I am trying to get SSO for mattermost from gitlab working in the Omnibus installation. Any ideas on how to troubleshoot would be greatly appreciated.
Setup
I have the Omnibus package installed in an lxc container running Ubuntu 16.04 with traffic from the internet routed through nginx running in another container. I'm terminating the ssl connections in the nginx container where the certs are, and then forwarding traffic to the gitlab lxc container via server configurations for each of my gitlab and mattermost urls.
The Problem
When I click the sign in with gitlab button it takes me to the authorization url, but then when I click authorize, I get:
Token request failed
and in /var/log/gitlab/mattermost/mattermost.log
, I get:
[2017/01/13 22:36:08 UTC] [EROR] websocket connect err: websocket: could not find connection header with token 'upgrade'
[2017/01/13 22:36:08 UTC] [EROR] /api/v3/users/websocket:connect code=500 rid=ojqur6wyubybmqyhegpptbmwey uid= ip=76.90.41.133, 10.29.248.10 Failed to upgrade websocket connection [details: ]
[2017/01/13 22:37:28 UTC] [EROR] SMTP server settings do not appear to be configured properly err=Failed to open connection details=dial tcp :0: getsockopt: connection refused
[2017/01/13 22:37:45 UTC] [EROR] /signup/gitlab/complete:AuthorizeOAuthUser code=500 rid=i9eat3i7e7gjjpxddnp168oj9c uid= ip=76.90.41.133, 10.29.248.10 Token request failed [details: Post https://git.calebeverett.io:80/oauth/token: dial tcp 45.79.111.122:80: getsockopt: connection refused]
What is odd to me is that initial request to https://git.calebeverett.io/oauth/authorize
was successful.
Configuration Settings
mattermost_nginx['listen_port'] = 8081
mattermost_nginx['listen_https'] = false
mattermost_nginx['proxy_set_headers'] = {
"Host" => "$http_host",
"X-Real-IP" => "$remote_addr",
"X-Forwarded-For" => "$proxy_add_x_forwarded_for",
"X-Frame-Options" => "SAMEORIGIN",
"X-Forwarded-Proto" => "https",
"X-Forwarded-Ssl" => "on",
"Upgrade" => "$http_upgrade",
"Connection" => "$connection_upgrade"
}
and here are the nginx
settings:
nginx['listen_port'] = 80
nginx['listen_https'] = false
nginx['proxy_set_headers'] = {
"X-Forwarded-Proto" => "https",
"X-Forwarded-Ssl" => "on",
}
Resources
Documentation
Gitlab-Mattermost Docs
SSO documentation
Other Posts
Hi there,
First of all thank you for creating this project and I'm even more stoked that it integrates with Gitlab making it much easier to get it adopted in the organisation that's already using Gitlab.
Now my frontend servers use HSTS header so all things that run off them, run on https off a wildcard certificate. I've used your draft notes to configure mattermost (0.7.1 precompiled binary) with Gitlab SSO and it's working a treat.
The only hitch that I noticed was that when mattermost c…