Summary

Android app will connect to the server when the certs are installed but after X amount of time it will stop “connecting” to the server but the app still pushes notifications.

Steps to reproduce

App version: 1.17.0, using Lets Encrypt cert, but not enabling lets encrypt due to corporate network restrictions.

Expected behavior

Certs are accepted in my browser (firefox, chrome, brave, vivaldi) but not on the app on android. After initial installation of certs, the android app will happily connect to the server but afterwards the app will stop connecting but will still push notifications and updates.

Observed behavior

No error messages, just doesn’t update the screens messages. Continually showing the connecting bar and the spinning wheel. I am using a .tk domain if that is an issue.

Hello I am trying to install Jitsi 1.01 plugin on Mattermost server which Is running on Ubuntu 18.4 bionic. I get the following error
Mar 28 12:45:23 lab-mmost1 platform[1032]: {“level”:“error”,“ts”:1553777123.2317631,“caller”:“app/plugin.go:97”,“msg”:“Unable to activate plugin”,“plugin_id”:“jitsi”,“error”:“unable to copy webapp bundle directory: jitsi: stat /opt/mattermost/client/plugins/jitsi/webapp: no such file or directory”,“errorVerbose”:“stat /opt/mattermost/client/plugins/jitsi/webapp: no such file or directory\nunable to copy webapp bundle directory:jitsi\ngithub. com/mattermost /mattermost-server/ plugin.(*Environment).Activate\n\t/go/src/github. com/mattermost/mattermost-serve r/plugin/ environment. go:189\ngithub. com/mattermost/ mattermost-server/app.(*App).SyncPluginsActiveState\n\t/go/src /github.com/mattermost/mattermost-server/app/plugin.go:95\ngithub. com/mattermost /mattermost-server/app.(*App).InitPlugins.func2\n\t/go/src/github. com/mattermost/mattermost-server/app /plugin.go:172\ngithub. com/mattermost/ mattermost-server/app.(*Server).InvokeConfigListeners\n\t/go/src/github.com/mattermost/mattermost-server/app/config.go:169\ngithub. com/mattermost/mattermost-server/app. (*Server).UpdateConfig\n\t/go/src/github.com/mattermost/ mattermost-server/app/config.go:58\ngithub. com/mattermost/mattermost-server /app.(*App).UpdateConfig\n\t/go/src/github. com/mattermost/mattermost-server/app/config.go:62\ngithub. com/mattermost/mattermost-server/app.(*App).EnablePlugin\n\t/go/src/github.com/mattermost/mattermost-server/app/plugin.go:245\ngithub. com/mattermost/mattermost-server/api4.enablePlugin\n\t/go/src/github.com/mattermost/mattermost-server/api4/plugin.go:187\ngithub. com/mattermost/mattermost-server/web.Handler.ServeHTTP\n\t/go/src/github. com/mattermost/mattermost-server/web/handlers.go:151\ngithub. com/mattermost/mattermost-server/web.(*Handler).ServeHTTP\n\t:1\ngithub. com/mattermost/mattermost-server/vendor/github. com/gorilla/mux.(*Router).ServeHTTP\n\t/go/src/github. com/mattermost/mattermost-server/vendor/github. com/gorilla/mux/mux.go:162\ngithub. com/mattermost/mattermost-server/vendor/github.com/gorilla/handlers.recoveryHandler.ServeHTTP\n\t/go/src/github.com/mattermost/mattermost-server/vendor/github.com/gorilla/handlers/recovery.go:78\ngithub. com/mattermost/mattermost-server/vendor/github.com/gorilla/handlers.(*recoveryHandler).ServeHTTP\n\t:1\nnet/http.serverHandler.ServeHTTP\n\t/usr/local/go/src/net/http/server.go:2741\nnet/http.(*conn).serve\n\t/usr/local/go/src/net/http/server.go:1847\nruntime.goexit\n\t/usr/local/go/src/runtime/asm_amd64.s:1333”}

I have Jitse-meet local server with Self Sign SSL certificate. This works fine when I try to access through the web https://jitsi.mylab.corp

Struggling with integrating the plugin with Mattermost.

Kindly let me know where am I going wrong with this.

Kind regards
Mohammad

Hi @that1guy,

Please take a look at our troubleshooting docs here:

• https://docs.mattermost.com/mobile/mobile-troubleshoot.html#i-see-a-connecting-bar-that-does-not-go-away
• https://docs.mattermost.com/mobile/mobile-troubleshoot.html#i-keep-getting-a-message-cannot-connect-to-the-server-please-check-your-server-url-and-internet-connection

it would be awesome if this feature will be addded into mattermost

Summary

Mattermost shows error “Bad response from token request” while thying to authenticate through Gitlab

Steps to reproduce

Install gitlab 11.8.0-rc8 from source on one server, install latest Mattermost on another. Configure them accordind to the guides, try to login with Gitlab

Expected behavior

Succesfull authentication in mattermost with Gitlab user account.

Observed behavior

We have Gitlab 11.8.0-rc8 installed from source on one server, and stand-alone Mattermost 5.9.0 on another. Both are configured according to the Mattermost documentation. But when i press “Sign in with Gitlab” button i at first i’m redirected to Gitlab, grant authorization there, and after that i see an error screen "Bad response from token request."

Gitlab logs:

production.log

Started GET "/oauth/authorize?response_type=code&client_id=1de458ac4703d588f50f86dc2fbe2193a97cd12468dcc402a825b6ba8b057cb0&redirect_uri=<MATTERMOST URL>%2Fsignup%2Fgitlab%2Fcomplete&state=eyJhY3Rpb24iOiJsb2dpbiIsInRva2VuIjoic3FjZGQ1Ymc0cHJ1ZHpjN3Nrb2pnaXp5c2NqZmFpbWJmZnByZDExaHBvNDFob3h1ZXczZHN4cHR5cHdwcG0zciJ9" for 127.0.0.1 at 2019-03-27 20:19:46 +0300
Processing by Oauth::AuthorizationsController#new as HTML
  Parameters: {"response_type"=>"code", "client_id"=>"1de458ac4703d588f50f86dc2fbe2193a97cd12468dcc402a825b6ba8b057cb0", "redirect_uri"=>"<MATTERMOST URL>/signup/gitlab/complete", "state"=>"eyJhY3Rpb24iOiJsb2dpbiIsInRva2VuIjoic3FjZGQ1Ymc0cHJ1ZHpjN3Nrb2pnaXp5c2NqZmFpbWJmZnByZDExaHBvNDFob3h1ZXczZHN4cHR5cHdwcG0zciJ9"}
Completed 200 OK in 27ms (Views: 19.2ms | ActiveRecord: 1.9ms)
Started GET "/oauth/undefined" for 127.0.0.1 at 2019-03-27 20:19:47 +0300
Processing by ApplicationController#route_not_found as */*
  Parameters: {"unmatched_route"=>"oauth/undefined"}
Completed 404 Not Found in 11ms (Views: 1.4ms | ActiveRecord: 1.2ms)

Started POST "/oauth/authorize" for 127.0.0.1 at 2019-03-27 20:19:48 +0300
Processing by Oauth::AuthorizationsController#create as HTML
  Parameters: {"utf8"=>"✓", "authenticity_token"=>"[FILTERED]", "client_id"=>"1de458ac4703d588f50f86dc2fbe2193a97cd12468dcc402a825b6ba8b057cb0", "redirect_uri"=>"<MATTERMOST URL>//signup/gitlab/complete", "state"=>"eyJhY3Rpb24iOiJsb2dpbiIsInRva2VuIjoic3FjZGQ1Ymc0cHJ1ZHpjN3Nrb2pnaXp5c2NqZmFpbWJmZnByZDExaHBvNDFob3h1ZXczZHN4cHR5cHdwcG0zciJ9", "response_type"=>"code", "scope"=>"api", "nonce"=>""}
Redirected to <MATTERMOST URL>//signup/gitlab/complete?code=9934b277d8481b166c3320b359f7cbfc95ab97cd857b248781bc96a4b905406c&state=eyJhY3Rpb24iOiJsb2dpbiIsInRva2VuIjoic3FjZGQ1Ymc0cHJ1ZHpjN3Nrb2pnaXp5c2NqZmFpbWJmZnByZDExaHBvNDFob3h1ZXczZHN4cHR5cHdwcG0zciJ9
Completed 302 Found in 9ms (ActiveRecord: 1.6ms)
Started POST "/oauth/token" for 127.0.0.1 at 2019-03-27 20:19:48 +0300
Processing by Doorkeeper::TokensController#create as JSON
  Parameters: {"client_id"=>"1de458ac4703d588f50f86dc2fbe2193a97cd12468dcc402a825b6ba8b057cb0", "client_secret"=>"[FILTERED]", "code"=>"[FILTERED]", "grant_type"=>"authorization_code", "redirect_uri"=>"https://backend/signup/gitlab/complete"}
Completed 401 Unauthorized in 2ms

production_json.log

{
  "method": "GET",
  "path": "/oauth/authorize",
  "format": "html",
  "controller": "Oauth::AuthorizationsController",
  "action": "new",
  "status": 200,
  "duration": 30.04,
  "view": 22.19,
  "db": 1.93,
  "time": "2019-03-28T08:53:28.170Z",
  "params": [
    {
      "key": "response_type",
      "value": "code"
    },
    {
      "key": "client_id",
      "value": "1de458ac4703d588f50f86dc2fbe2193a97cd12468dcc402a825b6ba8b057cb0"
    },
    {
      "key": "redirect_uri",
      "value": "<MATTERMOST URL>//signup/gitlab/complete"
    },
    {
      "key": "state",
      "value": "eyJhY3Rpb24iOiJsb2dpbiIsInRva2VuIjoiYXc1ZThlZDYzZTMxNzFuZzdkdTZyNGFwamc3Y294NGpnZnR0c3NteXp5cnFhZXhiOHB6OXFpbzlodGVpa3lyNCJ9"
    }
  ],
  "remote_ip": null,
  "user_id": null,
  "username": null,
  "ua": null,
  "correlation_id": "AcjHeW1h94"
}
{
  "method": "GET",
  "path": "/oauth/undefined",
  "format": "*/*",
  "controller": "ApplicationController",
  "action": "route_not_found",
  "status": 404,
  "duration": 11.11,
  "view": 1.11,
  "db": 2.04,
  "time": "2019-03-28T08:53:28.582Z",
  "params": [
    {
      "key": "unmatched_route",
      "value": "oauth/undefined"
    }
  ],
  "remote_ip": "10.10.1.56",
  "user_id": 84,
  "username": "XXXXX",
  "ua": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:66.0) Gecko/20100101 Firefox/66.0",
  "correlation_id": "A2JdMpVsB13"
}
{
  "method": "POST",
  "path": "/oauth/authorize",
  "format": "html",
  "controller": "Oauth::AuthorizationsController",
  "action": "create",
  "status": 302,
  "duration": 10.07,
  "view": 0,
  "db": 2.07,
  "location": "<MATTERMOST URL>//signup/gitlab/complete",
  "time": "2019-03-28T08:53:29.386Z",
  "params": [
    {
      "key": "utf8",
      "value": "✓"
    },
    {
      "key": "authenticity_token",
      "value": "[FILTERED]"
    },
    {
      "key": "client_id",
      "value": "1de458ac4703d588f50f86dc2fbe2193a97cd12468dcc402a825b6ba8b057cb0"
    },
    {
      "key": "redirect_uri",
      "value": "<MATTERMOST URL>/signup/gitlab/complete"
    },
    {
      "key": "state",
      "value": "eyJhY3Rpb24iOiJsb2dpbiIsInRva2VuIjoiYXc1ZThlZDYzZTMxNzFuZzdkdTZyNGFwamc3Y294NGpnZnR0c3NteXp5cnFhZXhiOHB6OXFpbzlodGVpa3lyNCJ9"
    },
    {
      "key": "response_type",
      "value": "code"
    },
    {
      "key": "scope",
      "value": "api"
    },
    {
      "key": "nonce",
      "value": ""
    }
  ],
  "remote_ip": null,
  "user_id": null,
  "username": null,
  "ua": null,
  "correlation_id": "r2jixRPrzJ3"
}
{
  "method": "POST",
  "path": "/oauth/token",
  "format": "json",
  "controller": "Doorkeeper::TokensController",
  "action": "create",
  "status": 401,
  "duration": 3.4,
  "view": 0,
  "time": "2019-03-28T08:53:29.431Z",
  "params": [
    {
      "key": "client_id",
      "value": "1de458ac4703d588f50f86dc2fbe2193a97cd12468dcc402a825b6ba8b057cb0"
    },
    {
      "key": "client_secret",
      "value": "[FILTERED]"
    },
    {
      "key": "code",
      "value": "[FILTERED]"
    },
    {
      "key": "grant_type",
      "value": "authorization_code"
    },
    {
      "key": "redirect_uri",
      "value": "https://backend/signup/gitlab/complete"
    }
  ],
  "remote_ip": null,
  "user_id": null,
  "username": null,
  "ua": null,
  "correlation_id": "1qErLiNqBZ6"
}

Hello everyone,

my Mattermost Instances are working well, but I found out that they produce a lot of erros in my nginx error logs. Most of thesse are messages state that the connection was refused and they refer to requests the uri /api/v4/users/status/ids.
To give you an impression:
2019/03/29 14:48:23 [error] 14213#14213: *3559 connect() failed (111: Connection refused) while connecting to upstream, client: some ip address , server: mysecondomain, request: "POST /api/v4/users/status/ids HTTP/2.0", upstream: "http://[::1]:8066/api/v4/users/status/ids", host: "mysecondomain"
2019/03/29 14:48:52 [error] 14213#14213: *1476 connect() failed (111: Connection refused) while connecting to upstream, client: some ip address , server: myfirstdomain, request: "POST /api/v4/users/status/ids HTTP/2.0", upstream: "http://[::1]:8065/api/v4/users/status/ids", host: "myfirstdomain"
2019/03/29 14:49:20 [error] 14213#14213: *3559 connect() failed (111: Connection refused) while connecting to upstream, client: some ip address , server: mysecondomain, request: "POST /api/v4/users/status/ids HTTP/2.0", upstream: "http://[::1]:8066/api/v4/users/status/ids", host: "mysecondomain"
2019/03/29 14:49:20 [error] 14213#14213: *3562 connect() failed (111: Connection refused) while connecting to upstream, client: some ip address , server: myfirstdomain, request: "POST /api/v4/users/status/ids HTTP/2.0", upstream: "http://[::1]:8065/api/v4/users/status/ids", host: "myfirstdomain"
2019/03/29 14:49:52 [error] 14213#14213: *1476 connect() failed (111: Connection refused) while connecting to upstream, client: some ip address , server: myfirstdomain, request: "POST /api/v4/users/status/ids HTTP/2.0", upstream: "http://[::1]:8065/api/v4/users/status/ids", host: "myfirstdomain"

I’m using Mattermost 5.9, Ubuntu 18.04.02 and my nginx version is 1.15.10.
I do not see anything peculiar in my Mattermost logs on the INFO level. They look fine.

Maybe it is related to my nginx configuration file. Here it is

upstream backend {
       server localhost:8065;
       keepalive 32;
    }

proxy_cache_path /var/cache/nginx levels=1:2 keys_zone=mattermost_cache:10m max_size=3g inactive=120m use_temp_path=off;

server {
   listen 80 default_server;
   listen [::]:80 default_server;
   server_name chat.myfirstdomain.com;
   return 301 https://$server_name$request_uri;
}

server {
  listen 443 ssl http2;
  listen [::]:443 ssl http2;
  server_name  chat.myfirstdomain.com;

  ssl_certificate /path/to/certificate/chat.myfirstdomain.com/fullchain.pem;
  ssl_certificate_key /path/to/certificate/chat.myfirstdomain.com/privkey.pem;

  ssl_session_timeout 1d;
  ssl_protocols TLSv1.2 TLSv1.3;

  ssl_ciphers 'a list with my ciphers';
  ssl_dhparam /path/to/dhparams.pem;
  ssl_ecdh_curve secp521r1:secp384r1:prime256v1;


  ssl_prefer_server_ciphers on;
  ssl_session_cache shared:SSL:50m;
  ssl_session_tickets off;
  ssl_trusted_certificate /path/to/certificate/chat.myfirstdomain.com/ca.pem;
  add_header Strict-Transport-Security "max-age=15768000; includeSubdomains;";

  ssl_stapling on;
  ssl_stapling_verify on;

   location ~ /api/v[0-9]+/(users/)?websocket$ {
       proxy_set_header Upgrade $http_upgrade;
       proxy_set_header Connection "upgrade";
       client_max_body_size 50M;
       proxy_set_header Host $http_host;
       proxy_set_header X-Real-IP $remote_addr;
       proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
       proxy_set_header X-Forwarded-Proto $scheme;
       proxy_set_header X-Frame-Options SAMEORIGIN;
       proxy_buffers 256 16k;
       proxy_buffer_size 16k;
       client_body_timeout 60;
       send_timeout 300;
       lingering_timeout 5;
       lingering_timeout 5;
       proxy_connect_timeout 90;
       proxy_send_timeout 300;
       proxy_read_timeout 90s;
       proxy_pass http://backend;
   }

   location / {
       client_max_body_size 50M;
       proxy_set_header Connection "";
       proxy_set_header Host $http_host;
       proxy_set_header X-Real-IP $remote_addr;
       proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
       proxy_set_header X-Forwarded-Proto $scheme;
       proxy_set_header X-Frame-Options SAMEORIGIN;
       proxy_buffers 256 16k;
       proxy_buffer_size 16k;
       proxy_read_timeout 600s;
       proxy_cache mattermost_cache;
       proxy_cache_revalidate on;
       proxy_cache_min_uses 2;
       proxy_cache_use_stale timeout;
       proxy_cache_lock on;
       proxy_http_version 1.1;
       proxy_pass http://backend;
   }
}

Does anyone have the same problems with his/her Mattermost Instance? I would like to stress, that my instances are working without any troubles. Does anyone have an idea why these error messages are created? And what I can do to avoid them?

Thank you very much!
Nils

Hi Nils,

If your Mattermost server is on a different machine from the Nginx proxy server you’ll need to change the Nginx config to point to that machine. For example:

upstream backend {
       server <Mattermost Server IP>:8065;
       keepalive 32;
}

Hi netgineer,

In this forum post they suggested this fix:

I also experienced this problem when switching my HTTP Gitlab instance over to HTTPS. I had to update my /etc/gitlab.gitlab-secrets.json to use HTTPS for the *_endpoint parameters. I don’t think Mattermost will follow the 302 on the token request if you’re redirecting HTTP to HTTPS. (and rightfully so)

Did you try that?

I seen in mattermost main Server There is one default Team which people Join when they sign up.

I just wanted to know how to set a defualt Team and disable Team creation for New user.

Go to Team settings > Find Option " * Allow any user with an account on this server to join this team" Than Click Yes.

Now Any user who Sign UP Will See an option to Join Your Team.

Hi, I am new here! Can somebody tell me if there is a german version / tutorial in german ?
Thank you for your answer…

For feature requests, please see: http://www.mattermost.org/feature-requests/.

For troubleshooting questions, please post in the following format:

Summary

When trying to sign-in to Mattermost through Gitlab, I get the Token Request Failed error.

Steps to reproduce

Bring up Mattermost login page.
Click Sign in with Gitlab button.
Click Authorize button on Gitlab page.
Receive error.

Expected behavior

Mattermost account created after authorization.

Observed behavior

We have a Docker swarm which runs Gitlab and we are trying to add Mattermost. We do not want to run Mattermost inside the Gitlab Omnibus config and are instead running the official mattermost/mattermost-prod-app:5.9.0 image.

We use traefik as our reverse proxy and I have certs created from our company’s CA.

I am able to bring up Mattermost over https fine at https://[mattermost-host]:8000.

But when trying to sign in through Gitlab which is also in the Swarm, it fails and the logs show:
{“level”:“error”,“ts”:1553976776.5173821,“caller”:“api4/oauth.go:493”,“msg”:“AuthorizeOAuthUser: Token request failed, Post https://[gitlab-url]/oauth/token: x509: certificate signed by unknown authority”}

The certs I have for mattermost include our CA’s root certs. I’m assuming I have to add the root certs to the trust store - but not sure if this needs to be done in the mattermost container or traefik. I cannot edit the ca-certs in the mattermost container anyway.

Its Just suck using third party intregation like Jitsi and Bigbluebutton

They basically send you to there website and add you and in case of Jitsi you need there app.if using mobile device.
and In mattermost app you basically see a msg but cant Join from there.you need login from browser and than Join.

Is there any way to get Video calling without any of this bullshit a simple video call one on one.

You could use https://github.com/Kopano-dev/mattermost-plugin-kopanowebmeetings which offers integrated one to one calling, but as far as I know the Plugin framework is dedicated to the Web UI and therefore plugins are unavailable in the mobile UI.

This is still broken, 3.5 years later. Are there plans for Mattermost to fix this? Pulling up the invitation link from the team web interface shows https, so clearly the system knows that its address should be https.

Summary

Block users changing account info

Steps to reproduce

Users can change user info via their Account Settings page

Expected behavior

Ability for Admins to stop this ability - so that naming conventions are not interfered with.

Observed behavior

Currently - free access for general users to change info at will.

Hi @alfonsodib,

You can go to Main Menu > Account Settings > Display > Language, and then choose German language from the drop-down. Does this help?

Hi @dduffy,

Would you be open to sharing this idea on our feature request forum here: https://mattermost.uservoice.com/forums/306457-general?

Also, if you see usernames that don’t fit to naming conventions, you can update user information via, e.g. API: https://api.mattermost.com/#tag/users%2Fpaths%2F~1users~1{user_id}%2Fput?

Thank you, the issue was that the cert chain was “incomplete”. Mattermost I guess required me to use the “full-cert-chain.pem” instead of just the “cert.pem”. So it worked in everything except the mobile app. Weird but it’s fixed. Thanks.

@vibhi, to comment about need to protect private information: note that Mattermost does not support end-to-end encryption for files nor messages. After verifying the identify of the server (via TLS), Mattermost assumes the user trusts the administrators running that server, as is often the case in workplace environments.

There’s some discussion about this feature request at https://mattermost.uservoice.com/forums/306457-general/suggestions/36662833-end-to-end-e2e-encryption-support.