Compare commits
3 Commits
| Author | SHA1 | Date | |
|---|---|---|---|
|
c3ecd245be | ||
|
|
5b52f713bd | ||
|
|
d8c52f8d74 |
@ -1,6 +1,12 @@
|
|||||||
# Production Docker deployment for Mattermost
|
# Production Docker deployment for Mattermost
|
||||||
|
|
||||||
This project enables deployment of a Mattermost server in a multi-node production configuration using Docker.
|
## WARNING:
|
||||||
|
|
||||||
|
The current state of this repository doesn't work out-of-the box since Mattermost server v5.31+ requires PostgreSQL versions of 10 or higher.
|
||||||
|
|
||||||
|
We're actively working on a fix to this repository. Until then, please refer to these upgrade instructions: https://github.com/mattermost/mattermost-docker/issues/489#issuecomment-790277661
|
||||||
|
|
||||||
|
This project enables a deployment of a Mattermost server in a multi-node production configuration using Docker.
|
||||||
|
|
||||||
[](https://travis-ci.org/mattermost/mattermost-docker)
|
[](https://travis-ci.org/mattermost/mattermost-docker)
|
||||||
|
|
||||||
|
|||||||
@ -2,7 +2,6 @@ FROM alpine:3.10
|
|||||||
|
|
||||||
# Some ENV variables
|
# Some ENV variables
|
||||||
ENV PATH="/mattermost/bin:${PATH}"
|
ENV PATH="/mattermost/bin:${PATH}"
|
||||||
ENV MM_VERSION=5.31.0
|
|
||||||
ENV MM_INSTALL_TYPE=docker
|
ENV MM_INSTALL_TYPE=docker
|
||||||
|
|
||||||
# Build argument to set Mattermost edition
|
# Build argument to set Mattermost edition
|
||||||
@ -10,6 +9,7 @@ ARG edition=enterprise
|
|||||||
ARG PUID=2000
|
ARG PUID=2000
|
||||||
ARG PGID=2000
|
ARG PGID=2000
|
||||||
ARG MM_BINARY=
|
ARG MM_BINARY=
|
||||||
|
ARG MM_VERSION=5.31.0
|
||||||
|
|
||||||
|
|
||||||
# Install some needed packages
|
# Install some needed packages
|
||||||
|
|||||||
@ -27,6 +27,7 @@ services:
|
|||||||
# - edition=team
|
# - edition=team
|
||||||
# - PUID=1000
|
# - PUID=1000
|
||||||
# - PGID=1000
|
# - PGID=1000
|
||||||
|
# - MM_VERSION=5.31
|
||||||
restart: unless-stopped
|
restart: unless-stopped
|
||||||
volumes:
|
volumes:
|
||||||
- ./volumes/app/mattermost/config:/mattermost/config:rw
|
- ./volumes/app/mattermost/config:/mattermost/config:rw
|
||||||
@ -54,11 +55,13 @@ services:
|
|||||||
web:
|
web:
|
||||||
build: web
|
build: web
|
||||||
ports:
|
ports:
|
||||||
- "80:80"
|
- "80:8080"
|
||||||
- "443:443"
|
- "443:8443"
|
||||||
read_only: true
|
read_only: true
|
||||||
restart: unless-stopped
|
restart: unless-stopped
|
||||||
volumes:
|
volumes:
|
||||||
# This directory must have cert files if you want to enable SSL
|
# This directory must have cert files if you want to enable SSL
|
||||||
- ./volumes/web/cert:/cert:ro
|
- ./volumes/web/cert:/cert:ro
|
||||||
- /etc/localtime:/etc/localtime:ro
|
- /etc/localtime:/etc/localtime:ro
|
||||||
|
cap_drop:
|
||||||
|
- ALL
|
||||||
|
|||||||
@ -1,17 +1,38 @@
|
|||||||
FROM nginx:mainline-alpine
|
FROM nginxinc/nginx-unprivileged:mainline-alpine
|
||||||
|
|
||||||
|
USER root
|
||||||
|
|
||||||
# Remove default configuration and add our custom Nginx configuration files
|
# Remove default configuration and add our custom Nginx configuration files
|
||||||
RUN rm /etc/nginx/conf.d/default.conf \
|
RUN rm /etc/nginx/conf.d/default.conf \
|
||||||
&& apk add --no-cache curl
|
&& apk add --no-cache curl
|
||||||
|
|
||||||
COPY ["./mattermost", "./mattermost-ssl", "/etc/nginx/sites-available/"]
|
COPY ["./mattermost", "./mattermost-ssl", "/etc/nginx/sites-available/"]
|
||||||
COPY ./security.conf /etc/nginx/conf.d/
|
|
||||||
|
|
||||||
# Add and setup entrypoint
|
# Add and setup entrypoint
|
||||||
COPY entrypoint.sh /
|
COPY entrypoint.sh /
|
||||||
|
|
||||||
|
RUN chown -R nginx:nginx /etc/nginx/sites-available && \
|
||||||
|
chown -R nginx:nginx /var/cache/nginx && \
|
||||||
|
chown -R nginx:nginx /var/log/nginx && \
|
||||||
|
chown -R nginx:nginx /etc/nginx/conf.d && \
|
||||||
|
chown nginx:nginx entrypoint.sh
|
||||||
|
RUN touch /var/run/nginx.pid && \
|
||||||
|
chown -R nginx:nginx /var/run/nginx.pid
|
||||||
|
|
||||||
|
COPY ./security.conf /etc/nginx/conf.d/
|
||||||
|
|
||||||
|
RUN chown -R nginx:nginx /etc/nginx/conf.d/security.conf
|
||||||
|
|
||||||
|
RUN chmod u+x /entrypoint.sh
|
||||||
|
|
||||||
|
RUN sed -i "/^http {/a \ proxy_buffering off;\n" /etc/nginx/nginx.conf
|
||||||
|
RUN sed -i '/temp_path/d' /etc/nginx/nginx.conf \
|
||||||
|
&& sed -i 's!/tmp/nginx.pid!/var/run/nginx.pid!g' /etc/nginx/nginx.conf
|
||||||
|
|
||||||
|
USER nginx
|
||||||
|
|
||||||
#Healthcheck to make sure container is ready
|
#Healthcheck to make sure container is ready
|
||||||
HEALTHCHECK CMD curl --fail http://localhost:80 || exit 1
|
HEALTHCHECK CMD curl --fail http://localhost:8080 || exit 1
|
||||||
|
|
||||||
ENTRYPOINT ["/entrypoint.sh"]
|
ENTRYPOINT ["/entrypoint.sh"]
|
||||||
|
|
||||||
|
|||||||
@ -4,7 +4,7 @@ map $http_x_forwarded_proto $proxy_x_forwarded_proto {
|
|||||||
}
|
}
|
||||||
|
|
||||||
server {
|
server {
|
||||||
listen 80;
|
listen 8080;
|
||||||
|
|
||||||
location ~ /api/v[0-9]+/(users/)?websocket$ {
|
location ~ /api/v[0-9]+/(users/)?websocket$ {
|
||||||
proxy_set_header Upgrade $http_upgrade;
|
proxy_set_header Upgrade $http_upgrade;
|
||||||
|
|||||||
@ -1,5 +1,5 @@
|
|||||||
server {
|
server {
|
||||||
listen 80 default_server;
|
listen 8080 default_server;
|
||||||
server_name _;
|
server_name _;
|
||||||
return 301 https://$host$request_uri;
|
return 301 https://$host$request_uri;
|
||||||
}
|
}
|
||||||
@ -10,7 +10,7 @@ map $http_x_forwarded_proto $proxy_x_forwarded_proto {
|
|||||||
}
|
}
|
||||||
|
|
||||||
server {
|
server {
|
||||||
listen 443 ssl http2;
|
listen 8443 ssl http2;
|
||||||
|
|
||||||
ssl_certificate /cert/cert.pem;
|
ssl_certificate /cert/cert.pem;
|
||||||
ssl_certificate_key /cert/key-no-password.pem;
|
ssl_certificate_key /cert/key-no-password.pem;
|
||||||
|
|||||||
Reference in New Issue
Block a user