Mattermost Documentation Ingress & TLS

The charm manages reverse-proxying by creating Kubernetes ingress resources and will enable TLS when the configured site URL demands it. The charm works with any client that stores the key and certificate in a standard Kubernetes secret. Use the charm’s tls_secret_name setting to tell it the name of the resource to use. For example, if your secrets is named mattermost-tls, you would run:

juju config mattermost tls_secret_name=mattermost-tls

If you need to lock down access to Mattermost based on source IP address, use the charm’s ingress_whitelist_source_range config option, which is is a comma-separated list of CIDRs. This can be useful during a testing phase of your Mattermost deployment, or to provide an additional level of access control. For example:

juju config mattermost ingress_whitelist_source_range="10.1.1.0/8,10.1.2.0/8"