We are happy to announce that Vesta is back under active development as of 25 February 2024. We are working on v1 candidate and expect to engage more with the community over the coming months. We are committed to open source, and we encourage contributors to help us build the future of Vesta.
VestaCP + Mattermost IP:Port isn't working
-
- Posts: 4
- Joined: Tue Aug 22, 2017 3:06 pm
VestaCP + Mattermost IP:Port isn't working
I have installed mattermost on my VPS with VestaCP already installed. I tried this in Vmware first with the same setup and all worked fine. I was able to access like http://192.168.1.234:8065/ But when installing on my Live server it isn't Working with ip:port.
Any suggestions?
thanks
Any suggestions?
thanks
Re: VestaCP + Mattermost IP:Port isn't working
closed port in firewall ?
-
- Support team
- Posts: 1096
- Joined: Sat Sep 06, 2014 9:58 pm
- Contact:
- Os: Debian 8x
- Web: apache + nginx
Re: VestaCP + Mattermost IP:Port isn't working
Can you post nginx/apache logs and error logs? you will get some clue
Re: VestaCP + Mattermost IP:Port isn't working
I thought I'd do a little necromancing here since I recently fired up mattermost on my vestacp install.
1. add your URL for mattermost in the vestacp panel
2. create a database for mattermost
3. follow the instructions for installing mattermost here (it's dead simple in comparison to similar platforms):
https://docs.mattermost.com/install/install-tar.html
A Few Notes:
Make sure that when following the instructions for installing mattermost, that you set permissions to the appropriate vestacp user. As in the examples:
chown -R admin:admin /opt/mattermost
To run mattermost, an example would be:
sudo -u admin bin/mattermost
Place the following templates in /usr/local/vesta/data/templates/web/nginx
mattermost.tpl
mattermost.stpl
And place these other two templates in /usr/local/vesta/data/templates/web/apache2
mattermost.tpl
mattermost.stpl
Now go back into your web configuration in the vesta admin panel and change both the templates to mattermost and flip on let's encrypt.
1. add your URL for mattermost in the vestacp panel
2. create a database for mattermost
3. follow the instructions for installing mattermost here (it's dead simple in comparison to similar platforms):
https://docs.mattermost.com/install/install-tar.html
A Few Notes:
Make sure that when following the instructions for installing mattermost, that you set permissions to the appropriate vestacp user. As in the examples:
chown -R admin:admin /opt/mattermost
To run mattermost, an example would be:
sudo -u admin bin/mattermost
Place the following templates in /usr/local/vesta/data/templates/web/nginx
mattermost.tpl
Code: Select all
server {
listen 80 default_server;
server_name %domain_idn% %alias_idn%;
error_log /var/log/%web_system%/domains/%domain%.error.log error;
return 301 https://$server_name$request_uri;
}
Code: Select all
upstream backend {
server %ip%:8065;
keepalive 32;
}
# proxy_cache_path /var/cache/nginx levels=1:2 keys_zone=mattermost_cache:10m max_size=3g inactive=120m use_temp_path=off;
server {
listen 443 ssl http2;
server_name %domain_idn% %alias_idn%;
error_log /var/log/%web_system%/domains/%domain%.error.log error;
http2_push_preload on; # Enable HTTP/2 Server Push
# ssl on;
ssl_certificate %ssl_crt%;
ssl_certificate_key %ssl_key%;
ssl_session_timeout 1d;
# Enable TLS versions (TLSv1.3 is required upcoming HTTP/3 QUIC).
ssl_protocols TLSv1.2 TLSv1.3;
# Enable TLSv1.3's 0-RTT. Use $ssl_early_data when reverse proxying to
# prevent replay attacks.
#
# @see: https://nginx.org/en/docs/http/ngx_http_ssl_module.html#ssl_early_data
ssl_early_data on;
ssl_ciphers 'ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384';
ssl_prefer_server_ciphers on;
# ssl_session_cache shared:SSL:50m;
# HSTS (ngx_http_headers_module is required) (15768000 seconds = six months)
add_header Strict-Transport-Security max-age=15768000;
# OCSP Stapling ---
# fetch OCSP records from URL in ssl_certificate and cache them
ssl_stapling on;
ssl_stapling_verify on;
add_header X-Early-Data $tls1_3_early_data;
location ~ /api/v[0-9]+/(users/)?websocket$ {
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
client_max_body_size 50M;
proxy_set_header Host $http_host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Frame-Options SAMEORIGIN;
proxy_buffers 256 16k;
proxy_buffer_size 16k;
client_body_timeout 60;
send_timeout 300;
lingering_timeout 5;
proxy_connect_timeout 90;
proxy_send_timeout 300;
proxy_read_timeout 90s;
proxy_http_version 1.1;
proxy_pass http://backend;
}
location / {
client_max_body_size 50M;
proxy_set_header Connection "";
proxy_set_header Host $http_host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Frame-Options SAMEORIGIN;
proxy_buffers 256 16k;
proxy_buffer_size 16k;
proxy_read_timeout 600s;
# proxy_cache mattermost_cache;
proxy_cache_revalidate on;
proxy_cache_min_uses 2;
proxy_cache_use_stale timeout;
proxy_cache_lock on;
proxy_http_version 1.1;
proxy_pass http://backend;
}
}
# This block is useful for debugging TLS v1.3. Please feel free to remove this
# and use the `$ssl_early_data` variable exposed by NGINX directly should you
# wish to do so.
map $ssl_early_data $tls1_3_early_data {
"~." $ssl_early_data;
default "";
}
And place these other two templates in /usr/local/vesta/data/templates/web/apache2
mattermost.tpl
Code: Select all
<VirtualHost %ip%:%web_port%>
ServerName %domain_idn%
ServerAdmin %email%
ServerAdmin [email protected]
ProxyPreserveHost On
RequestHeader set "X-Forwarded-Proto" expr=%{REQUEST_SCHEME}
RequestHeader set "X-Forwarded-SSL" expr=%{HTTPS}
RewriteEngine On
RewriteCond %{REQUEST_URI} /api/v[0-9]+/(users/)?websocket [NC]
RewriteCond %{HTTP:UPGRADE} ^WebSocket$ [NC,OR]
RewriteCond %{HTTP:CONNECTION} ^Upgrade$ [NC]
RewriteRule .* ws://127.0.0.1:8065%{REQUEST_URI} [P,QSA,L]
<Location />
Require all granted
ProxyPass http://127.0.0.1:8065/
ProxyPassReverse http://127.0.0.1:8065/
ProxyPassReverseCookieDomain 127.0.0.1 %domain_idn%
</Location>
ScriptAlias /cgi-bin/ %home%/%user%/web/%domain%/cgi-bin/
Alias /vstats/ %home%/%user%/web/%domain%/stats/
Alias /error/ %home%/%user%/web/%domain%/document_errors/
#SuexecUserGroup %user% %group%
CustomLog /var/log/%web_system%/domains/%domain%.bytes bytes
CustomLog /var/log/%web_system%/domains/%domain%.log combined
ErrorLog /var/log/%web_system%/domains/%domain%.error.log
<IfModule mod_ruid2.c>
RMode config
RUidGid %user% %group%
RGroups www-data
</IfModule>
<IfModule itk.c>
AssignUserID %user% %group%
</IfModule>
IncludeOptional %home%/%user%/conf/web/%web_system%.%domain%.conf*
</VirtualHost>
Code: Select all
<VirtualHost %ip%:%web_ssl_port%>
ServerName %domain_idn%
ServerAdmin %email%
ProxyPreserveHost On
RequestHeader set "X-Forwarded-Proto" expr=%{REQUEST_SCHEME}
RequestHeader set "X-Forwarded-SSL" expr=%{HTTPS}
RewriteEngine On
RewriteCond %{REQUEST_URI} /api/v[0-9]+/(users/)?websocket [NC]
RewriteCond %{HTTP:UPGRADE} ^WebSocket$ [NC,OR]
RewriteCond %{HTTP:CONNECTION} ^Upgrade$ [NC]
RewriteRule .* ws://127.0.0.1:8065%{REQUEST_URI} [P,QSA,L]
<Location />
Require all granted
ProxyPass http://127.0.0.1:8065/
ProxyPassReverse http://127.0.0.1:8065/
ProxyPassReverseCookieDomain 127.0.0.1 %domain_idn%
</Location>
ScriptAlias /cgi-bin/ %home%/%user%/web/%domain%/cgi-bin/
Alias /vstats/ %home%/%user%/web/%domain%/stats/
Alias /error/ %home%/%user%/web/%domain%/document_errors/
#SuexecUserGroup %user% %group%
CustomLog /var/log/%web_system%/domains/%domain%.bytes bytes
CustomLog /var/log/%web_system%/domains/%domain%.log combined
ErrorLog /var/log/%web_system%/domains/%domain%.error.log
SSLEngine on
SSLVerifyClient none
SSLCertificateFile %ssl_crt%
SSLCertificateKeyFile %ssl_key%
%ssl_ca_str%SSLCertificateChainFile %ssl_ca%
<IfModule mod_ruid2.c>
RMode config
RUidGid %user% %group%
RGroups www-data
</IfModule>
<IfModule itk.c>
AssignUserID %user% %group%
</IfModule>
IncludeOptional %home%/%user%/conf/web/s%web_system%.%domain%.conf*
</VirtualHost>