Compare commits

..

3 Commits

Author SHA1 Message Date
4a060879cf
[MM] Sync testing 2024-02-13 13:05:48 +01:00
4dabce86f4
[MM] Update compose file 2024-02-13 12:58:55 +01:00
562a7a520b
[MM] Bump Postgres to 12.18 2024-02-13 12:56:20 +01:00
9 changed files with 35 additions and 295 deletions

View File

@ -2,11 +2,22 @@ from php:7.4.33-apache
RUN apt-get update && apt-get install -y \ RUN apt-get update && apt-get install -y \
git \ git \
# locales \
# locales-all \
# gettext \
libicu-dev\ libicu-dev\
&& docker-php-ext-configure intl \ && docker-php-ext-configure intl \
&& docker-php-ext-install intl \ && docker-php-ext-install intl \
&& rm -rf /var/lib/apt/lists/* && rm -rf /var/lib/apt/lists/*
#RUN sed -i -e 's/# fr_FR.UTF-8 UTF-8/fr_FR.UTF-8 UTF-8/' /etc/locale.gen && \
# locale-gen
# dpkg-reconfigure --frontend=noninteractive locales
#ENV LANG fr_FR.UTF-8
#ENV LANGUAGE fr_FR:fr
#ENV GDM_LANG fr_FR.UTF-8
#ENV LC_ALL fr_FR.UTF-8
RUN printf "[safe]\n\tdirectory = /var/www\n" > /etc/gitconfig RUN printf "[safe]\n\tdirectory = /var/www\n" > /etc/gitconfig
RUN a2enmod remoteip rewrite \ RUN a2enmod remoteip rewrite \

View File

@ -1,2 +1,3 @@
DATA_PATH= DATA_PATH=
CN= CN=
MM_VERSION=

View File

@ -1,50 +0,0 @@
FROM alpine:3.17
# Some ENV variables
ENV PATH="/mattermost/bin:${PATH}"
# Build argument to set Mattermost edition
ARG MM_VERSION
ARG PUID=2000
ARG PGID=2000
# Install some needed packages
RUN apk add --no-cache \
ca-certificates \
curl \
jq \
libc6-compat \
libffi-dev \
libcap \
linux-headers \
mailcap \
netcat-openbsd \
xmlsec-dev \
tzdata \
postgresql-client \
&& rm -rf /tmp/*
# Get Mattermost
RUN mkdir -p /mattermost/data /mattermost/plugins /mattermost/client/plugins \
&& curl https://releases.mattermost.com/$MM_VERSION/mattermost-team-$MM_VERSION-linux-amd64.tar.gz | tar -xvz \
&& cp /mattermost/config/config.json /config.json.save \
&& rm -rf /mattermost/config/config.json \
&& addgroup -g ${PGID} mattermost \
&& adduser -D -u ${PUID} -G mattermost -h /mattermost -D mattermost \
&& chown -R mattermost:mattermost /mattermost /config.json.save /mattermost/plugins /mattermost/client/plugins \
&& setcap cap_net_bind_service=+ep /mattermost/bin/mattermost
# Expose port 8000 of the container
EXPOSE 8000
#Healthcheck to make sure container is ready
HEALTHCHECK CMD curl --fail http://localhost:8000/api/v4/system/ping || exit 1
USER mattermost
# Configure entrypoint and command
COPY entrypoint.sh /
ENTRYPOINT ["/entrypoint.sh"]
WORKDIR /mattermost
CMD ["mattermost"]

View File

@ -2,7 +2,7 @@ version: "3.8"
services: services:
db: db:
image: postgres:12.15-alpine image: postgres:12.18-alpine
restart: unless-stopped restart: unless-stopped
volumes: volumes:
- ${DATA_PATH}/db/var/lib/postgresql/data:/var/lib/postgresql/data - ${DATA_PATH}/db/var/lib/postgresql/data:/var/lib/postgresql/data
@ -14,13 +14,15 @@ services:
- "co.elastic.logs/fileset=log" - "co.elastic.logs/fileset=log"
app: app:
image: mm_app:8.0.1 image: mm_app:${MM_VERSION}
build: build:
context: . context: https://github.com/mattermost/mattermost.git#v${MM_VERSION}:server/build
args: args:
MM_VERSION: 8.0.1 MM_PACKAGE: https://releases.mattermost.com/${MM_VERSION}/mattermost-team-${MM_VERSION}-linux-amd64.tar.gz
depends_on: depends_on:
- db - db
security_opt:
- no-new-privileges:true
restart: unless-stopped restart: unless-stopped
networks: networks:
- default - default
@ -28,16 +30,13 @@ services:
volumes: volumes:
- ${DATA_PATH}/app/mattermost/config:/mattermost/config:rw - ${DATA_PATH}/app/mattermost/config:/mattermost/config:rw
- ${DATA_PATH}/app/mattermost/data:/mattermost/data:rw - ${DATA_PATH}/app/mattermost/data:/mattermost/data:rw
- ${DATA_PATH}/app/mattermost/logs:/mattermost/logs:rw
- ${DATA_PATH}/app/mattermost/plugins:/mattermost/plugins:rw - ${DATA_PATH}/app/mattermost/plugins:/mattermost/plugins:rw
- ${DATA_PATH}/app/mattermost/client-plugins:/mattermost/client/plugins:rw
- /etc/localtime:/etc/localtime:ro - /etc/localtime:/etc/localtime:ro
env_file: secrets/app.secrets env_file: secrets/app.secrets
labels: labels:
- "traefik.enable=true" - "traefik.enable=true"
- "traefik.docker.network=proxy" - "traefik.docker.network=proxy"
- "traefik.http.services.mm-svc.loadbalancer.server.port=8000" - "traefik.http.services.mm-svc.loadbalancer.server.port=8065"
- "traefik.http.routers.mm.service=mm-svc"
- "traefik.http.routers.mm.entrypoints=websecure" - "traefik.http.routers.mm.entrypoints=websecure"
- "traefik.http.routers.mm.rule=Host(`${CN}`)" - "traefik.http.routers.mm.rule=Host(`${CN}`)"

View File

@ -1,86 +0,0 @@
#!/bin/sh
# Function to generate a random salt
generate_salt() {
tr -dc 'a-zA-Z0-9' </dev/urandom | fold -w 48 | head -n 1
}
# Read environment variables or set default values
DB_HOST=${DB_HOST:-db}
DB_PORT_NUMBER=${DB_PORT_NUMBER:-5432}
# see https://www.postgresql.org/docs/current/libpq-ssl.html
# for usage when database connection requires encryption
# filenames should be escaped if they contain spaces
# i.e. $(printf %s ${MY_ENV_VAR:-''} | jq -s -R -r @uri)
# the location of the CA file can be set using environment var PGSSLROOTCERT
# the location of the CRL file can be set using PGSSLCRL
# The URL syntax for connection string does not support the parameters
# sslrootcert and sslcrl reliably, so use these PostgreSQL-specified variables
# to set names if using a location other than default
DB_USE_SSL=${DB_USE_SSL:-disable}
MM_DBNAME=${MM_DBNAME:-mattermost}
MM_CONFIG=${MM_CONFIG:-/mattermost/config/config.json}
_1=$(echo "$1" | awk '{ s=substr($0, 0, 1); print s; }')
if [ "$_1" = '-' ]; then
set -- mattermost "$@"
fi
if [ "$1" = 'mattermost' ]; then
# Check CLI args for a -config option
for ARG in "$@"; do
case "$ARG" in
-config=*) MM_CONFIG=${ARG#*=} ;;
esac
done
if [ ! -f "$MM_CONFIG" ]; then
# If there is no configuration file, create it with some default values
echo "No configuration file $MM_CONFIG"
echo "Creating a new one"
# Copy default configuration file
cp /config.json.save "$MM_CONFIG"
# Substitute some parameters with jq
jq '.ServiceSettings.ListenAddress = ":8000"' "$MM_CONFIG" >"$MM_CONFIG.tmp" && mv "$MM_CONFIG.tmp" "$MM_CONFIG"
jq '.LogSettings.EnableConsole = true' "$MM_CONFIG" >"$MM_CONFIG.tmp" && mv "$MM_CONFIG.tmp" "$MM_CONFIG"
jq '.LogSettings.ConsoleLevel = "ERROR"' "$MM_CONFIG" >"$MM_CONFIG.tmp" && mv "$MM_CONFIG.tmp" "$MM_CONFIG"
jq '.FileSettings.Directory = "/mattermost/data/"' "$MM_CONFIG" >"$MM_CONFIG.tmp" && mv "$MM_CONFIG.tmp" "$MM_CONFIG"
jq '.FileSettings.EnablePublicLink = true' "$MM_CONFIG" >"$MM_CONFIG.tmp" && mv "$MM_CONFIG.tmp" "$MM_CONFIG"
jq ".FileSettings.PublicLinkSalt = \"$(generate_salt)\"" "$MM_CONFIG" >"$MM_CONFIG.tmp" && mv "$MM_CONFIG.tmp" "$MM_CONFIG"
jq '.EmailSettings.SendEmailNotifications = false' "$MM_CONFIG" >"$MM_CONFIG.tmp" && mv "$MM_CONFIG.tmp" "$MM_CONFIG"
jq '.EmailSettings.FeedbackEmail = ""' "$MM_CONFIG" >"$MM_CONFIG.tmp" && mv "$MM_CONFIG.tmp" "$MM_CONFIG"
jq '.EmailSettings.SMTPServer = ""' "$MM_CONFIG" >"$MM_CONFIG.tmp" && mv "$MM_CONFIG.tmp" "$MM_CONFIG"
jq '.EmailSettings.SMTPPort = ""' "$MM_CONFIG" >"$MM_CONFIG.tmp" && mv "$MM_CONFIG.tmp" "$MM_CONFIG"
jq ".EmailSettings.InviteSalt = \"$(generate_salt)\"" "$MM_CONFIG" >"$MM_CONFIG.tmp" && mv "$MM_CONFIG.tmp" "$MM_CONFIG"
jq ".EmailSettings.PasswordResetSalt = \"$(generate_salt)\"" "$MM_CONFIG" >"$MM_CONFIG.tmp" && mv "$MM_CONFIG.tmp" "$MM_CONFIG"
jq '.RateLimitSettings.Enable = true' "$MM_CONFIG" >"$MM_CONFIG.tmp" && mv "$MM_CONFIG.tmp" "$MM_CONFIG"
jq '.SqlSettings.DriverName = "postgres"' "$MM_CONFIG" >"$MM_CONFIG.tmp" && mv "$MM_CONFIG.tmp" "$MM_CONFIG"
jq ".SqlSettings.AtRestEncryptKey = \"$(generate_salt)\"" "$MM_CONFIG" >"$MM_CONFIG.tmp" && mv "$MM_CONFIG.tmp" "$MM_CONFIG"
jq '.PluginSettings.Directory = "/mattermost/plugins/"' "$MM_CONFIG" >"$MM_CONFIG.tmp" && mv "$MM_CONFIG.tmp" "$MM_CONFIG"
else
echo "Using existing config file $MM_CONFIG"
fi
# Configure database access
if [ -z "$MM_SQLSETTINGS_DATASOURCE" ] && [ -n "$MM_USERNAME" ] && [ -n "$MM_PASSWORD" ]; then
echo "Configure database connection..."
# URLEncode the password, allowing for special characters
ENCODED_PASSWORD=$(printf %s "$MM_PASSWORD" | jq -s -R -r @uri)
export MM_SQLSETTINGS_DATASOURCE="postgres://$MM_USERNAME:$ENCODED_PASSWORD@$DB_HOST:$DB_PORT_NUMBER/$MM_DBNAME?sslmode=$DB_USE_SSL&connect_timeout=10"
echo "OK"
else
echo "Using existing database connection"
fi
# Wait another second for the database to be properly started.
# Necessary to avoid "panic: Failed to open sql connection pq: the database system is starting up"
until pg_isready -h $DB_HOST -p $DB_PORT_NUMBER -U $MM_USERNAME
do
echo "Database is not ready yet. Waiting 5 seconds."
sleep 5
done
echo "Starting mattermost"
fi
exec "$@"

View File

@ -1,50 +0,0 @@
FROM alpine:3.11
# Some ENV variables
ENV PATH="/mattermost/bin:${PATH}"
ENV MM_VERSION=6.1.0
# Build argument to set Mattermost edition
ARG PUID=2000
ARG PGID=2000
# Install some needed packages
RUN apk add --no-cache \
ca-certificates \
curl \
jq \
libc6-compat \
libffi-dev \
libcap \
linux-headers \
mailcap \
netcat-openbsd \
xmlsec-dev \
tzdata \
postgresql-client \
&& rm -rf /tmp/*
# Get Mattermost
RUN mkdir -p /mattermost/data /mattermost/plugins /mattermost/client/plugins \
&& curl https://releases.mattermost.com/$MM_VERSION/mattermost-team-$MM_VERSION-linux-amd64.tar.gz | tar -xvz \
&& cp /mattermost/config/config.json /config.json.save \
&& rm -rf /mattermost/config/config.json \
&& addgroup -g ${PGID} mattermost \
&& adduser -D -u ${PUID} -G mattermost -h /mattermost -D mattermost \
&& chown -R mattermost:mattermost /mattermost /config.json.save /mattermost/plugins /mattermost/client/plugins \
&& setcap cap_net_bind_service=+ep /mattermost/bin/mattermost
# Expose port 8000 of the container
EXPOSE 8000
#Healthcheck to make sure container is ready
HEALTHCHECK CMD curl --fail http://localhost:8000/api/v4/system/ping || exit 1
USER mattermost
# Configure entrypoint and command
COPY entrypoint.sh /
ENTRYPOINT ["/entrypoint.sh"]
WORKDIR /mattermost
CMD ["mattermost"]

View File

@ -2,7 +2,7 @@ version: "3.8"
services: services:
db: db:
image: postgres:12.8-alpine image: postgres:12.18-alpine
restart: unless-stopped restart: unless-stopped
volumes: volumes:
- ${DATA_PATH}/db/var/lib/postgresql/data:/var/lib/postgresql/data - ${DATA_PATH}/db/var/lib/postgresql/data:/var/lib/postgresql/data
@ -11,10 +11,15 @@ services:
env_file: secrets/db.secrets env_file: secrets/db.secrets
app: app:
build: . image: mm_app:${MM_VERSION}
image: mm_app:6.1.0 build:
context: https://github.com/mattermost/mattermost.git#v${MM_VERSION}:server/build
args:
MM_PACKAGE: https://releases.mattermost.com/${MM_VERSION}/mattermost-team-${MM_VERSION}-linux-amd64.tar.gz
depends_on: depends_on:
- db - db
security_opt:
- no-new-privileges:true
restart: unless-stopped restart: unless-stopped
networks: networks:
- default - default
@ -22,24 +27,15 @@ services:
volumes: volumes:
- ${DATA_PATH}/app/mattermost/config:/mattermost/config:rw - ${DATA_PATH}/app/mattermost/config:/mattermost/config:rw
- ${DATA_PATH}/app/mattermost/data:/mattermost/data:rw - ${DATA_PATH}/app/mattermost/data:/mattermost/data:rw
- ${DATA_PATH}/app/mattermost/logs:/mattermost/logs:rw
- ${DATA_PATH}/app/mattermost/plugins:/mattermost/plugins:rw - ${DATA_PATH}/app/mattermost/plugins:/mattermost/plugins:rw
- ${DATA_PATH}/app/mattermost/client-plugins:/mattermost/client/plugins:rw
- /etc/localtime:/etc/localtime:ro - /etc/localtime:/etc/localtime:ro
env_file: secrets/app.secrets env_file: secrets/app.secrets
labels: labels:
- "traefik.enable=true" - "traefik.enable=true"
- "traefik.docker.network=proxy" - "traefik.docker.network=proxy"
- "traefik.http.services.mm-test-web-svc.loadbalancer.server.port=8000" - "traefik.http.services.mm-test-svc.loadbalancer.server.port=8065"
- "traefik.http.routers.mm-test-https.service=mm-test-web-svc" - "traefik.http.routers.mm-test.entrypoints=websecure"
- "traefik.http.middlewares.mm-test-redirect-websecure.redirectscheme.scheme=https" - "traefik.http.routers.mm-test.rule=Host(`${CN}`)"
- "traefik.http.routers.mm-test-http.middlewares=mm-test-redirect-websecure"
- "traefik.http.routers.mm-test-http.rule=Host(`${CN}`)"
- "traefik.http.routers.mm-test-http.entrypoints=web"
- "traefik.http.routers.mm-test-https.rule=Host(`${CN}`)"
- "traefik.http.routers.mm-test-https.entrypoints=websecure"
- "traefik.http.routers.mm-test-https.tls=true"
- "traefik.http.routers.mm-test-https.tls.certresolver=myhttpchallenge"
networks: networks:
proxy: proxy:

View File

@ -1,86 +0,0 @@
#!/bin/sh
# Function to generate a random salt
generate_salt() {
tr -dc 'a-zA-Z0-9' </dev/urandom | fold -w 48 | head -n 1
}
# Read environment variables or set default values
DB_HOST=${DB_HOST:-db}
DB_PORT_NUMBER=${DB_PORT_NUMBER:-5432}
# see https://www.postgresql.org/docs/current/libpq-ssl.html
# for usage when database connection requires encryption
# filenames should be escaped if they contain spaces
# i.e. $(printf %s ${MY_ENV_VAR:-''} | jq -s -R -r @uri)
# the location of the CA file can be set using environment var PGSSLROOTCERT
# the location of the CRL file can be set using PGSSLCRL
# The URL syntax for connection string does not support the parameters
# sslrootcert and sslcrl reliably, so use these PostgreSQL-specified variables
# to set names if using a location other than default
DB_USE_SSL=${DB_USE_SSL:-disable}
MM_DBNAME=${MM_DBNAME:-mattermost}
MM_CONFIG=${MM_CONFIG:-/mattermost/config/config.json}
_1=$(echo "$1" | awk '{ s=substr($0, 0, 1); print s; }')
if [ "$_1" = '-' ]; then
set -- mattermost "$@"
fi
if [ "$1" = 'mattermost' ]; then
# Check CLI args for a -config option
for ARG in "$@"; do
case "$ARG" in
-config=*) MM_CONFIG=${ARG#*=} ;;
esac
done
if [ ! -f "$MM_CONFIG" ]; then
# If there is no configuration file, create it with some default values
echo "No configuration file $MM_CONFIG"
echo "Creating a new one"
# Copy default configuration file
cp /config.json.save "$MM_CONFIG"
# Substitute some parameters with jq
jq '.ServiceSettings.ListenAddress = ":8000"' "$MM_CONFIG" >"$MM_CONFIG.tmp" && mv "$MM_CONFIG.tmp" "$MM_CONFIG"
jq '.LogSettings.EnableConsole = true' "$MM_CONFIG" >"$MM_CONFIG.tmp" && mv "$MM_CONFIG.tmp" "$MM_CONFIG"
jq '.LogSettings.ConsoleLevel = "ERROR"' "$MM_CONFIG" >"$MM_CONFIG.tmp" && mv "$MM_CONFIG.tmp" "$MM_CONFIG"
jq '.FileSettings.Directory = "/mattermost/data/"' "$MM_CONFIG" >"$MM_CONFIG.tmp" && mv "$MM_CONFIG.tmp" "$MM_CONFIG"
jq '.FileSettings.EnablePublicLink = true' "$MM_CONFIG" >"$MM_CONFIG.tmp" && mv "$MM_CONFIG.tmp" "$MM_CONFIG"
jq ".FileSettings.PublicLinkSalt = \"$(generate_salt)\"" "$MM_CONFIG" >"$MM_CONFIG.tmp" && mv "$MM_CONFIG.tmp" "$MM_CONFIG"
jq '.EmailSettings.SendEmailNotifications = false' "$MM_CONFIG" >"$MM_CONFIG.tmp" && mv "$MM_CONFIG.tmp" "$MM_CONFIG"
jq '.EmailSettings.FeedbackEmail = ""' "$MM_CONFIG" >"$MM_CONFIG.tmp" && mv "$MM_CONFIG.tmp" "$MM_CONFIG"
jq '.EmailSettings.SMTPServer = ""' "$MM_CONFIG" >"$MM_CONFIG.tmp" && mv "$MM_CONFIG.tmp" "$MM_CONFIG"
jq '.EmailSettings.SMTPPort = ""' "$MM_CONFIG" >"$MM_CONFIG.tmp" && mv "$MM_CONFIG.tmp" "$MM_CONFIG"
jq ".EmailSettings.InviteSalt = \"$(generate_salt)\"" "$MM_CONFIG" >"$MM_CONFIG.tmp" && mv "$MM_CONFIG.tmp" "$MM_CONFIG"
jq ".EmailSettings.PasswordResetSalt = \"$(generate_salt)\"" "$MM_CONFIG" >"$MM_CONFIG.tmp" && mv "$MM_CONFIG.tmp" "$MM_CONFIG"
jq '.RateLimitSettings.Enable = true' "$MM_CONFIG" >"$MM_CONFIG.tmp" && mv "$MM_CONFIG.tmp" "$MM_CONFIG"
jq '.SqlSettings.DriverName = "postgres"' "$MM_CONFIG" >"$MM_CONFIG.tmp" && mv "$MM_CONFIG.tmp" "$MM_CONFIG"
jq ".SqlSettings.AtRestEncryptKey = \"$(generate_salt)\"" "$MM_CONFIG" >"$MM_CONFIG.tmp" && mv "$MM_CONFIG.tmp" "$MM_CONFIG"
jq '.PluginSettings.Directory = "/mattermost/plugins/"' "$MM_CONFIG" >"$MM_CONFIG.tmp" && mv "$MM_CONFIG.tmp" "$MM_CONFIG"
else
echo "Using existing config file $MM_CONFIG"
fi
# Configure database access
if [ -z "$MM_SQLSETTINGS_DATASOURCE" ] && [ -n "$MM_USERNAME" ] && [ -n "$MM_PASSWORD" ]; then
echo "Configure database connection..."
# URLEncode the password, allowing for special characters
ENCODED_PASSWORD=$(printf %s "$MM_PASSWORD" | jq -s -R -r @uri)
export MM_SQLSETTINGS_DATASOURCE="postgres://$MM_USERNAME:$ENCODED_PASSWORD@$DB_HOST:$DB_PORT_NUMBER/$MM_DBNAME?sslmode=$DB_USE_SSL&connect_timeout=10"
echo "OK"
else
echo "Using existing database connection"
fi
# Wait another second for the database to be properly started.
# Necessary to avoid "panic: Failed to open sql connection pq: the database system is starting up"
until pg_isready -h $DB_HOST -p $DB_PORT_NUMBER -U $MM_USERNAME
do
echo "Database is not ready yet. Waiting 5 seconds."
sleep 5
done
echo "Starting mattermost"
fi
exec "$@"

View File

@ -12,6 +12,11 @@ services:
- ${DATA_PATH}/letsencrypt:/letsencrypt - ${DATA_PATH}/letsencrypt:/letsencrypt
- ${DATA_PATH}/config/:/etc/traefik - ${DATA_PATH}/config/:/etc/traefik
container_name: traefik container_name: traefik
logging:
driver: "json-file"
options:
max-size: "200k"
max-file: "3"
labels: labels:
- "co.elastic.logs/module=traefik" - "co.elastic.logs/module=traefik"
- "co.elastic.logs/fileset=access" - "co.elastic.logs/fileset=access"