.circleci/config.yml

@@ -1,14 +0,0 @@
-version: 2.1
-jobs:
-  none:
-    docker:
-      - image: alpine:3.10
-    steps:
-      - run:
-          command: echo "Skipping. not implemented"
-
-workflows:
-  version: 2
-  mainbuild:
-    jobs:
-      - none

.travis.yml

@@ -1,3 +1,5 @@
+sudo: required
+
 services:
     - docker
 
@@ -10,8 +12,8 @@ install:
     - sleep 30
 
 env:
-    - BUILD="mkdir -p ./volumes/app/mattermost/{data,logs,config,plugins} && docker-compose up -d"
+    - BUILD="mkdir -p ./volumes/app/mattermost/{data,logs,config} && docker-compose up -d"
-    - BUILD="docker run -d --name db -e POSTGRES_USER=mmuser -e POSTGRES_PASSWORD=mmuser_password -e POSTGRES_DB=mattermost mattermost-prod-db && sleep 5 && docker run -d --link db -p 80:8000 --name app -e MM_USERNAME=mmuser -e MM_PASSWORD=mmuser_password mattermost-prod-app"
+    - BUILD="docker run -d --name db -e POSTGRES_USER=mmuser -e POSTGRES_PASSWORD=mmuser_password -e POSTGRES_DB=mattermost mattermost-prod-db && sleep 5 && docker run -d --link db -p 80:8000 --name app mattermost-prod-app"
 
 script:
     - curl -sSf http://localhost > /dev/null

CONTRIBUTING.md

@@ -1,5 +0,0 @@
-# Code Contribution Guidelines
-
-Thank you for your interest in contributing! Please see the [Mattermost Contribution Guide](https://developers.mattermost.com/contribute/getting-started/) which describes the process for making code contributions across Mattermost projects and [join our "Contributors" community channel](https://community.mattermost.com/core/channels/tickets) to ask questions from community members and the Mattermost core team.
-
-When you submit a pull request, it goes through a [code review process outlined here](https://developers.mattermost.com/contribute/getting-started/code-review/).

MAINTENANCE.md

@@ -1,68 +1,67 @@
-# Maintainer Guide
+# Maintainer Guide 
 
-This file outlines the current maintainer(s) of this open source project and expectations. It also includes credits to past maintainers and the project creator.
+This file outlines the current maintainer(s) of this open source project and expectations. It also includes credits to past maintainers and the project creator. 
 
-## Project Name
+## Project Name 
 
-When reference externally, please use this for the short name:
+When reference externally, please use this for the short name: 
 
-- Production Docker deployment for Mattermost
+- Production Docker deployment for Mattermost 
 
-Please use this long name:
+Please use this long name: 
 
 - Production Docker deployment for Mattermost by the Mattermost open source project
 
 ## Maintainer(s)
 
-The following people help to maintain this open source project:
+The following people help to maintain this open source project: 
 
-| Current Maintainer(s)                 | Start Date    |
+| Current Maintainer(s)  | Start Date    | 
-|:--------------------------------------|:--------------|
+|:-----------------------|:--------------|
-| Carlos Tadeu Panato Junior - @cpanato | Feb 18 2018   |
+| Pan Luo - @xcompass    | Nov 30 2015   |
+| Kyâne Pichou - @pichouk| Jun 01 2017   |
 
-In case something happens where no maintainers are able to complete their responsibilities, the following sponsoring organization can help find a new maintainer:
+In case something happens where no maintainers are able to complete their responsibilies, the following sponsoring organization can help find a new maintainer: 
 
-| Sponsoring Organization        | Start Date    |
+| Sponsoring Organization        | Start Date    | 
 |:-------------------------------|:--------------|
 | Mattermost Open Source Project | Dec 04 2016   |
 
 
 ## Activities
 
-The following is a guide for current, new maintainers and prospective maintainers of this open source project to get started and to understand on-going responsibilities:
+The following is a guide for current, new maintainers and prospective maintainers of this open source project to get started and to understand on-going responsibilities: 
 
-### Getting Started
+### Getting Started 
 
-The following steps should be completed by a new maintainer
+The following steps should be completed by a new maintainer 
 
-1. **Add your name** - Create a pull request to add your name, GitHub username and start date to this document.
+1. **Add your name** - Create a pull request to add your name, GitHub username and start date to this document. 
 2. **Subscribe to mailing lists** - To be notified of new releases and security updates of Mattermost, subscribe to the [Mattermost Security Update Mailing List](http://mattermost.us11.list-manage.com/subscribe?u=6cdba22349ae374e188e7ab8e&id=3a93eb6929) and the [Mattermost Insiders Newsletter](http://mattermost.us11.list-manage.com/subscribe?u=6cdba22349ae374e188e7ab8e&id=2add1c8034)
 
-### Updating
+### Updating 
 
-When receive a mailing list email about a new security update or major version of Mattermost being released, update the version number of this project by doing the following:
+When receive a mailing list email about a new security update or major version of Mattermost being released, update the version number of this project by doing the following: 
 
 In the **master branch**
 
-- Change the [version number](https://github.com/mattermost/mattermost-docker/blob/master/app/Dockerfile#L6) to the latest release
+- Change the [version number](https://github.com/mattermost/mattermost-docker/blob/master/app/Dockerfile#L6) to the latest release 
-- Tag the repo
+- Tag the repo 
 
-### Issue and Pull Request Review
+### Issue and Pull Request Review 
 
-Maintainer(s) should periodically review pull requests and issues submitted to provide feedback and to merge pull request changes when the maintainer feels the change would be appropriate.
+Maintainer(s) should periodically review pull requests and issues submitted to provide feedback and to merge pull request changes when the maintainer feels the change would be appropriate. 
 
-## Credits
+## Credits 
 
-PREVIOUS MAINTAINERS
+PREVIOUS MAINTAINERS 
 
-| Maintainer              | Start Date    | End Date    |
+| Maintainer             | Start Date    | End Date    |
-|:------------------------|:--------------|:------------|
+|:-----------------------|:--------------|:------------|
-| Yi EungJun - @npcode    | Nov 26 2015   | Nov 30 2016 |
+| Yi EungJun - @npcode   | Nov 26 2015   | Nov 30 2016 | 
-| Pan Luo - @xcompass     | Nov 30 2015   | Feb 21 2019 |
-| Kyâne Pichou - @pichouk | Jun 01 2017   | Aug 15 2019 |
 
 
-CREATOR
+CREATOR 
 
 | Creator                | Created Date  |
 |:-----------------------|:--------------|

README.md

@@ -1,12 +1,6 @@
 # Production Docker deployment for Mattermost
 
-## WARNING:
+This project enables deployment of a Mattermost server in a multi-node production configuration using Docker.
-
-The current state of this repository doesn't work out-of-the box since Mattermost server v5.31+ requires PostgreSQL versions of 10 or higher.
-
-We're actively working on a fix to this repository. Until then, please refer to these upgrade instructions: https://github.com/mattermost/mattermost-docker/issues/489#issuecomment-790277661
-
-This project enables a deployment of a Mattermost server in a multi-node production configuration using Docker.
 
 [![Build Status](https://travis-ci.org/mattermost/mattermost-docker.svg?branch=master)](https://travis-ci.org/mattermost/mattermost-docker)
 
@@ -23,21 +17,18 @@ The following instructions deploy Mattermost in a production configuration using
 ### Requirements
 
 * [docker] (version `1.12+`)
-* [docker-compose] (version `1.10.0+` to support Compose file version `3.0`)
+* [docker-compose] (version `1.10.0+` to support Compose file version `3.0`) 
 
 ### Choose Edition to Install
 
 If you want to install Enterprise Edition, you can skip this section.
 
-To install the team edition, change `build: app` to `build:` and uncomment out these lines in `app:` services block to make it look like below in docker-compose.yaml file:
+To install the team edition, comment out the two following lines in docker-compose.yaml file:
 ```yaml
-app:
+args:
-  build:
+  - edition=team
-    context: app
-    args:
-      - edition=team
 ```
-The `app` Dockerfile will read the `edition` build argument to install Team (`edition = 'team'`) or Enterprise (`edition != team`) edition.
+The `app` Dockerfile will read the `edition` build argument to install Team (`edition = 'team'`) or Entreprise (`edition != team`) edition.
 
 ### Database container
 This repository offer a Docker image for the Mattermost database. It is a customized PostgreSQL image that you should configure with following environment variables :
@@ -57,9 +48,9 @@ If deploying to AWS, you could also set following variables to enable [Wal-E](ht
 All four environment variables are required. It will enable completed WAL segments sent to archive storage (S3). The base backup and clean up can be done through the following command:
 ```bash
 # Base backup
-docker exec mattermost-db su - postgres sh -c "/usr/bin/envdir /etc/wal-e.d/env /usr/bin/wal-e backup-push /var/lib/postgresql/data"
+docker exec mattermost-db su - postgres sh -c "/usr/bin/envdir /etc/wal-e.d/env /usr/local/bin/wal-e backup-push /var/lib/postgresql/data"
 # Keep the most recent 7 base backups and remove the old ones
-docker exec mattermost-db su - postgres sh -c "/usr/bin/envdir /etc/wal-e.d/env /usr/bin/wal-e delete --confirm retain 7"
+docker exec mattermost-db su - postgres sh -c "/usr/bin/envdir /etc/wal-e.d/env /usr/local/bin/wal-e delete --confirm retain 7"
 ```
 Those tasks can be executed through a cron job or systemd timer.
 
@@ -73,13 +64,6 @@ If your database use some custom host and port, it is also possible to configure
 * `DB_HOST`: database host address
 * `DB_PORT_NUMBER`: database port
 
-Use this optional variable if your PostgreSQL connection requires encryption (you may need a certificate authority file and/or a certificate revocation list - check the documentation for your database provider).  See the [PostgreSQL notes on encrypted connections](https://www.postgresql.org/docs/current/libpq-ssl.html) for recommendations on what values to use when encryption is needed.
-* `DB_SSLMODE`: defaults to `disable`, indicating no encryption
-
-PostgreSQL allows two other variables `sslrootcert` and `sslcrl` for connection strings.  However these are not broadly supported when the connection string is specified as a URI. If you need these parameters, use the PostgreSQL-specified environment variables
-* `PGSSLROOTCERT` specifies the location of CA file
-* `PGSSLCRL` specifies the location of a certificate revocation list file
-
 If you use a Mattermost configuration file on a different location than the default one (`/mattermost/config/config.json`) :
 * `MM_CONFIG`: configuration file location inside the container.
 
@@ -100,13 +84,13 @@ applications:
   instances: 1
   memory: 1G
   disk_quota: 256M
-  env:
+  env: 
     DB_HOST: database host address
     DB_PORT_NUMBER: database port
     MM_DBNAME: database name
     MM_USERNAME: database username
     MM_PASSWORD: database password
-
+   
 ```
 
 ### Web server container
@@ -114,27 +98,17 @@ This image is optional, you should **not** use it when you have your own reverse
 * `APP_HOST`: application host address
 * `APP_PORT_NUMBER`: application HTTP port
 
-If you plan to upload large files to your Mattermost instance, Nginx will need to write some temporary files. In that case, the `read_only: true` option on the `web` container should be removed from your `docker-compose.yml` file.
-
 #### Install with SSL certificate
 Put your SSL certificate as `./volumes/web/cert/cert.pem` and the private key that has
 no password as `./volumes/web/cert/key-no-password.pem`. If you don't have
 them you may generate a self-signed SSL certificate.
 
-#### Configure SSO with GitLab
-If you are looking for SSO with GitLab and you use self signed certificate you have to add the PKI chain of your authority in app because Alpine doesn't know him. This is required to avoid **Token request failed: certificate signed by unknown authority**
-
-For that uncomment this line and replace with the correct path of your PKI chain:
-```
-# - <path_to_your_gitlab_pki>/pki_chain.pem:/etc/ssl/certs/pki_chain.pem:ro
-```
-
 ### Starting/Stopping Docker
 
 #### Start
 If you are running docker with non root user, make sure the UID and GID in app/Dockerfile are the same as your current UID/GID
 ```
-mkdir -p ./volumes/app/mattermost/{data,logs,config,plugins}
+mkdir -p ./volumes/app/mattermost/{data,logs,config}
 chown -R 2000:2000 ./volumes/app/mattermost/
 docker-compose start
 ```
@@ -180,15 +154,15 @@ Your Docker image should now be on the latest Mattermost version.
 ## Upgrading Mattermost to 4.9+
 
 Docker images for `4.9.0` release introduce some important changes from [PR #241](https://github.com/mattermost/mattermost-docker/pull/241) to improve production use of Mattermost with Docker.
-**There are 2 important changes for existing installations**
+**There are 2 important changes for existing installations**  
 
 One important change is that we don't use `root` user by default to run the Mattermost application. So, as explained on [the README](https://github.com/mattermost/mattermost-docker#start), if you use host mounted volume you have to be sure that files on your host server have the correct UID/GID (by default those values are `2000`). In practice, you should just run following commands :
 ```
-mkdir -p ./volumes/app/mattermost/{data,logs,config,plugins}
+mkdir -p ./volumes/app/mattermost/{data,logs,config}
 chown -R 2000:2000 ./volumes/app/mattermost/
 ```
 
-The second important change is the port used by Mattermost application container. The default port is now `8000`, and existing installations that use port `80` will not work without a little configuration change. You have to open your Mattermost configuration file (`./volumes/app/mattermost/config/config.json` by default) and change the key `ServiceSettings.ListenAddress` to `:8000`.
+The second important change is the port used by Mattermost application container. The default port is now `8000`, and existing installations that use port `80` will not work without a little configuration change. You have to open your Mattermost configuration file (`./volumes/app/mattermost/config/config.json` by default) and change the key `ServiceSettings.ListenAddress` to `:8000`.  
 Also if you use your own web-server/reverse-proxy you need to change its configuration to reach port `8000` of the Mattermost container.
 
 
@@ -202,7 +176,7 @@ docker-compose build app
 docker-compose run app -upgrade_db_30
 docker-compose up -d
 ```
-See the [official Upgrade Guide](http://docs.mattermost.com/administration/upgrade.html) for more details.
+See the [offical Upgrade Guide](http://docs.mattermost.com/administration/upgrade.html) for more details.
 
 ## Installation using Docker Swarm Mode
 
@@ -217,7 +191,7 @@ Running containerized applications on multi-node swarms involves specific data p
 
 First, create mattermost directory structure on the docker hosts:
 ```
-mkdir -p /var/lib/mattermost/{cert,config,data,logs,plugins}
+mkdir -p /var/lib/mattermost/{cert,config,data,logs}
 ```
 
 Then, fire up the stack in your swarm:

app/Dockerfile

@@ -1,15 +1,13 @@
-FROM alpine:3.10
+FROM alpine:3.6
 
 # Some ENV variables
 ENV PATH="/mattermost/bin:${PATH}"
-ENV MM_INSTALL_TYPE=docker
+ENV MM_VERSION=5.2.0
 
 # Build argument to set Mattermost edition
 ARG edition=enterprise
 ARG PUID=2000
 ARG PGID=2000
-ARG MM_BINARY=
-ARG MM_VERSION=5.31.0
 
 
 # Install some needed packages
@@ -19,27 +17,25 @@ RUN apk add --no-cache \
 	jq \
 	libc6-compat \
 	libffi-dev \
-	libcap \
 	linux-headers \
 	mailcap \
 	netcat-openbsd \
 	xmlsec-dev \
-	tzdata \
 	&& rm -rf /tmp/*
 
 # Get Mattermost
-RUN mkdir -p /mattermost/data /mattermost/plugins /mattermost/client/plugins \
+RUN mkdir -p /mattermost/data \
-	&& if [ ! -z "$MM_BINARY" ]; then curl $MM_BINARY | tar -xvz ; \
+    && if [ "$edition" = "team" ] ; then curl https://releases.mattermost.com/$MM_VERSION/mattermost-team-$MM_VERSION-linux-amd64.tar.gz | tar -xvz ; \
-		elif [ "$edition" = "team" ] ; then curl https://releases.mattermost.com/$MM_VERSION/mattermost-team-$MM_VERSION-linux-amd64.tar.gz?src=docker-app | tar -xvz ; \
+      else curl https://releases.mattermost.com/$MM_VERSION/mattermost-$MM_VERSION-linux-amd64.tar.gz | tar -xvz ; fi \
-		else curl https://releases.mattermost.com/$MM_VERSION/mattermost-$MM_VERSION-linux-amd64.tar.gz?src=docker-app | tar -xvz ; fi \
+    && cp /mattermost/config/config.json /config.json.save \
-	&& cp /mattermost/config/config.json /config.json.save \
+    && rm -rf /mattermost/config/config.json
-	&& rm -rf /mattermost/config/config.json \
-	&& addgroup -g ${PGID} mattermost \
-	&& adduser -D -u ${PUID} -G mattermost -h /mattermost -D mattermost \
-	&& chown -R mattermost:mattermost /mattermost /config.json.save /mattermost/plugins /mattermost/client/plugins \
-	&& setcap cap_net_bind_service=+ep /mattermost/bin/mattermost
 
-USER mattermost
+# Get ready for production
+RUN addgroup -g ${PGID} mattermost \
+    && adduser -D -u ${PUID} -G mattermost -h /mattermost -D mattermost \
+    && chown -R mattermost:mattermost /mattermost /config.json.save 
+
+USER mattermost 
 
 #Healthcheck to make sure container is ready
 HEALTHCHECK CMD curl --fail http://localhost:8000 || exit 1
@@ -54,4 +50,4 @@ CMD ["mattermost"]
 EXPOSE 8000
 
 # Declare volumes for mount point directories
-VOLUME ["/mattermost/data", "/mattermost/logs", "/mattermost/config", "/mattermost/plugins", "/mattermost/client/plugins"]
+VOLUME ["/mattermost/data", "/mattermost/logs", "/mattermost/config"]

app/entrypoint.sh

@@ -2,76 +2,77 @@
 
 # Function to generate a random salt
 generate_salt() {
-  tr -dc 'a-zA-Z0-9' </dev/urandom | fold -w 48 | head -n 1
+  cat /dev/urandom | tr -dc 'a-zA-Z0-9' | fold -w 48 | head -n 1
 }
 
 # Read environment variables or set default values
 DB_HOST=${DB_HOST:-db}
 DB_PORT_NUMBER=${DB_PORT_NUMBER:-5432}
-# see https://www.postgresql.org/docs/current/libpq-ssl.html
+MM_USERNAME=${MM_USERNAME:-mmuser}
-# for usage when database connection requires encryption
+MM_PASSWORD=${MM_PASSWORD:-mmuser_password}
-# filenames should be escaped if they contain spaces
-#  i.e. $(printf %s ${MY_ENV_VAR:-''}  | jq -s -R -r @uri)
-# the location of the CA file can be set using environment var PGSSLROOTCERT
-# the location of the CRL file can be set using PGSSLCRL
-# The URL syntax for connection string does not support the parameters
-# sslrootcert and sslcrl reliably, so use these PostgreSQL-specified variables
-# to set names if using a location other than default
-DB_USE_SSL=${DB_USE_SSL:-disable}
 MM_DBNAME=${MM_DBNAME:-mattermost}
 MM_CONFIG=${MM_CONFIG:-/mattermost/config/config.json}
 
-_1=$(echo "$1" | awk '{ s=substr($0, 0, 1); print s; }')
+if [ "${1:0:1}" = '-' ]; then
-if [ "$_1" = '-' ]; then
+    set -- mattermost "$@"
-  set -- mattermost "$@"
 fi
 
 if [ "$1" = 'mattermost' ]; then
   # Check CLI args for a -config option
-  for ARG in "$@"; do
+  for ARG in $@;
-    case "$ARG" in
+  do
-    -config=*) MM_CONFIG=${ARG#*=} ;;
+      case "$ARG" in
-    esac
+          -config=*)
+              MM_CONFIG=${ARG#*=};;
+      esac
   done
 
-  if [ ! -f "$MM_CONFIG" ]; then
+  if [ ! -f $MM_CONFIG ]
+  then
     # If there is no configuration file, create it with some default values
-    echo "No configuration file $MM_CONFIG"
+    echo "No configuration file" $MM_CONFIG
     echo "Creating a new one"
     # Copy default configuration file
-    cp /config.json.save "$MM_CONFIG"
+    cp /config.json.save $MM_CONFIG
-    # Substitute some parameters with jq
+    # Substitue some parameters with jq
-    jq '.ServiceSettings.ListenAddress = ":8000"' "$MM_CONFIG" >"$MM_CONFIG.tmp" && mv "$MM_CONFIG.tmp" "$MM_CONFIG"
+    jq '.ServiceSettings.ListenAddress = ":8000"' $MM_CONFIG > $MM_CONFIG.tmp && mv $MM_CONFIG.tmp $MM_CONFIG
-    jq '.LogSettings.EnableConsole = true' "$MM_CONFIG" >"$MM_CONFIG.tmp" && mv "$MM_CONFIG.tmp" "$MM_CONFIG"
+    jq '.LogSettings.EnableConsole = false' $MM_CONFIG > $MM_CONFIG.tmp && mv $MM_CONFIG.tmp $MM_CONFIG
-    jq '.LogSettings.ConsoleLevel = "ERROR"' "$MM_CONFIG" >"$MM_CONFIG.tmp" && mv "$MM_CONFIG.tmp" "$MM_CONFIG"
+    jq '.LogSettings.ConsoleLevel = "INFO"' $MM_CONFIG > $MM_CONFIG.tmp && mv $MM_CONFIG.tmp $MM_CONFIG
-    jq '.FileSettings.Directory = "/mattermost/data/"' "$MM_CONFIG" >"$MM_CONFIG.tmp" && mv "$MM_CONFIG.tmp" "$MM_CONFIG"
+    jq '.FileSettings.Directory = "/mattermost/data/"' $MM_CONFIG > $MM_CONFIG.tmp && mv $MM_CONFIG.tmp $MM_CONFIG
-    jq '.FileSettings.EnablePublicLink = true' "$MM_CONFIG" >"$MM_CONFIG.tmp" && mv "$MM_CONFIG.tmp" "$MM_CONFIG"
+    jq '.FileSettings.EnablePublicLink = true' $MM_CONFIG > $MM_CONFIG.tmp && mv $MM_CONFIG.tmp $MM_CONFIG
-    jq ".FileSettings.PublicLinkSalt = \"$(generate_salt)\"" "$MM_CONFIG" >"$MM_CONFIG.tmp" && mv "$MM_CONFIG.tmp" "$MM_CONFIG"
+    jq '.FileSettings.PublicLinkSalt = "'$(generate_salt)'"' $MM_CONFIG > $MM_CONFIG.tmp && mv $MM_CONFIG.tmp $MM_CONFIG
-    jq '.EmailSettings.SendEmailNotifications = false' "$MM_CONFIG" >"$MM_CONFIG.tmp" && mv "$MM_CONFIG.tmp" "$MM_CONFIG"
+    jq '.EmailSettings.SendEmailNotifications = false' $MM_CONFIG > $MM_CONFIG.tmp && mv $MM_CONFIG.tmp $MM_CONFIG
-    jq '.EmailSettings.FeedbackEmail = ""' "$MM_CONFIG" >"$MM_CONFIG.tmp" && mv "$MM_CONFIG.tmp" "$MM_CONFIG"
+    jq '.EmailSettings.FeedbackEmail = ""' $MM_CONFIG > $MM_CONFIG.tmp && mv $MM_CONFIG.tmp $MM_CONFIG
-    jq '.EmailSettings.SMTPServer = ""' "$MM_CONFIG" >"$MM_CONFIG.tmp" && mv "$MM_CONFIG.tmp" "$MM_CONFIG"
+    jq '.EmailSettings.SMTPServer = ""' $MM_CONFIG > $MM_CONFIG.tmp && mv $MM_CONFIG.tmp $MM_CONFIG
-    jq '.EmailSettings.SMTPPort = ""' "$MM_CONFIG" >"$MM_CONFIG.tmp" && mv "$MM_CONFIG.tmp" "$MM_CONFIG"
+    jq '.EmailSettings.SMTPPort = ""' $MM_CONFIG > $MM_CONFIG.tmp && mv $MM_CONFIG.tmp $MM_CONFIG
-    jq ".EmailSettings.InviteSalt = \"$(generate_salt)\"" "$MM_CONFIG" >"$MM_CONFIG.tmp" && mv "$MM_CONFIG.tmp" "$MM_CONFIG"
+    jq '.EmailSettings.InviteSalt = "'$(generate_salt)'"' $MM_CONFIG > $MM_CONFIG.tmp && mv $MM_CONFIG.tmp $MM_CONFIG
-    jq ".EmailSettings.PasswordResetSalt = \"$(generate_salt)\"" "$MM_CONFIG" >"$MM_CONFIG.tmp" && mv "$MM_CONFIG.tmp" "$MM_CONFIG"
+    jq '.EmailSettings.PasswordResetSalt = "'$(generate_salt)'"' $MM_CONFIG > $MM_CONFIG.tmp && mv $MM_CONFIG.tmp $MM_CONFIG
-    jq '.RateLimitSettings.Enable = true' "$MM_CONFIG" >"$MM_CONFIG.tmp" && mv "$MM_CONFIG.tmp" "$MM_CONFIG"
+    jq '.RateLimitSettings.Enable = true' $MM_CONFIG > $MM_CONFIG.tmp && mv $MM_CONFIG.tmp $MM_CONFIG
-    jq '.SqlSettings.DriverName = "postgres"' "$MM_CONFIG" >"$MM_CONFIG.tmp" && mv "$MM_CONFIG.tmp" "$MM_CONFIG"
+    jq '.SqlSettings.DriverName = "postgres"' $MM_CONFIG > $MM_CONFIG.tmp && mv $MM_CONFIG.tmp $MM_CONFIG
-    jq ".SqlSettings.AtRestEncryptKey = \"$(generate_salt)\"" "$MM_CONFIG" >"$MM_CONFIG.tmp" && mv "$MM_CONFIG.tmp" "$MM_CONFIG"
+    jq '.SqlSettings.AtRestEncryptKey = "'$(generate_salt)'"' $MM_CONFIG > $MM_CONFIG.tmp && mv $MM_CONFIG.tmp $MM_CONFIG
-    jq '.PluginSettings.Directory = "/mattermost/plugins/"' "$MM_CONFIG" >"$MM_CONFIG.tmp" && mv "$MM_CONFIG.tmp" "$MM_CONFIG"
   else
-    echo "Using existing config file $MM_CONFIG"
+    echo "Using existing config file" $MM_CONFIG
   fi
 
   # Configure database access
-  if [ -z "$MM_SQLSETTINGS_DATASOURCE" ] && [ -n "$MM_USERNAME" ] && [ -n "$MM_PASSWORD" ]; then
+  if [ -z "$MM_SQLSETTINGS_DATASOURCE" ]
-    echo "Configure database connection..."
+  then
+    echo -ne "Configure database connection..."
     # URLEncode the password, allowing for special characters
-    ENCODED_PASSWORD=$(printf %s "$MM_PASSWORD" | jq -s -R -r @uri)
+    ENCODED_PASSWORD=$(printf %s $MM_PASSWORD | jq -s -R -r @uri)
-    export MM_SQLSETTINGS_DATASOURCE="postgres://$MM_USERNAME:$ENCODED_PASSWORD@$DB_HOST:$DB_PORT_NUMBER/$MM_DBNAME?sslmode=$DB_USE_SSL&connect_timeout=10"
+    export MM_SQLSETTINGS_DATASOURCE="postgres://$MM_USERNAME:$ENCODED_PASSWORD@$DB_HOST:$DB_PORT_NUMBER/$MM_DBNAME?sslmode=disable&connect_timeout=10"
-    echo "OK"
+    echo OK
   else
     echo "Using existing database connection"
   fi
 
+  # Wait for database to be reachable
+  echo "Wait until database $DB_HOST:$DB_PORT_NUMBER is ready..."
+  until nc -z $DB_HOST $DB_PORT_NUMBER
+  do
+    sleep 1
+  done
+
   # Wait another second for the database to be properly started.
   # Necessary to avoid "panic: Failed to open sql connection pq: the database system is starting up"
   sleep 1

contrib/aws/.gitignore

@@ -1,5 +0,0 @@
-
-# Elastic Beanstalk Files
-.elasticbeanstalk/*
-!.elasticbeanstalk/*.cfg.yml
-!.elasticbeanstalk/*.global.yml

contrib/aws/Dockerrun.aws.json

@@ -19,12 +19,6 @@
                 "sourcePath": "/var/app/current/app/mattermost/logs"
             }
         },
-        {
-            "name": "app-plugins",
-            "host": {
-                "sourcePath": "/var/app/current/app/mattermost/plugins"
-            }
-        },
         {
             "name": "db-data",
             "host": {
@@ -43,7 +37,6 @@
             "name": "db",
             "image": "mattermost/mattermost-prod-db:latest",
             "memory": 128,
-            "essential": true,
             "mountPoints": [
                 {
                     "sourceVolume": "db-data",
@@ -67,7 +60,6 @@
             "name": "app",
             "image": "mattermost/mattermost-prod-app:latest",
             "memory": 128,
-            "essential": true,
             "mountPoints": [
                 {
                     "sourceVolume": "app-config",
@@ -80,10 +72,6 @@
                 {
                     "sourceVolume": "app-logs",
                     "containerPath": "/mattermost/logs"
-                },
-                {
-                    "sourceVolume": "app-plugins",
-                    "containerPath": "/mattermost/plugins"
                 }
             ],
             "links": [
@@ -92,9 +80,8 @@
         },
         {
             "name": "web",
-            "image": "mattermost/mattermost-prod-web:5.9.0",
+            "image": "mattermost/mattermost-prod-web:latest",
             "memory": 128,
-            "essential": true,
             "mountPoints": [
                 {
                     "sourceVolume": "web-cert",

contrib/aws/README.md

@@ -6,8 +6,6 @@
 
 ### Install
 
-Make the changes in the config file to reflect your needs (app/mattermost/config/config.json)
-
 ```
 eb init
 eb create prod

contrib/aws/app/mattermost/config/config.json

@@ -1,413 +0,0 @@
-{
-  "ServiceSettings": {
-    "SiteURL": "",
-    "WebsocketURL": "",
-    "LicenseFileLocation": "",
-    "ListenAddress": ":8000",
-    "ConnectionSecurity": "",
-    "TLSCertFile": "",
-    "TLSKeyFile": "",
-    "TLSMinVer": "1.2",
-    "TLSStrictTransport": false,
-    "TLSStrictTransportMaxAge": 63072000,
-    "TLSOverwriteCiphers": [],
-    "UseLetsEncrypt": false,
-    "LetsEncryptCertificateCacheFile": "./config/letsencrypt.cache",
-    "Forward80To443": false,
-    "ReadTimeout": 300,
-    "WriteTimeout": 300,
-    "MaximumLoginAttempts": 10,
-    "GoroutineHealthThreshold": -1,
-    "GoogleDeveloperKey": "",
-    "EnableOAuthServiceProvider": false,
-    "EnableIncomingWebhooks": true,
-    "EnableOutgoingWebhooks": true,
-    "EnableCommands": true,
-    "EnableOnlyAdminIntegrations": true,
-    "EnablePostUsernameOverride": false,
-    "EnablePostIconOverride": false,
-    "EnableAPIv3": false,
-    "EnableLinkPreviews": false,
-    "EnableTesting": false,
-    "EnableDeveloper": false,
-    "EnableSecurityFixAlert": true,
-    "EnableInsecureOutgoingConnections": false,
-    "AllowedUntrustedInternalConnections": "",
-    "EnableMultifactorAuthentication": false,
-    "EnforceMultifactorAuthentication": false,
-    "EnableUserAccessTokens": false,
-    "AllowCorsFrom": "",
-    "CorsExposedHeaders": "",
-    "CorsAllowCredentials": false,
-    "CorsDebug": false,
-    "AllowCookiesForSubdomains": false,
-    "SessionLengthWebInDays": 30,
-    "SessionLengthMobileInDays": 30,
-    "SessionLengthSSOInDays": 30,
-    "SessionCacheInMinutes": 10,
-    "SessionIdleTimeoutInMinutes": 0,
-    "WebsocketSecurePort": 443,
-    "WebsocketPort": 80,
-    "WebserverMode": "gzip",
-    "EnableCustomEmoji": false,
-    "EnableEmojiPicker": true,
-    "EnableGifPicker": false,
-    "GfycatApiKey": "2_KtH_W5",
-    "GfycatApiSecret": "3wLVZPiswc3DnaiaFoLkDvB4X0IV6CpMkj4tf2inJRsBY6-FnkT08zGmppWFgeof",
-    "RestrictCustomEmojiCreation": "all",
-    "RestrictPostDelete": "all",
-    "AllowEditPost": "always",
-    "PostEditTimeLimit": -1,
-    "ExperimentalEnableAuthenticationTransfer": true,
-    "TimeBetweenUserTypingUpdatesMilliseconds": 5000,
-    "EnablePostSearch": true,
-    "EnableUserTypingMessages": true,
-    "EnableChannelViewedMessages": true,
-    "EnableUserStatuses": true,
-    "ClusterLogTimeoutMilliseconds": 2000,
-    "EnablePreviewFeatures": true,
-    "CloseUnusedDirectMessages": false,
-    "EnableTutorial": true,
-    "ExperimentalEnableDefaultChannelLeaveJoinMessages": true,
-    "ExperimentalGroupUnreadChannels": "disabled",
-    "ExperimentalChannelOrganization": false,
-    "ImageProxyType": "",
-    "ImageProxyOptions": "",
-    "ImageProxyURL": "",
-    "EnableAPITeamDeletion": false,
-    "ExperimentalEnableHardenedMode": false,
-    "EnableEmailInvitations": false
-  },
-  "TeamSettings": {
-    "SiteName": "Mattermost",
-    "MaxUsersPerTeam": 50,
-    "EnableTeamCreation": true,
-    "EnableUserCreation": true,
-    "EnableOpenServer": false,
-    "EnableUserDeactivation": false,
-    "RestrictCreationToDomains": "",
-    "EnableCustomBrand": false,
-    "CustomBrandText": "",
-    "CustomDescriptionText": "",
-    "RestrictDirectMessage": "any",
-    "RestrictTeamInvite": "all",
-    "RestrictPublicChannelManagement": "all",
-    "RestrictPrivateChannelManagement": "all",
-    "RestrictPublicChannelCreation": "all",
-    "RestrictPrivateChannelCreation": "all",
-    "RestrictPublicChannelDeletion": "all",
-    "RestrictPrivateChannelDeletion": "all",
-    "RestrictPrivateChannelManageMembers": "all",
-    "EnableXToLeaveChannelsFromLHS": false,
-    "UserStatusAwayTimeout": 300,
-    "MaxChannelsPerTeam": 2000,
-    "MaxNotificationsPerChannel": 1000,
-    "EnableConfirmNotificationsToChannel": true,
-    "TeammateNameDisplay": "username",
-    "ExperimentalViewArchivedChannels": false,
-    "ExperimentalEnableAutomaticReplies": false,
-    "ExperimentalHideTownSquareinLHS": false,
-    "ExperimentalTownSquareIsReadOnly": false,
-    "ExperimentalPrimaryTeam": "",
-    "ExperimentalDefaultChannels": ""
-  },
-  "DisplaySettings": {
-    "CustomUrlSchemes": [],
-    "ExperimentalTimezone": false
-  },
-  "ClientRequirements": {
-    "AndroidLatestVersion": "",
-    "AndroidMinVersion": "",
-    "DesktopLatestVersion": "",
-    "DesktopMinVersion": "",
-    "IosLatestVersion": "",
-    "IosMinVersion": ""
-  },
-  "SqlSettings": {
-    "DriverName": "postgres",
-    "DataSource": "postgres://mmuser:mmuser_password@db:5432/mattermost?sslmode=disable&connect_timeout=10",
-    "DataSourceReplicas": [],
-    "DataSourceSearchReplicas": [],
-    "MaxIdleConns": 20,
-    "ConnMaxLifetimeMilliseconds": 3600000,
-    "MaxOpenConns": 300,
-    "Trace": false,
-    "AtRestEncryptKey": "",
-    "QueryTimeout": 30
-  },
-  "LogSettings": {
-    "EnableConsole": true,
-    "ConsoleLevel": "DEBUG",
-    "ConsoleJson": true,
-    "EnableFile": true,
-    "FileLevel": "INFO",
-    "FileJson": true,
-    "FileLocation": "",
-    "EnableWebhookDebugging": true,
-    "EnableDiagnostics": true
-  },
-  "PasswordSettings": {
-    "MinimumLength": 5,
-    "Lowercase": false,
-    "Number": false,
-    "Uppercase": false,
-    "Symbol": false
-  },
-  "FileSettings": {
-    "EnableFileAttachments": true,
-    "EnableMobileUpload": true,
-    "EnableMobileDownload": true,
-    "MaxFileSize": 52428800,
-    "DriverName": "local",
-    "Directory": "./data/",
-    "EnablePublicLink": false,
-    "PublicLinkSalt": "",
-    "InitialFont": "nunito-bold.ttf",
-    "AmazonS3AccessKeyId": "",
-    "AmazonS3SecretAccessKey": "",
-    "AmazonS3Bucket": "",
-    "AmazonS3Region": "",
-    "AmazonS3Endpoint": "s3.amazonaws.com",
-    "AmazonS3SSL": true,
-    "AmazonS3SignV2": false,
-    "AmazonS3SSE": false,
-    "AmazonS3Trace": false
-  },
-  "EmailSettings": {
-    "EnableSignUpWithEmail": true,
-    "EnableSignInWithEmail": true,
-    "EnableSignInWithUsername": true,
-    "SendEmailNotifications": true,
-    "UseChannelInEmailNotifications": false,
-    "RequireEmailVerification": false,
-    "FeedbackName": "",
-    "FeedbackEmail": "test@example.com",
-    "FeedbackOrganization": "",
-    "EnableSMTPAuth": false,
-    "SMTPUsername": "",
-    "SMTPPassword": "",
-    "SMTPServer": "dockerhost",
-    "SMTPPort": "2500",
-    "ConnectionSecurity": "",
-    "InviteSalt": "",
-    "SendPushNotifications": true,
-    "PushNotificationServer": "https://push-test.mattermost.com",
-    "PushNotificationContents": "generic",
-    "EnableEmailBatching": false,
-    "EmailBatchingBufferSize": 256,
-    "EmailBatchingInterval": 30,
-    "EnablePreviewModeBanner": true,
-    "SkipServerCertificateVerification": false,
-    "EmailNotificationContentsType": "full",
-    "LoginButtonColor": "",
-    "LoginButtonBorderColor": "",
-    "LoginButtonTextColor": ""
-  },
-  "RateLimitSettings": {
-    "Enable": false,
-    "PerSec": 10,
-    "MaxBurst": 100,
-    "MemoryStoreSize": 10000,
-    "VaryByRemoteAddr": true,
-    "VaryByUser": false,
-    "VaryByHeader": ""
-  },
-  "PrivacySettings": {
-    "ShowEmailAddress": true,
-    "ShowFullName": true
-  },
-  "SupportSettings": {
-    "TermsOfServiceLink": "https://about.mattermost.com/default-terms/",
-    "PrivacyPolicyLink": "https://about.mattermost.com/default-privacy-policy/",
-    "AboutLink": "https://about.mattermost.com/default-about/",
-    "HelpLink": "https://about.mattermost.com/default-help/",
-    "ReportAProblemLink": "https://about.mattermost.com/default-report-a-problem/",
-    "SupportEmail": "feedback@mattermost.com"
-  },
-  "AnnouncementSettings": {
-    "EnableBanner": false,
-    "BannerText": "",
-    "BannerColor": "#f2a93b",
-    "BannerTextColor": "#333333",
-    "AllowBannerDismissal": true
-  },
-  "ThemeSettings": {
-    "EnableThemeSelection": true,
-    "DefaultTheme": "default",
-    "AllowCustomThemes": true,
-    "AllowedThemes": []
-  },
-  "TimezoneSettings": {
-    "SupportedTimezonesPath": "timezones.json"
-  },
-  "GitLabSettings": {
-    "Enable": false,
-    "Secret": "",
-    "Id": "",
-    "Scope": "",
-    "AuthEndpoint": "",
-    "TokenEndpoint": "",
-    "UserApiEndpoint": ""
-  },
-  "GoogleSettings": {
-    "Enable": false,
-    "Secret": "",
-    "Id": "",
-    "Scope": "profile email",
-    "AuthEndpoint": "https://accounts.google.com/o/oauth2/v2/auth",
-    "TokenEndpoint": "https://www.googleapis.com/oauth2/v4/token",
-    "UserApiEndpoint": "https://www.googleapis.com/plus/v1/people/me"
-  },
-  "Office365Settings": {
-    "Enable": false,
-    "Secret": "",
-    "Id": "",
-    "Scope": "User.Read",
-    "AuthEndpoint": "https://login.microsoftonline.com/common/oauth2/v2.0/authorize",
-    "TokenEndpoint": "https://login.microsoftonline.com/common/oauth2/v2.0/token",
-    "UserApiEndpoint": "https://graph.microsoft.com/v1.0/me"
-  },
-  "LdapSettings": {
-    "Enable": false,
-    "EnableSync": false,
-    "LdapServer": "",
-    "LdapPort": 389,
-    "ConnectionSecurity": "",
-    "BaseDN": "",
-    "BindUsername": "",
-    "BindPassword": "",
-    "UserFilter": "",
-    "FirstNameAttribute": "",
-    "LastNameAttribute": "",
-    "EmailAttribute": "",
-    "UsernameAttribute": "",
-    "NicknameAttribute": "",
-    "IdAttribute": "",
-    "PositionAttribute": "",
-    "LoginIdAttribute": "",
-    "SyncIntervalMinutes": 60,
-    "SkipCertificateVerification": false,
-    "QueryTimeout": 60,
-    "MaxPageSize": 0,
-    "LoginFieldName": "",
-    "LoginButtonColor": "",
-    "LoginButtonBorderColor": "",
-    "LoginButtonTextColor": ""
-  },
-  "ComplianceSettings": {
-    "Enable": false,
-    "Directory": "./data/",
-    "EnableDaily": false
-  },
-  "LocalizationSettings": {
-    "DefaultServerLocale": "en",
-    "DefaultClientLocale": "en",
-    "AvailableLocales": ""
-  },
-  "SamlSettings": {
-    "Enable": false,
-    "EnableSyncWithLdap": false,
-    "EnableSyncWithLdapIncludeAuth": false,
-    "Verify": true,
-    "Encrypt": true,
-    "IdpUrl": "",
-    "IdpDescriptorUrl": "",
-    "AssertionConsumerServiceURL": "",
-    "ScopingIDPProviderId": "",
-    "ScopingIDPName": "",
-    "IdpCertificateFile": "",
-    "PublicCertificateFile": "",
-    "PrivateKeyFile": "",
-    "IdAttribute": "",
-    "FirstNameAttribute": "",
-    "LastNameAttribute": "",
-    "EmailAttribute": "",
-    "UsernameAttribute": "",
-    "NicknameAttribute": "",
-    "LocaleAttribute": "",
-    "PositionAttribute": "",
-    "LoginButtonText": "SAML",
-    "LoginButtonColor": "",
-    "LoginButtonBorderColor": "",
-    "LoginButtonTextColor": ""
-  },
-  "NativeAppSettings": {
-    "AppDownloadLink": "https://about.mattermost.com/downloads/",
-    "AndroidAppDownloadLink": "https://about.mattermost.com/mattermost-android-app/",
-    "IosAppDownloadLink": "https://about.mattermost.com/mattermost-ios-app/"
-  },
-  "ClusterSettings": {
-    "Enable": false,
-    "ClusterName": "",
-    "OverrideHostname": "",
-    "UseIpAddress": true,
-    "UseExperimentalGossip": false,
-    "ReadOnlyConfig": true,
-    "GossipPort": 8074,
-    "StreamingPort": 8075,
-    "MaxIdleConns": 100,
-    "MaxIdleConnsPerHost": 128,
-    "IdleConnTimeoutMilliseconds": 90000
-  },
-  "MetricsSettings": {
-    "Enable": false,
-    "BlockProfileRate": 0,
-    "ListenAddress": ":8067"
-  },
-  "ExperimentalSettings": {
-    "ClientSideCertEnable": false,
-    "ClientSideCertCheck": "secondary",
-    "EnablePostMetadata": false
-  },
-  "AnalyticsSettings": {
-    "MaxUsersForStatistics": 2500
-  },
-  "ElasticsearchSettings": {
-    "ConnectionUrl": "http://dockerhost:9200",
-    "Username": "elastic",
-    "Password": "changeme",
-    "EnableIndexing": false,
-    "EnableSearching": false,
-    "Sniff": true,
-    "PostIndexReplicas": 1,
-    "PostIndexShards": 1,
-    "AggregatePostsAfterDays": 365,
-    "PostsAggregatorJobStartTime": "03:00",
-    "IndexPrefix": "",
-    "LiveIndexingBatchSize": 1,
-    "BulkIndexingTimeWindowSeconds": 3600,
-    "RequestTimeoutSeconds": 30
-  },
-  "DataRetentionSettings": {
-    "EnableMessageDeletion": false,
-    "EnableFileDeletion": false,
-    "MessageRetentionDays": 365,
-    "FileRetentionDays": 365,
-    "DeletionJobStartTime": "02:00"
-  },
-  "MessageExportSettings": {
-    "EnableExport": false,
-    "DailyRunTime": "01:00",
-    "ExportFromTimestamp": 0,
-    "FileLocation": "export",
-    "BatchSize": 10000,
-    "GlobalRelaySettings": {
-      "CustomerType": "A9",
-      "SmtpUsername": "",
-      "SmtpPassword": "",
-      "EmailAddress": ""
-    }
-  },
-  "JobSettings": {
-    "RunJobs": true,
-    "RunScheduler": true
-  },
-  "PluginSettings": {
-    "Enable": true,
-    "EnableUploads": false,
-    "Directory": "./plugins",
-    "ClientDirectory": "./client/plugins",
-    "Plugins": {},
-    "PluginStates": {}
-  }
-}

contrib/kubernetes/README.md

@@ -76,7 +76,7 @@ Type:                   NodePort
 IP:                     10.0.0.194
 Port:                   http    80/TCP
 NodePort:               http    32283/TCP
-Endpoints:              172.17.0.4:8000
+Endpoints:              172.17.0.4:80
 Session Affinity:       None
 No events.
 ```
@@ -90,7 +90,7 @@ curl -L http://192.168.99.100:32283
 
 ### Optional steps
 
- * If you want your data to be persistent you will need to make persistent volumes for Mattermost and Postgres. This requires adding a [securityContext](https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#discussion) to the deployment to set `runAsUser: 2000`, `runAsGroup: 2000` and `fsGroup: 2000`.
+ * If you want your data to be persistent you will need to make persistent volumes for Mattermost and Postgres.
  * If you want to change advanced settings for the mattermost container you can make a [configMap](http://blog.kubernetes.io/2016/04/configuration-management-with-containers.html) for the /mattermost/config/config.json file
  * If you want the application exposed on port 80 you can either specify the port in the service manifest or use an [ingress controller](http://kubernetes.io/docs/user-guide/ingress/#ingress-controllers) and an ingress map for the mattermost service. A sample ingress map would be
 ```

contrib/kubernetes/mattermost.deployment.yaml

@@ -17,14 +17,14 @@ spec:
     spec:
       containers:
       - name: mattermost-app
-        image: "mattermost/mattermost-prod-app:5.14.1"
+        image: "mattermost/mattermost-prod-app:4.7.0"
         env:
         - name: DB_HOST
           valueFrom:
             secretKeyRef:
               name: mattermost.env
               key: db-host
-        - name: DB_PORT_NUMBER
+        - name: DB_PORT
           valueFrom:
             secretKeyRef:
               name: mattermost.env
@@ -45,14 +45,14 @@ spec:
               name: mattermost.env
               key: mm-dbname
         volumeMounts:
-        # optional persistent storage
+        # optional persistant storage
         #- name: appdata
           #mountPath: /mattermost/data
         - name: etclocaltime
           mountPath: /etc/localtime
           readOnly: true
       volumes:
-      # optional persistent storage
+      # optional persistant storage
       #- name: appdata
         #persistentVolumeClaim:
         #  claimName: mattermost-app

contrib/kubernetes/mattermost.svc.yaml

@@ -7,7 +7,7 @@ spec:
   type: NodePort
   ports:
   - port: 80
-    targetPort: 8000
+    targetPort: 80
     protocol: TCP
     name: http
   selector:

contrib/swarm/docker-stack-traefik.yml

@@ -4,17 +4,17 @@
 # Simply run:
 #
 # `docker stack up [STACK NAME] -c docker-stack-traefik.yml`
-#
+# 
 # In this case `mm` is going to be stack name, so the command will be:
 #
 # `docker stack up mm -c docker-stack-traefik.yml`
 #
 # From now on all the services that belong to this stack will be prefixed with `mm_`
 # this file defines 3 services, these are going to be mm_db, mm_app and mm_web,
-# each of these names is the service's hostname as well, they can communicate
+# each of these names is the service's hostname as well, they can communicate 
 # with each other easily by using the hostname instead of the ip or exposing ports to the host.
 #
-# As a side note, images tagged as latest are pulled by default,
+# As a side note, images tagged as latest are pulled by default, 
 # that means there's no need to use `image:latest`
 #
 # use latest compose v3.3 file format for optimal compatibility with latest docker release and swarm features.
@@ -59,7 +59,7 @@ services:
         condition: on-failure
   app:
     # use official mattermost prod-app image
-    image: mattermost/mattermost-prod-app:5.13.0
+    image: mattermost/mattermost-prod-app
     networks:
       - mm-in
       - mm-out
@@ -67,7 +67,6 @@ services:
       - /var/lib/mattermost/config:/mattermost/config:rw
       - /var/lib/mattermost/data:/mattermost/data:rw
       - /var/lib/mattermost/logs:/mattermost/logs:rw
-      - /var/lib/mattermost/plugins:/mattermost/plugins:rw
       - /etc/localtime:/etc/localtime:ro
     environment:
       # use service's hostname
@@ -109,18 +108,7 @@ services:
       - "443:443"
     networks:
       - mm-out
-    command: >
+    command: --acme --acme.email="[ADD YOUR EMAIL HERE]" --acme.entrypoint=https --acme.onhostrule --acme.storage="acme/certs.json" --acme.acmelogging --web --docker --docker.domain=docker.localhost --docker.swarmmode --docker.watch --logLevel=DEBUG
-      --acme
-      --acme.email="[ADD YOUR EMAIL HERE]"
-      --acme.entrypoint=https --acme.onhostrule
-      --acme.storage="acme/certs.json"
-      --acme.acmelogging
-      --web
-      --docker
-      --docker.domain=docker.localhost
-      --docker.swarmmode
-      --docker.watch
-      --logLevel=DEBUG
     volumes:
       # traefik needs the docker socket in order to work properly
       - /var/run/docker.sock:/var/run/docker.sock
@@ -132,4 +120,4 @@ services:
       - traefik-certs:/acme
     deploy:
       restart_policy:
-       condition: on-failure
+       condition: on-failure

contrib/swarm/docker-stack.yml

@@ -4,17 +4,17 @@
 # Simply run:
 #
 # `docker stack up [STACK NAME] -c docker-stack.yml`
+# 
+# In this case `mm` is going to be stack name, so the command will be:
 #
-# In this case `mattermost` is going to be stack name, so the command will be:
+# `docker stack up mm -c docker-stack.yml`
 #
-# `docker stack up mattermost -c docker-stack.yml`
+# From now on all the services that belong to this stack will be prefixed with `mm_`
-#
+# this file defines 3 services, these are going to be mm_db, mm_app and mm_web,
-# From now on all the services that belong to this stack will be prefixed with `mattermost_`
+# each of these names is the service's hostname as well, they can communicate 
-# this file defines 3 services, these are going to be mattermost_db, mattermost_app and mattermost_web,
-# each of these names is the service's hostname as well, they can communicate
 # with each other easily by using the hostname instead of the ip or exposing ports to the host.
 #
-# As a side note, images tagged as latest are pulled by default,
+# As a side note, images tagged as latest are pulled by default, 
 # that means there's no need to use `image:latest`
 #
 # use latest compose v3.3 file format for optimal compatibility with latest docker release and swarm features.
@@ -58,7 +58,7 @@ services:
         condition: on-failure
   app:
     # use official mattermost prod-app image
-    image: mattermost/mattermost-prod-app:5.13.0
+    image: mattermost/mattermost-prod-app
     networks:
       - mm-in
       - mm-out
@@ -66,11 +66,10 @@ services:
       - /var/lib/mattermost/config:/mattermost/config:rw
       - /var/lib/mattermost/data:/mattermost/data:rw
       - /var/lib/mattermost/logs:/mattermost/logs:rw
-      - /var/lib/mattermost/plugins:/mattermost/plugins:rw
       - /etc/localtime:/etc/localtime:ro
     environment:
       # use service's hostname
-      - DB_HOST=db
+      - DB_HOST=mm_db
       # talk to the port within the overlay network
       # without (over)exposing ports
       - DB_PORT_NUMBER=5432
@@ -99,10 +98,10 @@ services:
       - /etc/localtime:/etc/localtime:ro
     environment:
       # use app service's hostname
-      - APP_HOST=app
+      - APP_HOST=mm_app
       # talk to the port within the overlay network
       # without (over)exposing ports
       - APP_PORT_NUMBER=80
     deploy:
       restart_policy:
-       condition: on-failure
+       condition: on-failure

db/Dockerfile

@@ -3,7 +3,6 @@ FROM postgres:9.4-alpine
 ENV DEFAULT_TIMEZONE UTC
 
 # Install some packages to use WAL
-RUN echo "azure<5.0.0" > pip-constraints.txt
 RUN apk add --no-cache \
       build-base \
       curl \
@@ -13,21 +12,18 @@ RUN apk add --no-cache \
       python-dev \
       py-pip \
       py-cryptography \
-      pv \
+    && pip --no-cache-dir install 'wal-e<1.0.0' envdir \
-      libressl-dev \
-    && pip install --upgrade pip \
-    && pip --no-cache-dir install -c pip-constraints.txt 'wal-e<1.0.0' envdir \
     && rm -rf /var/cache/apk/* /tmp/* /var/tmp/*
 
 # Add wale script
 COPY setup-wale.sh /docker-entrypoint-initdb.d/
 
 #Healthcheck to make sure container is ready
-HEALTHCHECK CMD pg_isready -U $POSTGRES_USER -d $POSTGRES_DB || exit 1
+HEALTHCHECK CMD pg_isready -U postgres || exit 1
 
 # Add and configure entrypoint and command
 COPY entrypoint.sh /
 ENTRYPOINT ["/entrypoint.sh"]
 CMD ["postgres"]
 
-VOLUME ["/var/run/postgresql", "/usr/share/postgresql/", "/var/lib/postgresql/data", "/tmp", "/etc/wal-e.d/env"]
+VOLUME ["/var/run/postgresql", "/usr/share/postgresql/", "/var/lib/postgresql/data", "/tmp"]

db/entrypoint.sh

@@ -5,7 +5,7 @@ export WAL_LEVEL=${WAL_LEVEL:-minimal}
 export ARCHIVE_MODE=${ARCHIVE_MODE:-off}
 export ARCHIVE_TIMEOUT=${ARCHIVE_TIMEOUT:-60}
 
-function update_conf() {
+function update_conf () {
   wal=$1
   # PGDATA is defined in upstream postgres dockerfile
   config_file=$PGDATA/postgresql.conf
@@ -23,11 +23,11 @@ function update_conf() {
   sed -i "s/archive_command =.*$//g" $config_file
 
   # Configure wal-e
-  if [ "$wal" = true ]; then
+  if [ "$wal" = true ] ; then
     /docker-entrypoint-initdb.d/setup-wale.sh
   fi
-  echo "log_timezone = $DEFAULT_TIMEZONE" >>$config_file
+  echo "log_timezone = $DEFAULT_TIMEZONE" >> $config_file
-  echo "timezone = $DEFAULT_TIMEZONE" >>$config_file
+  echo "timezone = $DEFAULT_TIMEZONE" >> $config_file
 }
 
 if [ "${1:0:1}" = '-' ]; then
@@ -46,7 +46,7 @@ if [ "$1" = 'postgres' ]; then
   done
 
   # Setup wal-e env variables
-  if [ "$wal_enable" = true ]; then
+  if [ "$wal_enable" = true ] ; then
     for v in ${VARS[@]}; do
       export $v="${!v}"
     done
@@ -58,5 +58,5 @@ if [ "$1" = 'postgres' ]; then
   update_conf $wal_enable
 
   # Run the postgresql entrypoint
-  docker-entrypoint.sh postgres
+  . /docker-entrypoint.sh
 fi

db/setup-wale.sh

@@ -1,7 +1,7 @@
 #!/bin/bash
 
 # wal-e specific configuration
-echo "wal_level = $WAL_LEVEL" >>$PGDATA/postgresql.conf
+echo "wal_level = $WAL_LEVEL" >> $PGDATA/postgresql.conf
-echo "archive_mode = $ARCHIVE_MODE" >>$PGDATA/postgresql.conf
+echo "archive_mode = $ARCHIVE_MODE" >> $PGDATA/postgresql.conf
-echo "archive_command = '/usr/bin/wal-e wal-push %p'" >>$PGDATA/postgresql.conf
+echo "archive_command = '/usr/bin/wal-e wal-push %p'" >> $PGDATA/postgresql.conf
-echo "archive_timeout = $ARCHIVE_TIMEOUT" >>$PGDATA/postgresql.conf
+echo "archive_timeout = $ARCHIVE_TIMEOUT" >> $PGDATA/postgresql.conf

docker-compose.yml

@@ -1,4 +1,4 @@
-version: "3"
+version: "2"
 
 services:
 
@@ -27,41 +27,31 @@ services:
       #   - edition=team
       #   - PUID=1000
       #   - PGID=1000
-      #   - MM_VERSION=5.31
     restart: unless-stopped
     volumes:
       - ./volumes/app/mattermost/config:/mattermost/config:rw
       - ./volumes/app/mattermost/data:/mattermost/data:rw
       - ./volumes/app/mattermost/logs:/mattermost/logs:rw
-      - ./volumes/app/mattermost/plugins:/mattermost/plugins:rw
-      - ./volumes/app/mattermost/client-plugins:/mattermost/client/plugins:rw
       - /etc/localtime:/etc/localtime:ro
-      # When you want to use SSO with GitLab, you have to add the cert pki chain of GitLab inside Alpine
-      # to avoid Token request failed: certificate signed by unknown authority (link: https://github.com/mattermost/mattermost-server/issues/13059)
-      # - <path_to_your_gitlab_pki>/pki_chain.pem:/etc/ssl/certs/pki_chain.pem:ro
     environment:
       # set same as db credentials and dbname
       - MM_USERNAME=mmuser
       - MM_PASSWORD=mmuser_password
       - MM_DBNAME=mattermost
-
-      # use the credentials you've set above, in the format:
-      # MM_SQLSETTINGS_DATASOURCE=postgres://${MM_USERNAME}:${MM_PASSWORD}@db:5432/${MM_DBNAME}?sslmode=disable&connect_timeout=10
-      - MM_SQLSETTINGS_DATASOURCE=postgres://mmuser:mmuser_password@db:5432/mattermost?sslmode=disable&connect_timeout=10
-
       # in case your config is not in default location
       #- MM_CONFIG=/mattermost/config/config.json
 
   web:
     build: web
     ports:
-      - "80:8080"
+      - "80:80"
-      - "443:8443"
+      - "443:443"
     read_only: true
     restart: unless-stopped
     volumes:
       # This directory must have cert files if you want to enable SSL
       - ./volumes/web/cert:/cert:ro
       - /etc/localtime:/etc/localtime:ro
-    cap_drop:
+    # Uncomment for SSL
-      - ALL
+    # environment:
+    #  - MATTERMOST_ENABLE_SSL=true

web/Dockerfile

@@ -1,38 +1,17 @@
-FROM nginxinc/nginx-unprivileged:mainline-alpine
+FROM nginx:mainline-alpine
-
-USER root
 
 # Remove default configuration and add our custom Nginx configuration files
 RUN rm /etc/nginx/conf.d/default.conf \
     && apk add --no-cache curl
 
 COPY ["./mattermost", "./mattermost-ssl", "/etc/nginx/sites-available/"]
+COPY ./security.conf /etc/nginx/conf.d/
 
 # Add and setup entrypoint
 COPY entrypoint.sh /
 
-RUN chown -R nginx:nginx /etc/nginx/sites-available && \
-         chown -R nginx:nginx /var/cache/nginx && \
-         chown -R nginx:nginx /var/log/nginx && \
-         chown -R nginx:nginx /etc/nginx/conf.d && \
-         chown nginx:nginx entrypoint.sh
-RUN touch /var/run/nginx.pid && \
-         chown -R nginx:nginx /var/run/nginx.pid
-
-COPY ./security.conf /etc/nginx/conf.d/
-
-RUN chown -R nginx:nginx /etc/nginx/conf.d/security.conf
-
-RUN chmod u+x /entrypoint.sh
-
-RUN sed -i "/^http {/a \    proxy_buffering off;\n" /etc/nginx/nginx.conf
-RUN sed -i '/temp_path/d' /etc/nginx/nginx.conf \
-    && sed -i 's!/tmp/nginx.pid!/var/run/nginx.pid!g' /etc/nginx/nginx.conf
-
-USER nginx
-
 #Healthcheck to make sure container is ready
-HEALTHCHECK CMD curl --fail http://localhost:8080 || exit 1
+HEALTHCHECK CMD curl --fail http://localhost:80 || exit 1
 
 ENTRYPOINT ["/entrypoint.sh"]
 

web/entrypoint.sh

@@ -11,14 +11,12 @@ if [ -f "/cert/cert.pem" -a -f "/cert/key-no-password.pem" ]; then
 else
   echo "linking plain config"
 fi
-# Ensure that the configuration file is not present before linking.
-test -w /etc/nginx/conf.d/mattermost.conf && rm /etc/nginx/conf.d/mattermost.conf
 # Linking Nginx configuration file
-ln -s -f /etc/nginx/sites-available/mattermost$ssl /etc/nginx/conf.d/mattermost.conf
+ln -s /etc/nginx/sites-available/mattermost$ssl /etc/nginx/conf.d/mattermost.conf
 
 # Setup app host and port on configuration file
 sed -i "s/{%APP_HOST%}/${APP_HOST}/g" /etc/nginx/conf.d/mattermost.conf
 sed -i "s/{%APP_PORT%}/${APP_PORT_NUMBER}/g" /etc/nginx/conf.d/mattermost.conf
 
 # Run Nginx
-exec nginx -g 'daemon off;'
+nginx -g 'daemon off;'

web/mattermost

@@ -4,7 +4,7 @@ map $http_x_forwarded_proto $proxy_x_forwarded_proto {
 }
 
 server {
-    listen 8080;
+    listen 80;
 
     location ~ /api/v[0-9]+/(users/)?websocket$ {
         proxy_set_header Upgrade $http_upgrade;

web/mattermost-ssl

@@ -1,7 +1,7 @@
 server {
-    listen 8080 default_server;
+	listen 80 default_server;
-    server_name _;
+	server_name _;
-    return 301 https://$host$request_uri;
+	return 301 https://$host$request_uri;
 }
 
 map $http_x_forwarded_proto $proxy_x_forwarded_proto {
@@ -10,16 +10,15 @@ map $http_x_forwarded_proto $proxy_x_forwarded_proto {
 }
 
 server {
-    listen 8443 ssl http2;
+    listen 443 ssl http2;
 
+    ssl on;
     ssl_certificate /cert/cert.pem;
     ssl_certificate_key /cert/key-no-password.pem;
     ssl_session_timeout 5m;
-    ssl_protocols TLSv1.2 TLSv1.3;
+    ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
-    # Please update the ciphers in this file every 6 months.
+    ssl_ciphers HIGH:MEDIUM:!SSLv2:!PSK:!SRP:!ADH:!AECDH;
-    # https://ssl-config.mozilla.org/
+    ssl_prefer_server_ciphers on;
-    ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384;
-    ssl_prefer_server_ciphers off;
 
     location ~ /api/v[0-9]+/(users/)?websocket$ {
         proxy_set_header Upgrade $http_upgrade;
@@ -35,7 +34,7 @@ server {
         proxy_buffers 256 16k;
         proxy_buffer_size 16k;
         proxy_read_timeout 600s;
-        proxy_pass http://{%APP_HOST%}:{%APP_PORT%};
+	proxy_pass http://{%APP_HOST%}:{%APP_PORT%};
     }
 
     location / {
@@ -52,7 +51,7 @@ server {
         proxy_buffers 256 16k;
         proxy_buffer_size 16k;
         proxy_read_timeout 600s;
-        proxy_pass http://{%APP_HOST%}:{%APP_PORT%};
+	proxy_pass http://{%APP_HOST%}:{%APP_PORT%};
     }
 }