Vesta Control Panel - Forum

Posted: **Tue Aug 22, 2017 3:22 pm**

I have installed mattermost on my VPS with VestaCP already installed. I tried this in Vmware first with the same setup and all worked fine. I was able to access like http://192.168.1.234:8065/ But when installing on my Live server it isn't Working with ip:port.

Any suggestions?

thanks

Posted: **Wed Aug 23, 2017 3:17 pm**

closed port in firewall ?

Posted: **Wed Aug 23, 2017 8:25 pm**

Can you post nginx/apache logs and error logs? you will get some clue

Posted: **Tue Jan 31, 2023 9:10 am**

I thought I'd do a little necromancing here since I recently fired up mattermost on my vestacp install.

1. add your URL for mattermost in the vestacp panel
2. create a database for mattermost
3. follow the instructions for installing mattermost here (it's dead simple in comparison to similar platforms):
https://docs.mattermost.com/install/install-tar.html

A Few Notes:
Make sure that when following the instructions for installing mattermost, that you set permissions to the appropriate vestacp user. As in the examples:
chown -R admin:admin /opt/mattermost

To run mattermost, an example would be:
sudo -u admin bin/mattermost

Place the following templates in /usr/local/vesta/data/templates/web/nginx

mattermost.tpl

Code: Select all

server {
  listen 80 default_server;
  server_name  %domain_idn% %alias_idn%;
  error_log  /var/log/%web_system%/domains/%domain%.error.log error;
  return 301 https://$server_name$request_uri;
}

mattermost.stpl

Code: Select all

upstream backend {
   server %ip%:8065;
   keepalive 32;
}

# proxy_cache_path /var/cache/nginx levels=1:2 keys_zone=mattermost_cache:10m max_size=3g inactive=120m use_temp_path=off;

server {
   listen 443 ssl http2;
   server_name  %domain_idn% %alias_idn%;
   error_log  /var/log/%web_system%/domains/%domain%.error.log error;

   http2_push_preload on; # Enable HTTP/2 Server Push

   # ssl on;
   ssl_certificate %ssl_crt%;
   ssl_certificate_key %ssl_key%;
   ssl_session_timeout 1d;

   # Enable TLS versions (TLSv1.3 is required upcoming HTTP/3 QUIC).
   ssl_protocols TLSv1.2 TLSv1.3;

   # Enable TLSv1.3's 0-RTT. Use $ssl_early_data when reverse proxying to
   # prevent replay attacks.
   #
   # @see: https://nginx.org/en/docs/http/ngx_http_ssl_module.html#ssl_early_data
   ssl_early_data on;

   ssl_ciphers 'ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384';
   ssl_prefer_server_ciphers on;
   # ssl_session_cache shared:SSL:50m;
   # HSTS (ngx_http_headers_module is required) (15768000 seconds = six months)
   add_header Strict-Transport-Security max-age=15768000;
   # OCSP Stapling ---
   # fetch OCSP records from URL in ssl_certificate and cache them
   ssl_stapling on;
   ssl_stapling_verify on;

   add_header X-Early-Data $tls1_3_early_data;

   location ~ /api/v[0-9]+/(users/)?websocket$ {
       proxy_set_header Upgrade $http_upgrade;
       proxy_set_header Connection "upgrade";
       client_max_body_size 50M;
       proxy_set_header Host $http_host;
       proxy_set_header X-Real-IP $remote_addr;
       proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
       proxy_set_header X-Forwarded-Proto $scheme;
       proxy_set_header X-Frame-Options SAMEORIGIN;
       proxy_buffers 256 16k;
       proxy_buffer_size 16k;
       client_body_timeout 60;
       send_timeout 300;
       lingering_timeout 5;
       proxy_connect_timeout 90;
       proxy_send_timeout 300;
       proxy_read_timeout 90s;
       proxy_http_version 1.1;
       proxy_pass http://backend;
   }

   location / {
       client_max_body_size 50M;
       proxy_set_header Connection "";
       proxy_set_header Host $http_host;
       proxy_set_header X-Real-IP $remote_addr;
       proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
       proxy_set_header X-Forwarded-Proto $scheme;
       proxy_set_header X-Frame-Options SAMEORIGIN;
       proxy_buffers 256 16k;
       proxy_buffer_size 16k;
       proxy_read_timeout 600s;
       # proxy_cache mattermost_cache;
       proxy_cache_revalidate on;
       proxy_cache_min_uses 2;
       proxy_cache_use_stale timeout;
       proxy_cache_lock on;
       proxy_http_version 1.1;
       proxy_pass http://backend;
   }
}

# This block is useful for debugging TLS v1.3. Please feel free to remove this
# and use the `$ssl_early_data` variable exposed by NGINX directly should you
# wish to do so.
map $ssl_early_data $tls1_3_early_data {
  "~." $ssl_early_data;
  default "";
}

And place these other two templates in /usr/local/vesta/data/templates/web/apache2

mattermost.tpl

Code: Select all

<VirtualHost %ip%:%web_port%>

    ServerName %domain_idn%

    ServerAdmin %email%
    ServerAdmin [email protected]
    ProxyPreserveHost On
    RequestHeader set "X-Forwarded-Proto" expr=%{REQUEST_SCHEME}
    RequestHeader set "X-Forwarded-SSL" expr=%{HTTPS}

    RewriteEngine On
    RewriteCond %{REQUEST_URI} /api/v[0-9]+/(users/)?websocket [NC]
    RewriteCond %{HTTP:UPGRADE} ^WebSocket$ [NC,OR]
    RewriteCond %{HTTP:CONNECTION} ^Upgrade$ [NC]
    RewriteRule .* ws://127.0.0.1:8065%{REQUEST_URI} [P,QSA,L]

    <Location />
        Require all granted
        ProxyPass http://127.0.0.1:8065/
        ProxyPassReverse http://127.0.0.1:8065/
        ProxyPassReverseCookieDomain 127.0.0.1 %domain_idn% 
    </Location>

    ScriptAlias /cgi-bin/ %home%/%user%/web/%domain%/cgi-bin/
    Alias /vstats/ %home%/%user%/web/%domain%/stats/
    Alias /error/ %home%/%user%/web/%domain%/document_errors/

    #SuexecUserGroup %user% %group%
    CustomLog /var/log/%web_system%/domains/%domain%.bytes bytes
    CustomLog /var/log/%web_system%/domains/%domain%.log combined
    ErrorLog /var/log/%web_system%/domains/%domain%.error.log
   
    <IfModule mod_ruid2.c>
        RMode config
        RUidGid %user% %group%
        RGroups www-data
    </IfModule>
    <IfModule itk.c>
        AssignUserID %user% %group%
    </IfModule>

    IncludeOptional %home%/%user%/conf/web/%web_system%.%domain%.conf*

</VirtualHost>

mattermost.stpl

Code: Select all

<VirtualHost %ip%:%web_ssl_port%>

    ServerName %domain_idn%

    ServerAdmin %email%
    ProxyPreserveHost On
    RequestHeader set "X-Forwarded-Proto" expr=%{REQUEST_SCHEME}
    RequestHeader set "X-Forwarded-SSL" expr=%{HTTPS}

    RewriteEngine On
    RewriteCond %{REQUEST_URI} /api/v[0-9]+/(users/)?websocket [NC]
    RewriteCond %{HTTP:UPGRADE} ^WebSocket$ [NC,OR]
    RewriteCond %{HTTP:CONNECTION} ^Upgrade$ [NC]
    RewriteRule .* ws://127.0.0.1:8065%{REQUEST_URI} [P,QSA,L]

    <Location />
        Require all granted
        ProxyPass http://127.0.0.1:8065/
        ProxyPassReverse http://127.0.0.1:8065/
        ProxyPassReverseCookieDomain 127.0.0.1 %domain_idn% 
    </Location>

    ScriptAlias /cgi-bin/ %home%/%user%/web/%domain%/cgi-bin/
    Alias /vstats/ %home%/%user%/web/%domain%/stats/
    Alias /error/ %home%/%user%/web/%domain%/document_errors/
    #SuexecUserGroup %user% %group%
    CustomLog /var/log/%web_system%/domains/%domain%.bytes bytes
    CustomLog /var/log/%web_system%/domains/%domain%.log combined
    ErrorLog /var/log/%web_system%/domains/%domain%.error.log

    SSLEngine on
    SSLVerifyClient none
    SSLCertificateFile %ssl_crt%
    SSLCertificateKeyFile %ssl_key%
    %ssl_ca_str%SSLCertificateChainFile %ssl_ca%

    <IfModule mod_ruid2.c>
        RMode config
        RUidGid %user% %group%
        RGroups www-data
    </IfModule>
    <IfModule itk.c>
        AssignUserID %user% %group%
    </IfModule>

    IncludeOptional %home%/%user%/conf/web/s%web_system%.%domain%.conf*

</VirtualHost>

Now go back into your web configuration in the vesta admin panel and change both the templates to mattermost and flip on let's encrypt.

Vesta Control Panel - Forum

VestaCP + Mattermost IP:Port isn't working

VestaCP + Mattermost IP:Port isn't working

Re: VestaCP + Mattermost IP:Port isn't working

Re: VestaCP + Mattermost IP:Port isn't working

Re: VestaCP + Mattermost IP:Port isn't working