this issue (so there might be other omissions in this area)