From 4dabce86f4749c8cd965c735f23ec6f5255613be Mon Sep 17 00:00:00 2001 From: thopic Date: Tue, 13 Feb 2024 12:58:55 +0100 Subject: [PATCH] [MM] Update compose file --- mattermost/.env.example | 1 + mattermost/Dockerfile | 50 -------------------- mattermost/docker-compose.yml | 13 +++--- mattermost/entrypoint.sh | 86 ----------------------------------- 4 files changed, 7 insertions(+), 143 deletions(-) delete mode 100644 mattermost/Dockerfile delete mode 100755 mattermost/entrypoint.sh diff --git a/mattermost/.env.example b/mattermost/.env.example index 98fdfde..053f16c 100644 --- a/mattermost/.env.example +++ b/mattermost/.env.example @@ -1,2 +1,3 @@ DATA_PATH= CN= +MM_VERSION= diff --git a/mattermost/Dockerfile b/mattermost/Dockerfile deleted file mode 100644 index 97be545..0000000 --- a/mattermost/Dockerfile +++ /dev/null @@ -1,50 +0,0 @@ -FROM alpine:3.17 - -# Some ENV variables -ENV PATH="/mattermost/bin:${PATH}" - -# Build argument to set Mattermost edition -ARG MM_VERSION -ARG PUID=2000 -ARG PGID=2000 - - -# Install some needed packages -RUN apk add --no-cache \ - ca-certificates \ - curl \ - jq \ - libc6-compat \ - libffi-dev \ - libcap \ - linux-headers \ - mailcap \ - netcat-openbsd \ - xmlsec-dev \ - tzdata \ - postgresql-client \ - && rm -rf /tmp/* - -# Get Mattermost -RUN mkdir -p /mattermost/data /mattermost/plugins /mattermost/client/plugins \ - && curl https://releases.mattermost.com/$MM_VERSION/mattermost-team-$MM_VERSION-linux-amd64.tar.gz | tar -xvz \ - && cp /mattermost/config/config.json /config.json.save \ - && rm -rf /mattermost/config/config.json \ - && addgroup -g ${PGID} mattermost \ - && adduser -D -u ${PUID} -G mattermost -h /mattermost -D mattermost \ - && chown -R mattermost:mattermost /mattermost /config.json.save /mattermost/plugins /mattermost/client/plugins \ - && setcap cap_net_bind_service=+ep /mattermost/bin/mattermost - -# Expose port 8000 of the container -EXPOSE 8000 - -#Healthcheck to make sure container is ready -HEALTHCHECK CMD curl --fail http://localhost:8000/api/v4/system/ping || exit 1 - -USER mattermost - -# Configure entrypoint and command -COPY entrypoint.sh / -ENTRYPOINT ["/entrypoint.sh"] -WORKDIR /mattermost -CMD ["mattermost"] diff --git a/mattermost/docker-compose.yml b/mattermost/docker-compose.yml index b55f456..abbfe22 100644 --- a/mattermost/docker-compose.yml +++ b/mattermost/docker-compose.yml @@ -14,13 +14,15 @@ services: - "co.elastic.logs/fileset=log" app: - image: mm_app:8.0.1 + image: mm_app:${MM_VERSION} build: - context: . + context: https://github.com/mattermost/mattermost.git#v${MM_VERSION}:server/build args: - MM_VERSION: 8.0.1 + MM_PACKAGE: https://releases.mattermost.com/${MM_VERSION}/mattermost-team-${MM_VERSION}-linux-amd64.tar.gz depends_on: - db + security_opt: + - no-new-privileges:true restart: unless-stopped networks: - default @@ -28,16 +30,13 @@ services: volumes: - ${DATA_PATH}/app/mattermost/config:/mattermost/config:rw - ${DATA_PATH}/app/mattermost/data:/mattermost/data:rw - - ${DATA_PATH}/app/mattermost/logs:/mattermost/logs:rw - ${DATA_PATH}/app/mattermost/plugins:/mattermost/plugins:rw - - ${DATA_PATH}/app/mattermost/client-plugins:/mattermost/client/plugins:rw - /etc/localtime:/etc/localtime:ro env_file: secrets/app.secrets labels: - "traefik.enable=true" - "traefik.docker.network=proxy" - - "traefik.http.services.mm-svc.loadbalancer.server.port=8000" - - "traefik.http.routers.mm.service=mm-svc" + - "traefik.http.services.mm-svc.loadbalancer.server.port=8065" - "traefik.http.routers.mm.entrypoints=websecure" - "traefik.http.routers.mm.rule=Host(`${CN}`)" diff --git a/mattermost/entrypoint.sh b/mattermost/entrypoint.sh deleted file mode 100755 index fbff314..0000000 --- a/mattermost/entrypoint.sh +++ /dev/null @@ -1,86 +0,0 @@ -#!/bin/sh - -# Function to generate a random salt -generate_salt() { - tr -dc 'a-zA-Z0-9' "$MM_CONFIG.tmp" && mv "$MM_CONFIG.tmp" "$MM_CONFIG" - jq '.LogSettings.EnableConsole = true' "$MM_CONFIG" >"$MM_CONFIG.tmp" && mv "$MM_CONFIG.tmp" "$MM_CONFIG" - jq '.LogSettings.ConsoleLevel = "ERROR"' "$MM_CONFIG" >"$MM_CONFIG.tmp" && mv "$MM_CONFIG.tmp" "$MM_CONFIG" - jq '.FileSettings.Directory = "/mattermost/data/"' "$MM_CONFIG" >"$MM_CONFIG.tmp" && mv "$MM_CONFIG.tmp" "$MM_CONFIG" - jq '.FileSettings.EnablePublicLink = true' "$MM_CONFIG" >"$MM_CONFIG.tmp" && mv "$MM_CONFIG.tmp" "$MM_CONFIG" - jq ".FileSettings.PublicLinkSalt = \"$(generate_salt)\"" "$MM_CONFIG" >"$MM_CONFIG.tmp" && mv "$MM_CONFIG.tmp" "$MM_CONFIG" - jq '.EmailSettings.SendEmailNotifications = false' "$MM_CONFIG" >"$MM_CONFIG.tmp" && mv "$MM_CONFIG.tmp" "$MM_CONFIG" - jq '.EmailSettings.FeedbackEmail = ""' "$MM_CONFIG" >"$MM_CONFIG.tmp" && mv "$MM_CONFIG.tmp" "$MM_CONFIG" - jq '.EmailSettings.SMTPServer = ""' "$MM_CONFIG" >"$MM_CONFIG.tmp" && mv "$MM_CONFIG.tmp" "$MM_CONFIG" - jq '.EmailSettings.SMTPPort = ""' "$MM_CONFIG" >"$MM_CONFIG.tmp" && mv "$MM_CONFIG.tmp" "$MM_CONFIG" - jq ".EmailSettings.InviteSalt = \"$(generate_salt)\"" "$MM_CONFIG" >"$MM_CONFIG.tmp" && mv "$MM_CONFIG.tmp" "$MM_CONFIG" - jq ".EmailSettings.PasswordResetSalt = \"$(generate_salt)\"" "$MM_CONFIG" >"$MM_CONFIG.tmp" && mv "$MM_CONFIG.tmp" "$MM_CONFIG" - jq '.RateLimitSettings.Enable = true' "$MM_CONFIG" >"$MM_CONFIG.tmp" && mv "$MM_CONFIG.tmp" "$MM_CONFIG" - jq '.SqlSettings.DriverName = "postgres"' "$MM_CONFIG" >"$MM_CONFIG.tmp" && mv "$MM_CONFIG.tmp" "$MM_CONFIG" - jq ".SqlSettings.AtRestEncryptKey = \"$(generate_salt)\"" "$MM_CONFIG" >"$MM_CONFIG.tmp" && mv "$MM_CONFIG.tmp" "$MM_CONFIG" - jq '.PluginSettings.Directory = "/mattermost/plugins/"' "$MM_CONFIG" >"$MM_CONFIG.tmp" && mv "$MM_CONFIG.tmp" "$MM_CONFIG" - else - echo "Using existing config file $MM_CONFIG" - fi - - # Configure database access - if [ -z "$MM_SQLSETTINGS_DATASOURCE" ] && [ -n "$MM_USERNAME" ] && [ -n "$MM_PASSWORD" ]; then - echo "Configure database connection..." - # URLEncode the password, allowing for special characters - ENCODED_PASSWORD=$(printf %s "$MM_PASSWORD" | jq -s -R -r @uri) - export MM_SQLSETTINGS_DATASOURCE="postgres://$MM_USERNAME:$ENCODED_PASSWORD@$DB_HOST:$DB_PORT_NUMBER/$MM_DBNAME?sslmode=$DB_USE_SSL&connect_timeout=10" - echo "OK" - else - echo "Using existing database connection" - fi - - # Wait another second for the database to be properly started. - # Necessary to avoid "panic: Failed to open sql connection pq: the database system is starting up" - until pg_isready -h $DB_HOST -p $DB_PORT_NUMBER -U $MM_USERNAME - do - echo "Database is not ready yet. Waiting 5 seconds." - sleep 5 - done - - echo "Starting mattermost" -fi - -exec "$@"