Unify docker-compose-nossl.yml and docker-compose-ssl.yml

.travis.yml

@@ -4,7 +4,6 @@ services:
     - docker
 
 before_install:
-    - ln -s docker-compose-nossl.yml docker-compose.yml
     - docker-compose up -d
     - sleep 10
 
@@ -12,4 +11,4 @@ script:
     - curl -sSf http://localhost > /dev/null
 
 after_failure:
-    - timeout 3s docker-compose logs app db
+    - timeout 3s docker-compose logs app db web

README.md

@@ -13,12 +13,13 @@ See [README.aws.md](./README.aws.md) if you want to install it on AWS Elastic Be
 
 ### Install with SSL certificate
 
-1. Create a symbolic link `docker-compose.yml` to `docker-compose-ssl.yml`:
+1. Open docker-compose.yml and set `MATTERMOST_ENABLE_SSL` to true.
 
-    ln -s docker-compose-ssl.yml docker-compose.yml
+    environment:
+      - MATTERMOST_ENABLE_SSL=true
 
-2. Put your SSL certificate as `web/cert/cert.pem` and the private key that has
+2. Put your SSL certificate as `./volumes/cert/cert.pem` and the private key that has
-   no password as `web/cert/private/key-no-password.pem`. If you don't have
+   no password as `./volumes/cert/key-no-password.pem`. If you don't have
    them you may generate a self-signed SSL certificate.
 
 3. Build and run mattermost
@@ -29,9 +30,10 @@ See [README.aws.md](./README.aws.md) if you want to install it on AWS Elastic Be
 
 ### Install without SSL certificate
 
-1. Create a symbolic link `docker-compose.yml` to `docker-compose-nossl.yml`:
+1. Open docker-compose.yml and set `MATTERMOST_ENABLE_SSL` to false.
 
-    ln -s docker-compose-nossl.yml docker-compose.yml
+    environment:
+      - MATTERMOST_ENABLE_SSL=false
 
 2. Build and run mattermost
 

docker-compose.yml

@@ -23,8 +23,11 @@ web:
     - "80:80"
     - "443:443"
   links:
-    - app:platform
+    - app:app
   volumes:
       # This directory must have cert files
     - ./volumes/web/cert:/cert:ro
     - /etc/localtime:/etc/localtime:ro
+  environment:
+    - MATTERMOST_ENABLE_SSL=false
+    - PLATFORM_PORT_80_TCP_PORT=80

web/Dockerfile

@@ -3,9 +3,9 @@ FROM ubuntu:14.04
 RUN apt-get update && apt-get install -y nginx
 
 RUN rm /etc/nginx/sites-enabled/default
-RUN ln -s /etc/nginx/sites-available/mattermost /etc/nginx/sites-enabled/mattermost
 
-ADD mattermost /etc/nginx/sites-available/
+COPY mattermost /etc/nginx/sites-available/
+COPY mattermost-ssl /etc/nginx/sites-available/
 ADD docker-entry.sh /
 
 RUN chmod +x /docker-entry.sh
@@ -14,9 +14,6 @@ RUN chmod +x /docker-entry.sh
 RUN ln -sf /dev/stdout /var/log/nginx/access.log
 RUN ln -sf /dev/stderr /var/log/nginx/error.log
 
-# Define mountable directories.
-VOLUME ["/etc/nginx/sites-enabled", "/etc/nginx/certs", "/etc/nginx/conf.d", "/var/log/nginx", "/var/www/html"]
-
 # Define working directory.
 WORKDIR /etc/nginx
 

web/docker-entry.sh

@@ -1,4 +1,9 @@
 #!/bin/bash
 echo Starting Nginx
-sed -Ei "s/PLATFORM_PORT/$PLATFORM_PORT_80_TCP_PORT/" /etc/nginx/sites-available/mattermost
+sed -Ei "s/APP_PORT/$PLATFORM_PORT_80_TCP_PORT/" /etc/nginx/sites-available/mattermost
+sed -Ei "s/APP_PORT/$PLATFORM_PORT_80_TCP_PORT/" /etc/nginx/sites-available/mattermost-ssl
+if [ "$MATTERMOST_ENABLE_SSL" = true ]; then
+    ssl="-ssl"
+fi
+ln -s /etc/nginx/sites-available/mattermost$ssl /etc/nginx/sites-enabled/mattermost
 nginx -g 'daemon off;'

web/mattermost

@@ -1,26 +1,8 @@
-# Uncomment the below configuration and set the server_name correctly if you
-# want to redirect http to https
-#
-# server {
-#     listen         80;
-#     server_name    mattermost.example.com;
-#     return         301 https://$server_name$request_uri;
-# }
-
 server {
-    listen 443;
+    listen 80;
-
-    ssl on;
-    ssl_certificate /cert/cert.pem;
-    ssl_certificate_key /cert/key-no-password.pem;
-    ssl_session_timeout 5m;
-    ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
-    ssl_ciphers HIGH:MEDIUM:!SSLv2:!PSK:!SRP:!ADH:!AECDH;
-    ssl_prefer_server_ciphers on;
 
     location / {
         gzip off;
-        proxy_set_header X-Forwarded-Ssl on;
 
         client_max_body_size 50M;
         proxy_set_header Upgrade $http_upgrade;
@@ -29,9 +11,7 @@ server {
         proxy_set_header X-Real-IP $remote_addr;
         proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
         proxy_set_header X-Forwarded-Proto $scheme;
-        proxy_set_header   X-Frame-Options   SAMEORIGIN;
+        proxy_set_header X-Frame-Options SAMEORIGIN;
-        proxy_pass http://app:PLATFORM_PORT;
+        proxy_pass http://app:APP_PORT;
     }
 }
-
-# See https://github.com/mattermost/platform/blob/master/doc/install/Production-Ubuntu.md for the SSL configuration

web/mattermost-ssl

@@ -0,0 +1,34 @@
+# server {
+#     listen         80;
+#     server_name    mattermost.example.com;
+#     return         301 https://$server_name$request_uri;
+# }
+
+server {
+    listen 443;
+
+    ssl on;
+    ssl_certificate /cert/cert.pem;
+    ssl_certificate_key /cert/key-no-password.pem;
+    ssl_session_timeout 5m;
+    ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
+    ssl_ciphers HIGH:MEDIUM:!SSLv2:!PSK:!SRP:!ADH:!AECDH;
+    ssl_prefer_server_ciphers on;
+
+    location / {
+        gzip off;
+        proxy_set_header X-Forwarded-Ssl on;
+
+        client_max_body_size 50M;
+        proxy_set_header Upgrade $http_upgrade;
+        proxy_set_header Connection "upgrade";
+        proxy_set_header Host $http_host;
+        proxy_set_header X-Real-IP $remote_addr;
+        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+        proxy_set_header X-Forwarded-Proto $scheme;
+        proxy_set_header X-Frame-Options SAMEORIGIN;
+        proxy_pass http://app:APP_PORT;
+    }
+}
+
+# See https://github.com/mattermost/docs/blob/master/source/install/prod-ubuntu.rst for the SSL configuration