We are running self-hosted Sublime Platform via Docker Compose using:
sublimesec/mantis:1.84sublimesec/bora-lite:1.84
We are placing Sublime behind a Pangolin reverse proxy instead of the bundled LetsEncrypt/nginx container.
Current Pangolin routes:
/ → sublime_dashboard:80/v1 → sublime_mantis:8000/v0 → sublime_mantis:8000/api → sublime_mantis:8000/notification → sublime_mantis:8000
Microsoft 365 subscription creation originally failed with:
POST https://graph.microsoft.com/v1.0/subscriptions failed HTTP 400:
InvalidRequest: NotificationUrl is a required property for subscription creation.
We found that Bora expects MICROSOFT_WEBHOOK_URL, so we added:
MICROSOFT_WEBHOOK_URL=https://example.com/notification/microsoft365/callback
MICROSOFT_SUBSCRIPTIONS_ENABLED=true
BASE_URL=https://example.com
DASHBOARD_PUBLIC_BASE_URL=https://example.com
API_PUBLIC_BASE_URL=https://example.com
CORS_ALLOW_ORIGINS=https://example.com
Both MICROSOFT_WEBHOOK_URL and MICROSOFT_SUBSCRIPTIONS_ENABLED are confirmed present in the running sublime_bora_lite and sublime_mantis containers after force-recreating both.
After adding MICROSOFT_WEBHOOK_URL, the error changed. Bora appears to send a notificationUrl, but Microsoft Graph validation fails because the endpoint does not return the expected validation token.
Direct test inside the Mantis container:
curl -i "http://localhost:8000/notification/microsoft365/callback?validationToken=test123"
returns:
HTTP/1.1 404 Not Found
404 page not found
We also tested these paths directly against Mantis and they all return 404:
/notification/microsoft365/callback
/v1/notification/microsoft365/callback
/v1/api_ms_notifications
/v1/microsoftNotifications
/api/microsoftNotifications
/microsoft365/callback
/v1/microsoft365/callback
The only Microsoft-related route we found is:
GET /v1/oauth/microsoft365/callback
but that returns:
501 non-cloud oauth currently not supported
That appears to be the OAuth callback, not the Microsoft Graph change notification webhook.
Because /notification/microsoft365/callback returns 404 directly inside the Mantis container, this does not appear to be a Pangolin/reverse-proxy routing issue.
Questions:
- Is Microsoft Graph subscription webhook handling supported in self-hosted Sublime 1.84?
- What exact
MICROSOFT_WEBHOOK_URL should be used?
- What exact route should echo the Microsoft Graph
validationToken?
- Is there another env var or feature flag required to mount the Graph notification route?
- Is this a known issue in
sublimesec/mantis:1.84 or sublimesec/bora-lite:1.84?
We are running self-hosted Sublime Platform via Docker Compose using:
sublimesec/mantis:1.84sublimesec/bora-lite:1.84We are placing Sublime behind a Pangolin reverse proxy instead of the bundled LetsEncrypt/nginx container.
Current Pangolin routes:
/→sublime_dashboard:80/v1→sublime_mantis:8000/v0→sublime_mantis:8000/api→sublime_mantis:8000/notification→sublime_mantis:8000Microsoft 365 subscription creation originally failed with:
We found that Bora expects
MICROSOFT_WEBHOOK_URL, so we added:Both
MICROSOFT_WEBHOOK_URLandMICROSOFT_SUBSCRIPTIONS_ENABLEDare confirmed present in the runningsublime_bora_liteandsublime_mantiscontainers after force-recreating both.After adding
MICROSOFT_WEBHOOK_URL, the error changed. Bora appears to send anotificationUrl, but Microsoft Graph validation fails because the endpoint does not return the expected validation token.Direct test inside the Mantis container:
curl -i "http://localhost:8000/notification/microsoft365/callback?validationToken=test123"returns:
We also tested these paths directly against Mantis and they all return
404:The only Microsoft-related route we found is:
but that returns:
That appears to be the OAuth callback, not the Microsoft Graph change notification webhook.
Because
/notification/microsoft365/callbackreturns404directly inside the Mantis container, this does not appear to be a Pangolin/reverse-proxy routing issue.Questions:
MICROSOFT_WEBHOOK_URLshould be used?validationToken?sublimesec/mantis:1.84orsublimesec/bora-lite:1.84?