You are using Mattermost behind an Nginx proxy that handles external TLS and load balancing, but need to secure the communication between the Mattermost server and the proxy.
- Change the Nginx configuration to so that every
proxy_passis pointing tohttps://and nothttp:// - Upload the certificate and key file you would like to use to secure the connections
- Change your Mattermost config by;
- Setting
ServiceSettings>ConnectionSecuritytoTLS - Setting
ServiceSettings>TLSCertFileto the path of the certificate file - Setting
ServiceSettings>TLSKeyFileto the path of the key file
- Setting
- Restart Mattermost
service mattermost restart
This is the minimum possible configuration change to encrypt connections between the Mattermost server and the proxy server. Even if Mattermost is running inside of your firewall, it can be beneficial to encrypt communication between Mattermost and the proxy server to prevent eavesdropping from inside your network. Also, if your internal users are connecting to the Mattermost server directly, they can get the benefits of TLS security on port 8065.
Because TLS is added on top of TCP/IP connections, you can use any port to serve encrypted connections, not just 443. This is helpful because you don't have to run Mattermost with escalated privileges to have encrypted and verified connections.