<div dir="ltr"><div>Looks to me like your problem is that Seafile is using HTTPS but Mattermost is not.</div><div><br></div><div>That said, I don't understand how you are able to get to Mattermost at all, since you are setting HSTS headers that should prevent your browser from going to a non-secure page on your domain.</div><div><br></div><div>Add HTTPS configuration for Mattermost and see if that helps.</div><br clear="all"><div><div dir="ltr" class="gmail_signature" data-smartmail="gmail_signature"><div class="gmail_signature" data-smartmail="gmail_signature"><div dir="ltr">--<br>Moshe Katz<br>-- <a href="mailto:kohenkatz@gmail.com" target="_blank">kohenkatz@gmail.com</a><br>-- +1(301)867-3732</div></div></div></div><br></div><br><div class="gmail_quote"><div dir="ltr">On Tue, May 15, 2018 at 4:35 AM Nginx-Chris <<a href="mailto:nginx-forum@forum.nginx.org">nginx-forum@forum.nginx.org</a>> wrote:<br></div><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">Root Server with Ubuntu 16.04.<br>
Nginx Version: 1.10.3<br>
<br>
I have an Nginx server that serves 1 Application: An open source Cloud<br>
Server from Seafile that listens on <a href="http://cloud.mydomain.com" rel="noreferrer" target="_blank">cloud.mydomain.com</a><br>
<br>
I now tried to add another Application to my server: A Mattermost server<br>
that should listen on <a href="http://chat.mydomain.com" rel="noreferrer" target="_blank">chat.mydomain.com</a><br>
<br>
When I am adding the Nginx config for Mattermost, then it only is available<br>
when I deactivate the Seafile nginx config.<br>
<br>
So the server only serves one application at a time and that's always the<br>
Seafile Server.<br>
Then no nginx error.logs or access.logs get any data from the Mattermost<br>
login attempts.<br>
<br>
I am pasting the configs below and am hoping that someone could give me a<br>
tip what I have a done wrong or what I need to change.<br>
I don't understand why Nginx does not listen for <a href="http://chat.mydomain.com" rel="noreferrer" target="_blank">chat.mydomain.com</a><br>
<br>
Any help would be very much appreciated!<br>
<br>
SEAFILE NGINX CONFIG:<br>
<br>
server {<br>
<br>
listen 80 http2;<br>
listen [::]:80 http2; <br>
server_name <a href="http://cloud.mydomain.com" rel="noreferrer" target="_blank">cloud.mydomain.com</a>;<br>
<br>
rewrite ^ https://$http_host$request_uri? permanent; # force redirect<br>
http to https<br>
<br>
# Enables or disables emitting nginx version on error pages and in the<br>
"Server" response header field.<br>
server_tokens off;<br>
<br>
}<br>
<br>
server {<br>
listen 443 ssl http2; # managed by Certbot<br>
listen [::]:443 http2;<br>
ssl on;<br>
<br>
server_name <a href="http://cloud.mydomain.com" rel="noreferrer" target="_blank">cloud.mydomain.com</a>;<br>
<br>
ssl_session_cache shared:SSL:5m; <br>
server_tokens off;<br>
<br>
ssl_certificate /etc/letsencrypt/live/<a href="http://cloud.mydomain.com/fullchain.pem" rel="noreferrer" target="_blank">cloud.mydomain.com/fullchain.pem</a>;<br>
# managed by Certbot<br>
ssl_certificate_key<br>
/etc/letsencrypt/live/<a href="http://cloud.mydomain.com/privkey.pem" rel="noreferrer" target="_blank">cloud.mydomain.com/privkey.pem</a>; # managed by Certbot<br>
<br>
include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot<br>
<br>
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot<br>
<br>
proxy_set_header X-Forwarded-For $remote_addr;<br>
<br>
add_header Strict-Transport-Security "max-age=31536000;<br>
includeSubDomains";<br>
<br>
location / {<br>
proxy_pass <a href="http://127.0.0.1:8000" rel="noreferrer" target="_blank">http://127.0.0.1:8000</a>;<br>
proxy_set_header Host $host;<br>
proxy_set_header X-Real-IP $remote_addr;<br>
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;<br>
proxy_set_header X-Forwarded-Host $server_name;<br>
proxy_set_header X-Forwarded-Proto https;<br>
<br>
proxy_read_timeout 1200s;<br>
<br>
# used for view/edit office file via Office Online Server<br>
client_max_body_size 0;<br>
<br>
access_log /var/log/nginx/seahub.access.log;<br>
error_log /var/log/nginx/seahub.error.log;<br>
}<br>
<br>
location /seafhttp {<br>
rewrite ^/seafhttp(.*)$ $1 break;<br>
proxy_pass <a href="http://127.0.0.1:8082" rel="noreferrer" target="_blank">http://127.0.0.1:8082</a>;<br>
client_max_body_size 0;<br>
<br>
proxy_connect_timeout 36000s;<br>
proxy_read_timeout 36000s;<br>
proxy_send_timeout 36000s;<br>
send_timeout 36000s;<br>
<br>
proxy_request_buffering off;<br>
}<br>
<br>
location /media {<br>
root /home/user/seafile.cloud/seafile-server-latest/seahub;<br>
}<br>
<br>
location /webdav {<br>
fastcgi_pass <a href="http://127.0.0.1:8080" rel="noreferrer" target="_blank">127.0.0.1:8080</a>;<br>
fastcgi_param SCRIPT_FILENAME <br>
$document_root$fastcgi_script_name;<br>
fastcgi_param PATH_INFO $fastcgi_script_name;<br>
<br>
fastcgi_param SERVER_PROTOCOL $server_protocol;<br>
fastcgi_param QUERY_STRING $query_string;<br>
fastcgi_param REQUEST_METHOD $request_method;<br>
fastcgi_param CONTENT_TYPE $content_type;<br>
fastcgi_param CONTENT_LENGTH $content_length;<br>
fastcgi_param SERVER_ADDR $server_addr;<br>
fastcgi_param SERVER_PORT $server_port;<br>
fastcgi_param SERVER_NAME $server_name;<br>
fastcgi_param HTTPS on;<br>
fastcgi_param HTTP_SCHEME https;<br>
<br>
client_max_body_size 0;<br>
proxy_connect_timeout 36000s;<br>
proxy_read_timeout 36000s;<br>
proxy_send_timeout 36000s;<br>
send_timeout 36000s;<br>
<br>
# This option is only available for Nginx >= 1.8.0. See more details<br>
below.<br>
proxy_request_buffering off;<br>
<br>
access_log /var/log/nginx/seafdav.access.log;<br>
error_log /var/log/nginx/seafdav.error.log;<br>
}<br>
}<br>
<br>
<br>
<br>
<br>
MATTERMOST NGINX CONFIG:<br>
<br>
upstream backend {<br>
server <a href="http://127.0.0.1:8065" rel="noreferrer" target="_blank">127.0.0.1:8065</a>;<br>
}<br>
<br>
proxy_cache_path /var/cache/nginx levels=1:2 keys_zone=mattermost_cache:10m<br>
max_size=3g inactive=120m use_temp_path=off;<br>
<br>
server {<br>
listen 80;<br>
listen [::]:80;<br>
server_name <a href="http://chat.mydomain.com" rel="noreferrer" target="_blank">chat.mydomain.com</a>;<br>
<br>
location ~/api/v[0-9]+/(users/)?websocket$ {<br>
proxy_set_header Upgrade $http_upgrade;<br>
proxy_set_header Connection "upgrade";<br>
client_max_body_size 50M;<br>
proxy_set_header Host $http_host;<br>
proxy_set_header X-Real-IP $remote_addr;<br>
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;<br>
proxy_set_header X-Forwarded-Proto $scheme;<br>
proxy_set_header X-Frame-Options SAMEORIGIN;<br>
proxy_buffers 256 16k;<br>
proxy_buffer_size 16k;<br>
proxy_read_timeout 600s;<br>
proxy_pass <a href="http://backend" rel="noreferrer" target="_blank">http://backend</a>;<br>
}<br>
<br>
location / {<br>
client_max_body_size 50M;<br>
proxy_set_header Connection "";<br>
proxy_set_header Host $http_host;<br>
proxy_set_header X-Real-IP $remote_addr;<br>
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;<br>
proxy_set_header X-Forwarded-Proto $scheme;<br>
proxy_set_header X-Frame-Options SAMEORIGIN;<br>
proxy_buffers 256 16k;<br>
proxy_buffer_size 16k;<br>
proxy_read_timeout 600s;<br>
proxy_cache mattermost_cache;<br>
proxy_cache_revalidate on;<br>
proxy_cache_min_uses 2;<br>
proxy_cache_use_stale timeout;<br>
proxy_cache_lock on;<br>
proxy_pass <a href="http://backend" rel="noreferrer" target="_blank">http://backend</a>;<br>
}<br>
}<br>
<br>
Posted at Nginx Forum: <a href="https://forum.nginx.org/read.php?2,279794,279794#msg-279794" rel="noreferrer" target="_blank">https://forum.nginx.org/read.php?2,279794,279794#msg-279794</a><br>
<br>
_______________________________________________<br>
nginx mailing list<br>
<a href="mailto:nginx@nginx.org" target="_blank">nginx@nginx.org</a><br>
<a href="http://mailman.nginx.org/mailman/listinfo/nginx" rel="noreferrer" target="_blank">http://mailman.nginx.org/mailman/listinfo/nginx</a><br>
</blockquote></div>