Mattermost-server: Reverse proxy : Public links in HTTP instead of HTTPS

Created on 31 Mar 2020  ·  9Comments  ·  Source: mattermost/mattermost-server

Summary

Public links are in HTTP instead of HTTPS

Steps to reproduce

  • Install Mattermost Without TLS
  • make the app secured with a dedicated linux box, reverse proxy with TLS
  • configure the site url with HTTPS in system console
  • In System console, enable public links
  • Access your instance with secure URL: [https]://my.matter.most/my_team/channels/my_channel
  • post a message with an attachment
  • click to preview the attachment
  • click on “get the public link”

Expected behavior

Public link should be : [https]://my.public.link

Observed behavior (that appears unintentional)

public link is : [http]://my.public.link.

Possible fixes

I don't know where is the code involved in this but I saw a discussion about public links that said there was created with request Header (https://github.com/mattermost/mattermost-server/issues/8739#issuecomment-387451051)
so I configured Mattermost to work with TLS in system console and "voilà" ! public links are now created with "HTTPS" before hostname and domain name.

picture Pafzedog

All 9 comments

@Pafzedog What Mattermost server version are you on?

amyblais picture amyblais on 31 Mar 2020

@amyblais Version: 5.21.0

Pafzedog picture Pafzedog on 31 Mar 2020

Hi @Pafzedog, as you have accurately pointed out, we construct the URL from the Host header as it is more robust in situations where Mattermost is deployed behind a proxy.

Are you sure your reverse proxy is setting the X-Forwarded-Proto to https correctly ?

agnivade picture agnivade on 1 Apr 2020
👍1

Hi @agnivade , you are propably right, I'm actually forced to use Apache in place of Nginx for the proxy thing and I think this directive is missing in the unofficial documentation here

something like :

RequestHeader set "X-Forwarded-Proto" expr=%{REQUEST_SCHEME}
RequestHeader set "X-Forwarded-SSL" expr=%{HTTPS}

with mod_headers enabled

Pafzedog picture Pafzedog on 2 Apr 2020

I believe that's right @Pafzedog. Would you be open to send a PR to rectify that ?

agnivade picture agnivade on 2 Apr 2020

Hi @agnivade , for now I can't test it because server is in prod but I'll try to get it working this week-end.
depending on the result, I'll do a PR.

Pafzedog picture Pafzedog on 3 Apr 2020
👍1

@agnivade I tested it with success and I made the PR

Pafzedog picture Pafzedog on 8 Apr 2020
🎉1

@agnivade I made the PR at the good place ;)

Pafzedog picture Pafzedog on 9 Apr 2020

Closing this one after merging your PR, thanks again @Pafzedog!

DSchalla picture DSchalla on 15 Apr 2020
Was this page helpful?
0 / 5 - 0 ratings

Related issues

jasonblais picture jasonblais  ·  3Comments
esethna picture esethna  ·  3Comments
esethna picture esethna  ·  3Comments
esethna picture esethna  ·  3Comments
esethna picture esethna  ·  3Comments