Quantcast
Channel: Mattermost Discussion Forums - Latest posts
Viewing all articles
Browse latest Browse all 25778

Changing from HTTP to HTTPS results in ERR_CONNECTION_REFUSED for both Mattermost & GitLab

$
0
0

I've put together a rough tutorial to help anyone else who's stuck:

Setting up GitLab Mattermost with Let's Encrypt

This guide assumes you've already installed GitLab along with GitLab Mattermost.

The first step is to switch to the root user as you need to run Let's Encrypt as root:

sudi -i

Clone Let's Encrypt

cd /root  
git clone https://github.com/letsencrypt/letsencrypt

Create a mattermost.ini

Make sure you're still in /root, and run the following:

mkdir letsencrypt-config
nano letsencrypt-config/mattermost.ini

Paste the following in to this configuration file:

# Let's Encrypt config for Mattermost

# Use the webroot authenticator
authenticator = webroot
webroot-path = /var/www/letsencrypt

# Use the standalone authenticator on port 443
# authenticator = standalone
# standalone-supported-challenges = tls-sni-01

# Generate certificates for the specified domain
domains = chat.yourdomain.com

# Register with the specified email address
email = youremail@yourdomain.com

# use a 4096 bit RSA key instead of 2048
rsa-key-size = 4096

Create the folder where authentication files will reside

mkdir -p /var/www/letsencrypt

Update gitlab.rb to alias chat.yourdomain.com/.well-known/ to /var/www/letsencrypt/

Edit your gitlab.rb:

nano /etc/gitlab/gitlab.rb

And add the following line:

mattermost_nginx['custom_gitlab_mattermost_server_config'] = "location ^~ /.well-known {\n alias /var/www/letsencrypt/.well-known;\n}\n"

Reconfigure GitLab to initialize the new setting:

gitlab-ctl reconfigure

Generate the Certificates

/root/letsencrypt/letsencrypt-auto certonly -c /root/letsencrypt-config/mattermost.ini

Update gitlab.rb to reflect live HTTPS settings

nano /etc/gitlab/gitlab.rb

Make the following changes:

mattermost_external_url 'https://chat.yourdomain.com'
mattermost['service_use_ssl'] = true
mattermost_nginx['redirect_http_to_https'] = true
mattermost_nginx['ssl_certificate'] = "/etc/letsencrypt/live/chat.yourdomain.com/fullchain.pem"
mattermost_nginx['ssl_certificate_key'] = "/etc/letsencrypt/live/chat.yourdomain.com/privkey.pem"

Then run:

gitlab-ctl reconfigure

Set up a cron job to auto update the certificates

nano /etc/cron.monthly/renew-ssl-certificates

Add the following:

#!/bin/bash

/root/.local/share/letsencrypt/bin/letsencrypt certonly -c /root/letsencrypt-config/mattermost.ini --renew-by-default

gitlab-ctl restart

And you're done!


Viewing all articles
Browse latest Browse all 25778

Trending Articles



<script src="https://jsc.adskeeper.com/r/s/rssing.com.1596347.js" async> </script>