Mattermost Apache config example

mattermost.conf

<VirtualHost *:80>
        ServerName mattermost.example.org
        ServerAdmin webmaster@example.org

        ErrorLog ${APACHE_LOG_DIR}/mattermost-error.log
        CustomLog ${APACHE_LOG_DIR}/mattermost-access.log combined

        # Enforce HTTPS:
        RewriteEngine On
        RewriteCond %{HTTPS} !=on
        RewriteRule ^/?(.*) https://%{SERVER_NAME}/$1 [R,L]
</VirtualHost>

<VirtualHost *:443>
        SSLEngine on
        ServerName mattermost.example.org
        ServerAdmin webmaster@example.org

        ErrorLog ${APACHE_LOG_DIR}/mattermost-error.log
        CustomLog ${APACHE_LOG_DIR}mattermost-access.log combined

        RewriteEngine On
        RewriteCond %{REQUEST_URI} ^/api/v[0-9]+/(users/)?websocket [NC,OR]
        RewriteCond %{HTTP:UPGRADE} ^WebSocket$ [NC,OR]
        RewriteCond %{HTTP:CONNECTION} ^Upgrade$ [NC]
        RewriteRule .* ws://127.0.0.1:8065%{REQUEST_URI} [P,QSA,L]
        RewriteCond %{DOCUMENT_ROOT}/%{REQUEST_FILENAME} !-f
        RewriteRule .* http://127.0.0.1:8065%{REQUEST_URI} [P,QSA,L]
        RequestHeader set X-Forwarded-Proto "https"
        
        RequestHeader unset If-Modified-Since
        RequestHeader unset If-None-Match

        <LocationMatch "/api/(?<version>v[0-9]+)/(?<users>users/)?websocket$">
                Require all granted
                ProxyPassReverse ws://127.0.0.1:8065/api/v%{env:MATCH_VERSION}/%{env:MATCH_USERS}websocket
                ProxyPassReverseCookieDomain 127.0.0.1 mattermost.example.org
        </LocationMatch>
        <Location />
                Require all granted
                ProxyPassReverse http://127.0.0.1:8065/
                ProxyPassReverseCookieDomain 127.0.0.1 mattermost.example.org
        </Location>
        
        ProxyPreserveHost On
        ProxyRequests Off
</VirtualHost>

I'm getting apaches 500 error page an nothing in the logs except:

[proxy:warn] AH01144: No protocol handler was valid for the URL /. If you are using a DSO version of mod_proxy, make sure the proxy submodules are included in the configuration using LoadModule.

I'm sure Julian has fixed his issue, but in case anyone else is wondering, "proxy submodules" is the critical phrase here. On Debian Jessie, activating module proxy_http was sufficient.

sudo a2enmod proxy_http should do the trick for those in a similar situation.

rewrite, proxy, proxy_http and proxy_wstunnel are needed (a2enmod).

New LocationMatch directive should now support newer protocol versions .

Documentation got recently posted at mattermost/docs#1114 (comment)

gitlab is now shipped with Mattermost v4 and just changing api urls doesn't seem to be enough.

I get this king of error :

  [2017/07/24 14:30:11 CEST] [EROR] websocket connect err: websocket: origin not allowed
  [2017/07/24 14:30:11 CEST] [EROR] /api/v4/websocket:connect code=500 rid=u9g35wy34b8xb86j3def4smejy uid=7ppr67oe6ibk7pwgkcagbtyg3o ip=https, XX.XX.XX.XX Failed to upgrade websocket connection [details: ]

Sorry it's perfect

I had a header directive which broke everything

is there any specific reason for the Api Version in line "RewriteCond %{REQUEST_URI} ^/api/v1/websocket [NC,OR]" ?
Why not v3, or v4 or a RegEx?
Should i change this manually from version to version of mattermost?

is there any specific reason for the Api Version in line "RewriteCond %{REQUEST_URI} ^/api/v1/websocket [NC,OR]" ?
Why not v3, or v4 or a RegEx?
Should i change this manually from version to version of mattermost?

It always worked for me. I updated the regex with a numeric match to any version anyway. The ProxyPassReverse path also lacked a "v" before the version number, but this never seemed to be a problem.

This config now closely resembles the unofficial apache config in the Mattermost docs.