Navigation

    Kopano
    • Register
    • Login
    • Search
    • Categories
    • Get Official Kopano Support
    • Recent
    Statement regarding the closure of the Kopano community forum and the end of the community edition

    Question concerning encryption

    Kopano Mattermost
    2
    3
    549
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • mcdaniels
      mcdaniels last edited by mcdaniels

      Hey,
      I hope I understood right, but if you configure Mattemost-vHost like this:

      
<VirtualHost *:80>
        ServerName mm.mydomain.at
        ServerAdmin webmaster@mydomain.at

        ErrorLog ${APACHE_LOG_DIR}/mattermost-error.log
        CustomLog ${APACHE_LOG_DIR}/mattermost-access.log combined

        # Enforce HTTPS:
        RewriteEngine On
        RewriteCond %{HTTPS} !=on
        RewriteRule ^/?(.*) https://%{SERVER_NAME}/$1 [R,L]
</VirtualHost>

<VirtualHost *:443>
        SSLEngine on
        ServerName mm.mydomain.at
        ServerAdmin webmaster@mydomain.at

        SSLCertificateFile /etc/ssl/certs/my.crt
        SSLCertificateKeyFile /etc/ssl/private/my.key
        SSLCaCertificateFile /etc/ssl/certs/AlphaSSLroot.crt

        ErrorLog ${APACHE_LOG_DIR}/mattermost-error.log
        CustomLog ${APACHE_LOG_DIR}/mattermost-access.log combined

        RewriteEngine On
        RewriteCond %{REQUEST_URI} ^/api/v1/websocket [NC,OR]
        RewriteCond %{HTTP:UPGRADE} ^WebSocket$ [NC,OR]
        RewriteCond %{HTTP:CONNECTION} ^Upgrade$ [NC]
        RewriteRule .* ws://127.0.0.1:8065%{REQUEST_URI} [P,QSA,L]
        RewriteCond %{DOCUMENT_ROOT}/%{REQUEST_FILENAME} !-f
        RewriteRule .* http://127.0.0.1:8065%{REQUEST_URI} [P,QSA,L]
        RequestHeader set X-Forwarded-Proto "https"

        RequestHeader unset If-Modified-Since
        RequestHeader unset If-None-Match

        # Optional headers if Mattermost should be accesible from within Kopano WebApp
        Header set X-Frame-Options "ALLOW-FROM https://mail2.mydomain.at"
        Header edit Content-Security-Policy ^(.*)$ "$1;frame-ancestors 'self' https://mail2.mydomain.at"

        <LocationMatch "/api/(?<version>v[0-9]+)/(?<users>users/)?websocket$">
                Require all granted
                ProxyPassReverse ws://127.0.0.1:8065/api/%{env:MATCH_VERSION}/%{env:MATCH_USERS}websocket
                ProxyPassReverseCookieDomain 127.0.0.1 mm.mydomain.at
                # Optional headers if Mattermost should be accesible from within Kopano WebApp
                Header unset X-Frame-Options
                Header unset Content-Security-Policy
        </LocationMatch>
        <Location />
                Require all granted
                ProxyPassReverse http://127.0.0.1:8065/
                ProxyPassReverseCookieDomain 127.0.0.1 mm.mydomain.at
                # Optional headers if Mattermost should be accesible from within Kopano WebApp
                #Header unset X-Frame-Options
                #Header unset Content-Security-Policy
        </Location>

        ProxyPreserveHost On
        ProxyRequests Off
</VirtualHost>

      there is no need to set up the certs in /etc/mattermost/config.js, as it is done via the proxy?

      So, all datatransfer is encrypted?

      fbartels 1 Reply Last reply Reply Quote 0
      • fbartels
        fbartels Kopano @mcdaniels last edited by

        @mcdaniels said in Question concerning encryption:

        all datatransfer is encrypted?

        Yes, the data between your clients and mattermost will be encrypted this way.

        Regards Felix

        Resources:
        https://kopano.com/blog/how-to-get-kopano/
        https://documentation.kopano.io/
        https://kb.kopano.io/

        Support overview:
        https://kopano.com/support/

        1 Reply Last reply Reply Quote 1
        • mcdaniels
          mcdaniels last edited by

          Thank you very much, Felix!

          1 Reply Last reply Reply Quote 0
          • First post
            Last post