Debian 8 nginx 502 error

Well I think I could have figured this one out. I'm not using the script but the systemd unit and i set up everything on the same machine, so I'm using localhost or 127.0.0.1 instead of the IPs mentioned in the tutorial.

Assuming you have an additional user (if not create one, add him to the sudo group and add him to the mattermost group) in your sudo group and you are not running as root:

1. Make sure you run the /.platform (for the first testing) as user mattermost and not as root.

2. If you did run the platform as root, stop the service and delete the log file.
   sudo systemctl stop mattermost
sudo rm /opt/mattermost/logs/mattermost.log
   (see GitHub)

3. Give the mattermost user and group their permissions back.
   sudo chown -R mattermost:mattermost /opt/mattermost
sudo chmod -R g+w /opt/mattermost

4. If you were using the script, just disable/delete it.

5. If not already done, setup the systemd unit as described in the docs.
   sudo touch /etc/systemd/system/mattermost.service
sudo vi /etc/systemd/system/mattermost.service
   Copy the following lines into /etc/systemd/system/mattermost.service

   [Unit]
   Description=Mattermost is an open source, self-hosted Slack-alternative
   After=syslog.target network.target

   [Service]
   Type=simple
   User=mattermost
   Group=mattermost
   ExecStart=/opt/mattermost/bin/platform
   PrivateTmp=yes
   WorkingDirectory=/opt/mattermost
   Restart=always
   RestartSec=30
   LimitNOFILE=49152

   [Install]
   WantedBy=multi-user.target
   (just copied this from the docs)

6. sudo systemctl daemon-reload

7. sudo systemctl enable mattermost

8. sudo systemctl start mattermost

9. stop the nginx service
   sudo systemctl stop nginx

10. edit the Mattermost nginx config that it fits your needs; here is mine (with already set up SSL). Please replace YOURDOMAIN with your domain:

    server {
    listen 80;
    server_name YOURDOMAIN;
    return 301 https://$server_name$request_uri;
    }

    server {
    listen 443 ssl;
    server_name YOURDOMAIN;

    ssl on;
    ssl_certificate /etc/letsencrypt/live/*YOURDOMAIN*/fullchain.pem;
    ssl_certificate_key /etc/letsencrypt/live/*YOURDOMAIN*/privkey.pem;
    ssl_session_timeout 5m;
    ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
    ssl_ciphers 'EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH';
    ssl_prefer_server_ciphers on;
    ssl_session_cache shared:SSL:10m;

    location / {
    gzip off;
    proxy_set_header X-Forwarded-Ssl on;
    client_max_body_size 50M;
    proxy_set_header Upgrade $http_upgrade;
    proxy_set_header Connection "upgrade";
    proxy_set_header Host $http_host;
    proxy_set_header X-Real-IP $remote_addr;
    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
    proxy_set_header X-Forwarded-Proto $scheme;
    proxy_set_header X-Frame-Options SAMEORIGIN;
    proxy_pass http://localhost:8065;
    }
    }

11. Start/restart the nginx service and point your browser to your domain.