mattermost/contrib/swarm/docker-stack-traefik.yml

# This file allows you to run mattermost within your docker swarm mode cluster
# for more informations check: https://docs.docker.com/engine/swarm/
#
# Simply run:
#
# `docker stack up [STACK NAME] -c docker-stack-traefik.yml`
#
# In this case `mm` is going to be stack name, so the command will be:
#
# `docker stack up mm -c docker-stack-traefik.yml`
#
# From now on all the services that belong to this stack will be prefixed with `mm_`
# this file defines 3 services, these are going to be mm_db, mm_app and mm_web,
# each of these names is the service's hostname as well, they can communicate
# with each other easily by using the hostname instead of the ip or exposing ports to the host.
#
# As a side note, images tagged as latest are pulled by default,
# that means there's no need to use `image:latest`
#
# use latest compose v3.3 file format for optimal compatibility with latest docker release and swarm features.
# see https://docs.docker.com/compose/compose-file/compose-versioning/#version-3
# and https://docs.docker.com/compose/compose-file/compose-versioning/#version-33
# and https://docs.docker.com/compose/compose-file/compose-versioning/#upgrading

version: '3.3'
networks:
  # network for App <-> DB transactions
  mm-in:
    driver: overlay
    internal: true
  # this network faces the outside world
  mm-out:
    driver: overlay
    internal: false
volumes:
  mm-dbdata:
  traefik-certs:
services:
  db:
    # use official mattermost prod-db image
    image: mattermost/mattermost-prod-db
    networks:
      - mm-in
    volumes:
      # use a named-volume for data persistency
      - mm-dbdata:/var/lib/postgresql/data
      - /etc/localtime:/etc/localtime:ro
    environment:
      - POSTGRES_USER=mmuser
      - POSTGRES_PASSWORD=mmuser_password
      - POSTGRES_DB=mattermost
      # uncomment the following to enable backup
      # - AWS_ACCESS_KEY_ID=XXXX
      # - AWS_SECRET_ACCESS_KEY=XXXX
      # - WALE_S3_PREFIX=s3://BUCKET_NAME/PATH
      # - AWS_REGION=us-east-1
    deploy:
      restart_policy:
        condition: on-failure
  app:
    # use official mattermost prod-app image
    image: mattermost/mattermost-prod-app
    networks:
      - mm-in
      - mm-out
    volumes:
      - /var/lib/mattermost/config:/mattermost/config:rw
      - /var/lib/mattermost/data:/mattermost/data:rw
      - /var/lib/mattermost/logs:/mattermost/logs:rw
      - /var/lib/mattermost/plugins:/mattermost/plugins:rw
      - /etc/localtime:/etc/localtime:ro
    environment:
      # use service's hostname
      - DB_HOST=mm_db
      # talk to the port within the overlay network
      # without (over)exposing ports
      - DB_PORT_NUMBER=5432
      - MM_USERNAME=mmuser
      - MM_PASSWORD=mmuser_password
      - MM_DBNAME=mattermost
      # pass the edition to be used, default is enterprise
      # setting this env var will make the app use the team edition
      - edition=team
      # in case your config is not in default location
      # - MM_CONFIG=/mattermost/config/config.json
    deploy:
      labels:
        - "traefik.backend.loadbalancer.sticky=true"
        - "traefik.backend.loadbalancer.swarm=true"
        # the backend service needs a name
        - "traefik.backend=mmapp"
        # network is prefixed `mm_` as well
        - "traefik.docker.network=mm_mm-out"
        # generate a TLS cert for this domain
        - "traefik.entrypoints=https"
        - "traefik.frontend.passHostHeader=true"
        # add your domain below here
        - "traefik.frontend.rule=Host:mattermost.domain.com"
        - "traefik.port=80"
      restart_policy:
        condition: on-failure
  web:
  # use official traefik image
    image: traefik
    ports:
      - "80:80"
      # you can view the traefik's dashboard in http://localhost:8080
      - "8080:8080"
      - "443:443"
    networks:
      - mm-out
    command: --acme --acme.email="[ADD YOUR EMAIL HERE]" --acme.entrypoint=https --acme.onhostrule --acme.storage="acme/certs.json" --acme.acmelogging --web --docker --docker.domain=docker.localhost --docker.swarmmode --docker.watch --logLevel=DEBUG
    volumes:
      # traefik needs the docker socket in order to work properly
      - /var/run/docker.sock:/var/run/docker.sock
      # no traefik config file is being used
      # you can deep further in the traefik docs
      # http://docs.traefik.io/user-guide/examples/
      - /dev/null:/traefik.toml
      # use a named-volume for certs persistency
      - traefik-certs:/acme
    deploy:
      restart_policy:
       condition: on-failure
Swarm file flavors (#222) * Better documentation for swarm file, avoid exposing ports for no reason * add swarm file using traefik 2018-01-21 23:01:46 +01:00			`# This file allows you to run mattermost within your docker swarm mode cluster`
			`# for more informations check: https://docs.docker.com/engine/swarm/`
			`#`
			`# Simply run:`
			`#`
			# `docker stack up [STACK NAME] -c docker-stack-traefik.yml`
Bump to 5.5.0 2018-11-15 20:12:44 +01:00			`#`
Swarm file flavors (#222) * Better documentation for swarm file, avoid exposing ports for no reason * add swarm file using traefik 2018-01-21 23:01:46 +01:00			# In this case `mm` is going to be stack name, so the command will be:
			`#`
			# `docker stack up mm -c docker-stack-traefik.yml`
			`#`
			# From now on all the services that belong to this stack will be prefixed with `mm_`
			`# this file defines 3 services, these are going to be mm_db, mm_app and mm_web,`
Bump to 5.5.0 2018-11-15 20:12:44 +01:00			`# each of these names is the service's hostname as well, they can communicate`
Swarm file flavors (#222) * Better documentation for swarm file, avoid exposing ports for no reason * add swarm file using traefik 2018-01-21 23:01:46 +01:00			`# with each other easily by using the hostname instead of the ip or exposing ports to the host.`
			`#`
Bump to 5.5.0 2018-11-15 20:12:44 +01:00			`# As a side note, images tagged as latest are pulled by default,`
Swarm file flavors (#222) * Better documentation for swarm file, avoid exposing ports for no reason * add swarm file using traefik 2018-01-21 23:01:46 +01:00			# that means there's no need to use `image:latest`
			`#`
			`# use latest compose v3.3 file format for optimal compatibility with latest docker release and swarm features.`
			`# see https://docs.docker.com/compose/compose-file/compose-versioning/#version-3`
			`# and https://docs.docker.com/compose/compose-file/compose-versioning/#version-33`
			`# and https://docs.docker.com/compose/compose-file/compose-versioning/#upgrading`

			`version: '3.3'`
			`networks:`
			`# network for App <-> DB transactions`
			`mm-in:`
			`driver: overlay`
			`internal: true`
			`# this network faces the outside world`
			`mm-out:`
			`driver: overlay`
			`internal: false`
			`volumes:`
			`mm-dbdata:`
			`traefik-certs:`
			`services:`
			`db:`
			`# use official mattermost prod-db image`
			`image: mattermost/mattermost-prod-db`
			`networks:`
			`- mm-in`
			`volumes:`
			`# use a named-volume for data persistency`
			`- mm-dbdata:/var/lib/postgresql/data`
			`- /etc/localtime:/etc/localtime:ro`
			`environment:`
			`- POSTGRES_USER=mmuser`
			`- POSTGRES_PASSWORD=mmuser_password`
			`- POSTGRES_DB=mattermost`
			`# uncomment the following to enable backup`
			`# - AWS_ACCESS_KEY_ID=XXXX`
			`# - AWS_SECRET_ACCESS_KEY=XXXX`
			`# - WALE_S3_PREFIX=s3://BUCKET_NAME/PATH`
			`# - AWS_REGION=us-east-1`
			`deploy:`
			`restart_policy:`
			`condition: on-failure`
			`app:`
			`# use official mattermost prod-app image`
			`image: mattermost/mattermost-prod-app`
			`networks:`
			`- mm-in`
			`- mm-out`
			`volumes:`
			`- /var/lib/mattermost/config:/mattermost/config:rw`
			`- /var/lib/mattermost/data:/mattermost/data:rw`
			`- /var/lib/mattermost/logs:/mattermost/logs:rw`
Backup plugins directory (#297) 2018-08-22 14:47:58 +02:00			`- /var/lib/mattermost/plugins:/mattermost/plugins:rw`
Swarm file flavors (#222) * Better documentation for swarm file, avoid exposing ports for no reason * add swarm file using traefik 2018-01-21 23:01:46 +01:00			`- /etc/localtime:/etc/localtime:ro`
			`environment:`
			`# use service's hostname`
			`- DB_HOST=mm_db`
			`# talk to the port within the overlay network`
			`# without (over)exposing ports`
			`- DB_PORT_NUMBER=5432`
			`- MM_USERNAME=mmuser`
			`- MM_PASSWORD=mmuser_password`
			`- MM_DBNAME=mattermost`
			`# pass the edition to be used, default is enterprise`
			`# setting this env var will make the app use the team edition`
			`- edition=team`
			`# in case your config is not in default location`
			`# - MM_CONFIG=/mattermost/config/config.json`
			`deploy:`
			`labels:`
			`- "traefik.backend.loadbalancer.sticky=true"`
			`- "traefik.backend.loadbalancer.swarm=true"`
			`# the backend service needs a name`
			`- "traefik.backend=mmapp"`
			# network is prefixed `mm_` as well
			`- "traefik.docker.network=mm_mm-out"`
			`# generate a TLS cert for this domain`
			`- "traefik.entrypoints=https"`
			`- "traefik.frontend.passHostHeader=true"`
			`# add your domain below here`
			`- "traefik.frontend.rule=Host:mattermost.domain.com"`
			`- "traefik.port=80"`
			`restart_policy:`
			`condition: on-failure`
			`web:`
			`# use official traefik image`
			`image: traefik`
			`ports:`
			`- "80:80"`
			`# you can view the traefik's dashboard in http://localhost:8080`
			`- "8080:8080"`
			`- "443:443"`
			`networks:`
			`- mm-out`
			`command: --acme --acme.email="[ADD YOUR EMAIL HERE]" --acme.entrypoint=https --acme.onhostrule --acme.storage="acme/certs.json" --acme.acmelogging --web --docker --docker.domain=docker.localhost --docker.swarmmode --docker.watch --logLevel=DEBUG`
			`volumes:`
			`# traefik needs the docker socket in order to work properly`
			`- /var/run/docker.sock:/var/run/docker.sock`
			`# no traefik config file is being used`
			`# you can deep further in the traefik docs`
			`# http://docs.traefik.io/user-guide/examples/`
			`- /dev/null:/traefik.toml`
			`# use a named-volume for certs persistency`
			`- traefik-certs:/acme`
			`deploy:`
			`restart_policy:`
			`condition: on-failure`