<div dir="ltr"><div>Looks to me like your problem is that Seafile is using HTTPS but Mattermost is not.</div><div><br></div><div>That said, I don't understand how you are able to get to Mattermost at all, since you are setting HSTS headers that should prevent your browser from going to a non-secure page on your domain.</div><div><br></div><div>Add HTTPS configuration for Mattermost and see if that helps.</div><br clear="all"><div><div dir="ltr" class="gmail_signature" data-smartmail="gmail_signature"><div class="gmail_signature" data-smartmail="gmail_signature"><div dir="ltr">--<br>Moshe Katz<br>-- <a href="mailto:kohenkatz@gmail.com" target="_blank">kohenkatz@gmail.com</a><br>-- +1(301)867-3732</div></div></div></div><br></div><br><div class="gmail_quote"><div dir="ltr">On Tue, May 15, 2018 at 4:35 AM Nginx-Chris <<a href="mailto:nginx-forum@forum.nginx.org">nginx-forum@forum.nginx.org</a>> wrote:<br></div><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">Root Server with Ubuntu 16.04.<br>
Nginx Version: 1.10.3<br>
<br>
I have an Nginx server that serves 1 Application: An open source Cloud<br>
Server from Seafile that listens on <a href="http://cloud.mydomain.com" rel="noreferrer" target="_blank">cloud.mydomain.com</a><br>
<br>
I now tried to add another Application to my server: A Mattermost server<br>
that should listen on <a href="http://chat.mydomain.com" rel="noreferrer" target="_blank">chat.mydomain.com</a><br>
<br>
When I am adding the Nginx config for Mattermost, then it only is available<br>
when I deactivate the Seafile nginx config.<br>
<br>
So the server only serves one application at a time and that's always the<br>
Seafile Server.<br>
Then no nginx error.logs or access.logs get any data from the Mattermost<br>
login attempts.<br>
<br>
I am pasting the configs below and am hoping that someone could give me a<br>
tip what I have a done wrong or what I need to change.<br>
I don't understand why Nginx does not listen for <a href="http://chat.mydomain.com" rel="noreferrer" target="_blank">chat.mydomain.com</a><br>
<br>
Any help would be very much appreciated!<br>
<br>
SEAFILE NGINX CONFIG:<br>
<br>
server {<br>
<br>
    listen 80 http2;<br>
    listen [::]:80 http2;    <br>
    server_name <a href="http://cloud.mydomain.com" rel="noreferrer" target="_blank">cloud.mydomain.com</a>;<br>
<br>
    rewrite ^ https://$http_host$request_uri? permanent;    # force redirect<br>
http to https<br>
<br>
    # Enables or disables emitting nginx version on error pages and in the<br>
"Server" response header field.<br>
    server_tokens off;<br>
<br>
}<br>
<br>
server {<br>
    listen 443 ssl http2; # managed by Certbot<br>
    listen [::]:443 http2;<br>
    ssl on;<br>
<br>
    server_name <a href="http://cloud.mydomain.com" rel="noreferrer" target="_blank">cloud.mydomain.com</a>;<br>
<br>
    ssl_session_cache shared:SSL:5m;    <br>
    server_tokens off;<br>
<br>
    ssl_certificate /etc/letsencrypt/live/<a href="http://cloud.mydomain.com/fullchain.pem" rel="noreferrer" target="_blank">cloud.mydomain.com/fullchain.pem</a>;<br>
# managed by Certbot<br>
    ssl_certificate_key<br>
/etc/letsencrypt/live/<a href="http://cloud.mydomain.com/privkey.pem" rel="noreferrer" target="_blank">cloud.mydomain.com/privkey.pem</a>; # managed by Certbot<br>
<br>
    include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot<br>
<br>
    ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot<br>
<br>
    proxy_set_header X-Forwarded-For $remote_addr;<br>
<br>
    add_header Strict-Transport-Security "max-age=31536000;<br>
includeSubDomains";<br>
<br>
        location / {<br>
         proxy_pass         <a href="http://127.0.0.1:8000" rel="noreferrer" target="_blank">http://127.0.0.1:8000</a>;<br>
         proxy_set_header   Host $host;<br>
         proxy_set_header   X-Real-IP $remote_addr;<br>
         proxy_set_header   X-Forwarded-For $proxy_add_x_forwarded_for;<br>
         proxy_set_header   X-Forwarded-Host $server_name;<br>
         proxy_set_header   X-Forwarded-Proto https;<br>
<br>
         proxy_read_timeout  1200s;<br>
<br>
         # used for view/edit office file via Office Online Server<br>
         client_max_body_size 0;<br>
<br>
         access_log      /var/log/nginx/seahub.access.log;<br>
         error_log       /var/log/nginx/seahub.error.log;<br>
    }<br>
<br>
    location /seafhttp {<br>
        rewrite ^/seafhttp(.*)$ $1 break;<br>
        proxy_pass <a href="http://127.0.0.1:8082" rel="noreferrer" target="_blank">http://127.0.0.1:8082</a>;<br>
        client_max_body_size 0;<br>
<br>
        proxy_connect_timeout  36000s;<br>
        proxy_read_timeout  36000s;<br>
        proxy_send_timeout  36000s;<br>
        send_timeout  36000s;<br>
<br>
        proxy_request_buffering off;<br>
    }<br>
<br>
    location /media {<br>
        root /home/user/seafile.cloud/seafile-server-latest/seahub;<br>
    }<br>
<br>
    location /webdav {<br>
        fastcgi_pass    <a href="http://127.0.0.1:8080" rel="noreferrer" target="_blank">127.0.0.1:8080</a>;<br>
        fastcgi_param   SCRIPT_FILENAME    <br>
$document_root$fastcgi_script_name;<br>
        fastcgi_param   PATH_INFO           $fastcgi_script_name;<br>
<br>
        fastcgi_param   SERVER_PROTOCOL     $server_protocol;<br>
        fastcgi_param   QUERY_STRING        $query_string;<br>
        fastcgi_param   REQUEST_METHOD      $request_method;<br>
        fastcgi_param   CONTENT_TYPE        $content_type;<br>
        fastcgi_param   CONTENT_LENGTH      $content_length;<br>
        fastcgi_param   SERVER_ADDR         $server_addr;<br>
        fastcgi_param   SERVER_PORT         $server_port;<br>
        fastcgi_param   SERVER_NAME         $server_name;<br>
        fastcgi_param   HTTPS               on;<br>
        fastcgi_param   HTTP_SCHEME         https;<br>
<br>
        client_max_body_size 0;<br>
        proxy_connect_timeout  36000s;<br>
        proxy_read_timeout  36000s;<br>
        proxy_send_timeout  36000s;<br>
        send_timeout  36000s;<br>
<br>
        # This option is only available for Nginx >= 1.8.0. See more details<br>
below.<br>
        proxy_request_buffering off;<br>
<br>
        access_log      /var/log/nginx/seafdav.access.log;<br>
        error_log       /var/log/nginx/seafdav.error.log;<br>
    }<br>
}<br>
<br>
<br>
<br>
<br>
MATTERMOST NGINX CONFIG:<br>
<br>
upstream backend {<br>
   server <a href="http://127.0.0.1:8065" rel="noreferrer" target="_blank">127.0.0.1:8065</a>;<br>
}<br>
<br>
proxy_cache_path /var/cache/nginx levels=1:2 keys_zone=mattermost_cache:10m<br>
max_size=3g inactive=120m use_temp_path=off;<br>
<br>
server {<br>
   listen 80;<br>
   listen [::]:80;<br>
   server_name <a href="http://chat.mydomain.com" rel="noreferrer" target="_blank">chat.mydomain.com</a>;<br>
<br>
   location ~/api/v[0-9]+/(users/)?websocket$ {<br>
       proxy_set_header Upgrade $http_upgrade;<br>
       proxy_set_header Connection "upgrade";<br>
       client_max_body_size 50M;<br>
       proxy_set_header Host $http_host;<br>
       proxy_set_header X-Real-IP $remote_addr;<br>
       proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;<br>
       proxy_set_header X-Forwarded-Proto $scheme;<br>
       proxy_set_header X-Frame-Options SAMEORIGIN;<br>
       proxy_buffers 256 16k;<br>
       proxy_buffer_size 16k;<br>
       proxy_read_timeout 600s;<br>
       proxy_pass <a href="http://backend" rel="noreferrer" target="_blank">http://backend</a>;<br>
   }<br>
<br>
   location / {<br>
       client_max_body_size 50M;<br>
       proxy_set_header Connection "";<br>
       proxy_set_header Host $http_host;<br>
       proxy_set_header X-Real-IP $remote_addr;<br>
       proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;<br>
       proxy_set_header X-Forwarded-Proto $scheme;<br>
       proxy_set_header X-Frame-Options SAMEORIGIN;<br>
       proxy_buffers 256 16k;<br>
       proxy_buffer_size 16k;<br>
       proxy_read_timeout 600s;<br>
       proxy_cache mattermost_cache;<br>
       proxy_cache_revalidate on;<br>
       proxy_cache_min_uses 2;<br>
       proxy_cache_use_stale timeout;<br>
       proxy_cache_lock on;<br>
       proxy_pass <a href="http://backend" rel="noreferrer" target="_blank">http://backend</a>;<br>
   }<br>
}<br>
<br>
Posted at Nginx Forum: <a href="https://forum.nginx.org/read.php?2,279794,279794#msg-279794" rel="noreferrer" target="_blank">https://forum.nginx.org/read.php?2,279794,279794#msg-279794</a><br>
<br>
_______________________________________________<br>
nginx mailing list<br>
<a href="mailto:nginx@nginx.org" target="_blank">nginx@nginx.org</a><br>
<a href="http://mailman.nginx.org/mailman/listinfo/nginx" rel="noreferrer" target="_blank">http://mailman.nginx.org/mailman/listinfo/nginx</a><br>
</blockquote></div>