This repository has been archived on 2021-08-31. You can view files and clone it, but cannot push or open issues or pull requests.
mattermost/contrib/swarm/docker-stack-traefik.yml
Mauricio Ugaz 09d59556e0 Swarm file flavors (#222)
* Better documentation for swarm file, avoid exposing ports for no reason

* add swarm file using traefik
2018-01-21 23:01:46 +01:00

123 lines
4.4 KiB
YAML

# This file allows you to run mattermost within your docker swarm mode cluster
# for more informations check: https://docs.docker.com/engine/swarm/
#
# Simply run:
#
# `docker stack up [STACK NAME] -c docker-stack-traefik.yml`
#
# In this case `mm` is going to be stack name, so the command will be:
#
# `docker stack up mm -c docker-stack-traefik.yml`
#
# From now on all the services that belong to this stack will be prefixed with `mm_`
# this file defines 3 services, these are going to be mm_db, mm_app and mm_web,
# each of these names is the service's hostname as well, they can communicate
# with each other easily by using the hostname instead of the ip or exposing ports to the host.
#
# As a side note, images tagged as latest are pulled by default,
# that means there's no need to use `image:latest`
#
# use latest compose v3.3 file format for optimal compatibility with latest docker release and swarm features.
# see https://docs.docker.com/compose/compose-file/compose-versioning/#version-3
# and https://docs.docker.com/compose/compose-file/compose-versioning/#version-33
# and https://docs.docker.com/compose/compose-file/compose-versioning/#upgrading
version: '3.3'
networks:
# network for App <-> DB transactions
mm-in:
driver: overlay
internal: true
# this network faces the outside world
mm-out:
driver: overlay
internal: false
volumes:
mm-dbdata:
traefik-certs:
services:
db:
# use official mattermost prod-db image
image: mattermost/mattermost-prod-db
networks:
- mm-in
volumes:
# use a named-volume for data persistency
- mm-dbdata:/var/lib/postgresql/data
- /etc/localtime:/etc/localtime:ro
environment:
- POSTGRES_USER=mmuser
- POSTGRES_PASSWORD=mmuser_password
- POSTGRES_DB=mattermost
# uncomment the following to enable backup
# - AWS_ACCESS_KEY_ID=XXXX
# - AWS_SECRET_ACCESS_KEY=XXXX
# - WALE_S3_PREFIX=s3://BUCKET_NAME/PATH
# - AWS_REGION=us-east-1
deploy:
restart_policy:
condition: on-failure
app:
# use official mattermost prod-app image
image: mattermost/mattermost-prod-app
networks:
- mm-in
- mm-out
volumes:
- /var/lib/mattermost/config:/mattermost/config:rw
- /var/lib/mattermost/data:/mattermost/data:rw
- /var/lib/mattermost/logs:/mattermost/logs:rw
- /etc/localtime:/etc/localtime:ro
environment:
# use service's hostname
- DB_HOST=mm_db
# talk to the port within the overlay network
# without (over)exposing ports
- DB_PORT_NUMBER=5432
- MM_USERNAME=mmuser
- MM_PASSWORD=mmuser_password
- MM_DBNAME=mattermost
# pass the edition to be used, default is enterprise
# setting this env var will make the app use the team edition
- edition=team
# in case your config is not in default location
# - MM_CONFIG=/mattermost/config/config.json
deploy:
labels:
- "traefik.backend.loadbalancer.sticky=true"
- "traefik.backend.loadbalancer.swarm=true"
# the backend service needs a name
- "traefik.backend=mmapp"
# network is prefixed `mm_` as well
- "traefik.docker.network=mm_mm-out"
# generate a TLS cert for this domain
- "traefik.entrypoints=https"
- "traefik.frontend.passHostHeader=true"
# add your domain below here
- "traefik.frontend.rule=Host:mattermost.domain.com"
- "traefik.port=80"
restart_policy:
condition: on-failure
web:
# use official traefik image
image: traefik
ports:
- "80:80"
# you can view the traefik's dashboard in http://localhost:8080
- "8080:8080"
- "443:443"
networks:
- mm-out
command: --acme --acme.email="[ADD YOUR EMAIL HERE]" --acme.entrypoint=https --acme.onhostrule --acme.storage="acme/certs.json" --acme.acmelogging --web --docker --docker.domain=docker.localhost --docker.swarmmode --docker.watch --logLevel=DEBUG
volumes:
# traefik needs the docker socket in order to work properly
- /var/run/docker.sock:/var/run/docker.sock
# no traefik config file is being used
# you can deep further in the traefik docs
# http://docs.traefik.io/user-guide/examples/
- /dev/null:/traefik.toml
# use a named-volume for certs persistency
- traefik-certs:/acme
deploy:
restart_policy:
condition: on-failure