diff --git a/mattermost/MAINTENANCE.md b/mattermost/MAINTENANCE.md
index f47c3c31c85cb2aa65a26a94426d4ab7dcd51195..b6d7ac2b9e2ac67a0abb510a989a2bb4f8715431 100644
--- a/mattermost/MAINTENANCE.md
+++ b/mattermost/MAINTENANCE.md
@@ -19,6 +19,7 @@ The following people help to maintain this open source project:
| Current Maintainer(s) | Start Date |
|:-----------------------|:--------------|
| Pan Luo - @xcompass | Nov 30 2015 |
+| Kyâne Pichou - @pichouk| Jun 01 2017 |
In case something happens where no maintainers are able to complete their responsibilies, the following sponsoring organization can help find a new maintainer:
diff --git a/mattermost/README.md b/mattermost/README.md
index 441626c6c1321c7e4d1adeb2b86636aff653b3cc..35de761326adbe9a2d660632878edecf7f2c794f 100644
--- a/mattermost/README.md
+++ b/mattermost/README.md
@@ -5,8 +5,9 @@ This project enables deployment of a Mattermost server in a multi-node productio
[](https://travis-ci.org/mattermost/mattermost-docker)
Notes:
-- The default Mattermost edition for this repo has changed from team edition to enterprise edition. Please see [Choose Edition](#choose-edition-to-install) section.
-- To install this Docker project on AWS Elastic Beanstalk please see [AWS Elastic Beanstalk Guide](./README.aws.md).
+- The default Mattermost edition for this repo has changed from Team Edition to Enterprise Edition. Please see [Choose Edition](#choose-edition-to-install) section.
+- To install this Docker project on AWS Elastic Beanstalk please see [AWS Elastic Beanstalk Guide](contrib/aws/README.md).
+- To run Mattermost on Kubernetes you can start with the [manifest examples in the kubernetes folder](contrib/kubernetes/README.md)
- To install Mattermost without Docker directly onto a Linux-based operating systems, please see [Admin Guide](https://docs.mattermost.com/guides/administrator.html#installing-mattermost).
## Installation using Docker Compose
@@ -20,140 +21,121 @@ The following instructions deploy Mattermost in a production configuration using
### Choose Edition to Install
-If you want to install enterprise edition, you can skip this section.
+If you want to install Enterprise Edition, you can skip this section.
-To install the team edition, comment out the following line in docker-compose.yaml file:
-
- ```
- dockerfile: Dockerfile-enterprise
- ```
-
-### Database
-
-Make sure to set the appropriate values for `MM_USERNAME`, `MM_PASSWORD` and `MM_DBNAME`.
-
-### Install with SSL certificate
-
-1. Put your SSL certificate as `./volumes/web/cert/cert.pem` and the private key that has
- no password as `./volumes/web/cert/key-no-password.pem`. If you don't have
- them you may generate a self-signed SSL certificate.
-
-2. Build and run mattermost
-
- ```
- docker-compose up -d
- ```
-
-3. Open `https://your.domain` with your web browser.
-
-### Install without SSL certificate
-
-1. Build and run mattermost
-
- ```
- docker-compose up -d
- ```
-
-2. Open `http://your.domain` with your web browser.
-
-## Starting/Stopping
-
-### Start
-
- docker-compose start
-
-### Stop
+To install the Team Edition, comment out the following line in docker-compose.yaml file:
+```
+dockerfile: Dockerfile-enterprise
+```
- docker-compose stop
+### Database container
+This repository offer a Docker image for the Mattermost database. It is a customized PostgreSQL image that you should configure with following environment variables :
+* `POSTGRES_USER`: database username
+* `POSTGRES_PASSWORD`: database password
+* `POSTGRES_DB`: database name
-### Update
+#### AWS
+If deploying to AWS, you could also set following variables to enable [Wal-E](https://github.com/wal-e/wal-e) backup to S3 :
+* `AWS_ACCESS_KEY_ID`: AWS access key
+* `AWS_SECRET_ACCESS_KEY`: AWS secret
+* `WALE_S3_PREFIX`: AWS s3 bucket name
+* `AWS_REGION`: AWS region
-Make sure to backup Mattermost data before proceeding.
+All four environment variables are required. It will enable completed WAL segments sent to archive storage (S3). The base backup and clean up can be done through the following command:
+```bash
+# Base backup
+docker exec mattermost-db su - postgres sh -c "/usr/bin/envdir /etc/wal-e.d/env /usr/local/bin/wal-e backup-push /var/lib/postgresql/data"
+# Keep the most recent 7 base backups and remove the old ones
+docker exec mattermost-db su - postgres sh -c "/usr/bin/envdir /etc/wal-e.d/env /usr/local/bin/wal-e delete --confirm retain 7"
+```
+Those tasks can be executed through a cron job or systemd timer.
- docker-compose down
- git pull
- docker-compose build
- docker-compose up -d
+### Application container
+Application container run the Mattermost application. You should configure it with following environment variables :
+* `MM_USERNAME`: database username
+* `MM_PASSWORD`: database password
+* `MM_DBNAME`: database name
-## Removing
+If your database use some custom host and port, it is also possible to configure them :
+* `DB_HOST`: database host address
+* `DB_PORT_NUMBER`: database port
-### Remove the containers
+If you use a Mattermost configuration file on a different location than the default one (`/mattermost/config/config.json`) :
+* `MM_CONFIG`: configuration file location inside the container.
- docker-compose stop && docker-compose rm
+If you choose to use MySQL instead of PostgreSQL, you should set a different datasource :
+* `MM_SQLSETTINGS_DATASOURCE` : `"$MM_USERNAME:$MM_PASSWORD@tcp($DB_HOST:$DB_PORT_NUMBER)/$MM_DBNAME?charset=utf8mb4,utf8&readTimeout=30s&writeTimeout=30s"`
-### Remove the data and settings of your mattermost instance
+### Web server container
+This image is optional, you should not use it you have your own reverse-proxy. It is a simple front Web server for the Mattermost app container.
+* `MATTERMOST_ENABLE_SSL`: whether to enable SSL
+* `PLATFORM_PORT_80_TCP_PORT`: port that Mattermost image is listening on
- sudo rm -rf volumes
+#### Install with SSL certificate
+Put your SSL certificate as `./volumes/web/cert/cert.pem` and the private key that has
+no password as `./volumes/web/cert/key-no-password.pem`. If you don't have
+them you may generate a self-signed SSL certificate.
-## Database Backup
+### Starting/Stopping Docker
-When AWS S3 environment variables are specified on db docker container, it enables [Wal-E](https://github.com/wal-e/wal-e) backup to S3.
+#### Start
+```
+docker-compose start
+```
-```bash
-docker run -d --name mattermost-db \
- -e AWS_ACCESS_KEY_ID=XXXX \
- -e AWS_SECRET_ACCESS_KEY=XXXX \
- -e WALE_S3_PREFIX=s3://BUCKET_NAME/PATH \
- -e AWS_REGION=us-east-1
- -v ./volumes/db/var/lib/postgresql/data:/var/lib/postgresql/data
- -v /etc/localtime:/etc/localtime:ro
- db
+#### Stop
+```
+docker-compose stop
```
-All four environment variables are required. It will enable completed WAL segments sent to archive storage (S3). The base backup and clean up can be done through the following command:
+### Removing Docker
-```bash
-# base backup
-docker exec mattermost-db su - postgres sh -c "/usr/bin/envdir /etc/wal-e.d/env /usr/local/bin/wal-e backup-push /var/lib/postgresql/data"
-# keep the most recent 7 base backups and remove the old ones
-docker exec mattermost-db su - postgres sh -c "/usr/bin/envdir /etc/wal-e.d/env /usr/local/bin/wal-e delete --confirm retain 7"
+#### Remove the containers
+```
+docker-compose stop && docker-compose rm
```
-Those tasks can be executed through a cron job or systemd timer.
-## Customization
+#### Remove the data and settings of your Mattermost instance
+```
+sudo rm -rf volumes
+```
-Customization can be done through environment variables.
+## Update Mattermost to latest version
-### Mattermost App Image
+First, shutdown your containers to back up your data.
-* MM_USERNAME: database username, must be the same as one in DB image
-* MM_PASSWORD: database password, must be the same as one in DB image
-* MM_DBNAME: database name, must be the same as one in DB image
-* DB_HOST: database host address
-* DB_PORT_5432_TCP_PORT: database port
-* MM_CONFIG: configuration file location. It can be used when config is mounted in a different location.
+```
+docker-compose down
+```
-### Mattermost DB Image
+Back up your mounted volumes to save your data. If you use the default `docker-compose.yml` file proposed on this repository, your data is on `./volumes/` folder.
-* MM_USERNAME: database username, must be the same as on in App image
-* MM_PASSWORD: database password, must be the same as on in App image
-* MM_DBNAME: database name, must be the same as on in App image
-* AWS_ACCESS_KEY_ID: aws access key, used for db backup
-* AWS_SECRET_ACCESS_KEY: aws secret, used for db backup
-* WALE_S3_PREFIX: aws s3 bucket name, used for db backup
-* AWS_REGION: aws region, used for db backup
+Then run the following commands.
-### Mattermost Web Image
+```
+git pull
+docker-compose build
+docker-compose up -d
+```
-* MATTERMOST_ENABLE_SSL: whether to enable SSL
-* PLATFORM_PORT_80_TCP_PORT: port that Mattermost image is listening on
+Your Docker image should now be on the latest Mattermost version.
## Upgrading to Team Edition 3.0.x from 2.x
-You need to migrate your database before upgrading mattermost to 3.0.x from
-2.x. Run these commands in the latest mattermost-docker directory.
-
- docker-compose rm -f app
- docker-compose build app
- docker-compose run app -upgrade_db_30
- docker-compose up -d
-
+You need to migrate your database before upgrading Mattermost to `3.0.x` from
+`2.x`. Run these commands in the latest `mattermost-docker` directory.
+```
+docker-compose rm -f app
+docker-compose build app
+docker-compose run app -upgrade_db_30
+docker-compose up -d
+```
See the [offical Upgrade Guide](http://docs.mattermost.com/administration/upgrade.html) for more details.
## Known Issues
* Do not modify the Listen Address in Service Settings.
-* Rarely 'app' container fails to start because of "connection refused" to
+* Rarely `app` container fails to start because of "connection refused" to
database. Workaround: Restart the container.
## More information
@@ -161,9 +143,7 @@ See the [offical Upgrade Guide](http://docs.mattermost.com/administration/upgrad
If you want to know how to use docker-compose, see [the overview
page](https://docs.docker.com/compose).
-If you want to run Mattermost on Kubernetes you can start with the [manifest examples in the kubernetes folder](contrib/kubernetes/README.md)
-
-For the server configurations, see [prod-ubuntu.rst] of mattermost.
+For the server configurations, see [prod-ubuntu.rst] of Mattermost.
[docker]: http://docs.docker.com/engine/installation/
[docker-compose]: https://docs.docker.com/compose/install/
diff --git a/mattermost/app/Dockerfile b/mattermost/app/Dockerfile
index d358fd63d6eb0a7a7608ee8625b0e94106c23470..d0cd167c2a67ba5778a10d46eedf99d8721f116f 100644
--- a/mattermost/app/Dockerfile
+++ b/mattermost/app/Dockerfile
@@ -1,18 +1,26 @@
FROM ubuntu:14.04
+# Some ENV variables
ENV PATH="/mattermost/bin:${PATH}"
-
-RUN apt-get update && apt-get -y install curl netcat
-RUN mkdir -p /mattermost/data
-
-ENV MM_VERSION=3.8.2
-
-RUN curl https://releases.mattermost.com/$MM_VERSION/mattermost-team-$MM_VERSION-linux-amd64.tar.gz | tar -xvz
-
-RUN rm /mattermost/config/config.json
-COPY config.template.json /
-
+ENV MM_VERSION=4.2.0
+
+# Install some needed packages
+RUN apt-get update \
+ && apt-get -y install \
+ curl \
+ jq \
+ netcat \
+ && rm -rf /var/lib/apt/lists/*
+
+# Prepare Mattermost
+RUN mkdir -p /mattermost/data \
+ && curl https://releases.mattermost.com/$MM_VERSION/mattermost-team-$MM_VERSION-linux-amd64.tar.gz | tar -xvz \
+ && cp /mattermost/config/config.json /config.json.save \
+ && rm -rf /mattermost/config/config.json
+
+# Configure entrypoint
COPY docker-entry.sh /
+# Set permission (TODO should be removed and replace by a chmod on the file in the repository ?)
RUN chmod +x /docker-entry.sh
ENTRYPOINT ["/docker-entry.sh"]
diff --git a/mattermost/app/Dockerfile-enterprise b/mattermost/app/Dockerfile-enterprise
index da9a5222cf624e736456de7b9af929ff1c6e3316..1926dd5472f5d2a5e8cd74720038fc3883dac030 100644
--- a/mattermost/app/Dockerfile-enterprise
+++ b/mattermost/app/Dockerfile-enterprise
@@ -1,18 +1,26 @@
FROM ubuntu:14.04
+# Some ENV variables
ENV PATH="/mattermost/bin:${PATH}"
-
-RUN apt-get update && apt-get -y install curl netcat
-RUN mkdir -p /mattermost/data
-
-ENV MM_VERSION=3.8.2
-
-RUN curl https://releases.mattermost.com/$MM_VERSION/mattermost-$MM_VERSION-linux-amd64.tar.gz | tar -xvz
-
-RUN rm /mattermost/config/config.json
-COPY config.template.json /
-
+ENV MM_VERSION=4.2.0
+
+# Install some needed packages
+RUN apt-get update \
+ && apt-get -y install \
+ curl \
+ jq \
+ netcat \
+ && rm -rf /var/lib/apt/lists/*
+
+# Prepare Mattermost
+RUN mkdir -p /mattermost/data \
+ && curl https://releases.mattermost.com/$MM_VERSION/mattermost-$MM_VERSION-linux-amd64.tar.gz | tar -xvz \
+ && cp /mattermost/config/config.json /config.json.save \
+ && rm -rf /mattermost/config/config.json
+
+# Configure entrypoint
COPY docker-entry.sh /
+# Set permission (TODO should be removed and replace by a chmod on the file in the repository ?)
RUN chmod +x /docker-entry.sh
ENTRYPOINT ["/docker-entry.sh"]
diff --git a/mattermost/app/config.template.json b/mattermost/app/config.template.json
deleted file mode 100644
index 70af3ec167c0c17b076fe5b030a3355f873505bc..0000000000000000000000000000000000000000
--- a/mattermost/app/config.template.json
+++ /dev/null
@@ -1,95 +0,0 @@
-{
- "ServiceSettings": {
- "ListenAddress": ":80",
- "MaximumLoginAttempts": 10,
- "SegmentDeveloperKey": "",
- "GoogleDeveloperKey": "",
- "EnableOAuthServiceProvider": false,
- "EnableIncomingWebhooks": false,
- "EnableOutgoingWebhooks": false,
- "EnablePostUsernameOverride": false,
- "EnablePostIconOverride": false,
- "EnableTesting": false,
- "EnableSecurityFixAlert": true
- },
- "TeamSettings": {
- "SiteName": "Mattermost",
- "MaxUsersPerTeam": 50,
- "EnableTeamCreation": true,
- "EnableUserCreation": true,
- "RestrictCreationToDomains": "",
- "RestrictTeamNames": true,
- "EnableTeamListing": false
- },
- "SqlSettings": {
- "DriverName": "postgres",
- "DataSource": "postgres://MM_USERNAME:MM_PASSWORD@DB_HOST:DB_PORT/MM_DBNAME?sslmode=disable&connect_timeout=10",
- "DataSourceReplicas": [],
- "MaxIdleConns": 10,
- "MaxOpenConns": 10,
- "Trace": false,
- "AtRestEncryptKey": "7rAh6iwQCkV4cA1Gsg3fgGOXJAQ43QVg"
- },
- "LogSettings": {
- "EnableConsole": false,
- "ConsoleLevel": "INFO",
- "EnableFile": true,
- "FileLevel": "INFO",
- "FileFormat": "",
- "FileLocation": ""
- },
- "FileSettings": {
- "DriverName": "local",
- "Directory": "/mattermost/data/",
- "EnablePublicLink": true,
- "PublicLinkSalt": "A705AklYF8MFDOfcwh3I488G8vtLlVip",
- "ThumbnailWidth": 120,
- "ThumbnailHeight": 100,
- "PreviewWidth": 1024,
- "PreviewHeight": 0,
- "ProfileWidth": 128,
- "ProfileHeight": 128,
- "InitialFont": "luximbi.ttf",
- "AmazonS3AccessKeyId": "",
- "AmazonS3SecretAccessKey": "",
- "AmazonS3Bucket": "",
- "AmazonS3Region": ""
- },
- "EmailSettings": {
- "EnableSignUpWithEmail": true,
- "SendEmailNotifications": false,
- "RequireEmailVerification": false,
- "FeedbackName": "",
- "FeedbackEmail": "",
- "SMTPUsername": "",
- "SMTPPassword": "",
- "SMTPServer": "",
- "SMTPPort": "",
- "ConnectionSecurity": "",
- "InviteSalt": "bjlSR4QqkXFBr7TP4oDzlfZmcNuH9YoS",
- "PasswordResetSalt": "vZ4DcKyVVRlKHHJpexcuXzojkE5PZ5eL",
- "ApplePushServer": "",
- "ApplePushCertPublic": "",
- "ApplePushCertPrivate": ""
- },
- "RateLimitSettings": {
- "EnableRateLimiter": true,
- "PerSec": 10,
- "MemoryStoreSize": 10000,
- "VaryByRemoteAddr": true,
- "VaryByHeader": ""
- },
- "PrivacySettings": {
- "ShowEmailAddress": true,
- "ShowFullName": true
- },
- "GitLabSettings": {
- "Enable": false,
- "Secret": "",
- "Id": "",
- "Scope": "",
- "AuthEndpoint": "",
- "TokenEndpoint": "",
- "UserApiEndpoint": ""
- }
-}
diff --git a/mattermost/app/docker-entry.sh b/mattermost/app/docker-entry.sh
index 7a78314e69f5f58bf9776fffe93008ebc69965a9..4b67798b192a850a16e104e74062e56cbafe9efa 100644
--- a/mattermost/app/docker-entry.sh
+++ b/mattermost/app/docker-entry.sh
@@ -1,11 +1,15 @@
#!/bin/bash
+generate_salt() {
+ cat /dev/urandom | tr -dc 'a-zA-Z0-9' | fold -w 48 | head -n 1
+}
+
DB_HOST=${DB_HOST:-db}
-DB_PORT_5432_TCP_PORT=${DB_PORT_5432_TCP_PORT:-5432}
+DB_PORT_NUMBER=${DB_PORT_NUMBER:-5432}
MM_USERNAME=${MM_USERNAME:-mmuser}
MM_PASSWORD=${MM_PASSWORD:-mmuser_password}
MM_DBNAME=${MM_DBNAME:-mattermost}
-MM_CONFIG=/mattermost/config/config.json
+MM_CONFIG=${MM_CONFIG:-/mattermost/config/config.json}
if [ "${1:0:1}" = '-' ]; then
set -- platform "$@"
@@ -20,24 +24,44 @@ if [ "$1" = 'platform' ]; then
esac
done
- echo "Using config file" $MM_CONFIG
- echo -ne "Configure database connection..."
if [ ! -f $MM_CONFIG ]
then
- cp /config.template.json $MM_CONFIG
- sed -Ei "s/DB_HOST/$DB_HOST/" $MM_CONFIG
- sed -Ei "s/DB_PORT/$DB_PORT_5432_TCP_PORT/" $MM_CONFIG
- sed -Ei "s/MM_USERNAME/$MM_USERNAME/" $MM_CONFIG
- sed -Ei "s/MM_PASSWORD/$MM_PASSWORD/" $MM_CONFIG
- sed -Ei "s/MM_DBNAME/$MM_DBNAME/" $MM_CONFIG
- echo OK
+ echo "No configuration file" $MM_CONFIG
+ echo "Creating a new one"
+ # Copy default configuration file
+ cp /config.json.save $MM_CONFIG
+ # Substitue some parameters with jq
+ jq '.ServiceSettings.ListenAddress = ":80"' $MM_CONFIG > $MM_CONFIG.tmp && mv $MM_CONFIG.tmp $MM_CONFIG
+ jq '.LogSettings.EnableConsole = false' $MM_CONFIG > $MM_CONFIG.tmp && mv $MM_CONFIG.tmp $MM_CONFIG
+ jq '.LogSettings.ConsoleLevel = "INFO"' $MM_CONFIG > $MM_CONFIG.tmp && mv $MM_CONFIG.tmp $MM_CONFIG
+ jq '.FileSettings.Directory = "/mattermost/data/"' $MM_CONFIG > $MM_CONFIG.tmp && mv $MM_CONFIG.tmp $MM_CONFIG
+ jq '.FileSettings.EnablePublicLink = true' $MM_CONFIG > $MM_CONFIG.tmp && mv $MM_CONFIG.tmp $MM_CONFIG
+ jq '.FileSettings.PublicLinkSalt = "'$(generate_salt)'"' $MM_CONFIG > $MM_CONFIG.tmp && mv $MM_CONFIG.tmp $MM_CONFIG
+ jq '.EmailSettings.SendEmailNotifications = false' $MM_CONFIG > $MM_CONFIG.tmp && mv $MM_CONFIG.tmp $MM_CONFIG
+ jq '.EmailSettings.FeedbackEmail = ""' $MM_CONFIG > $MM_CONFIG.tmp && mv $MM_CONFIG.tmp $MM_CONFIG
+ jq '.EmailSettings.SMTPServer = ""' $MM_CONFIG > $MM_CONFIG.tmp && mv $MM_CONFIG.tmp $MM_CONFIG
+ jq '.EmailSettings.SMTPPort = ""' $MM_CONFIG > $MM_CONFIG.tmp && mv $MM_CONFIG.tmp $MM_CONFIG
+ jq '.EmailSettings.InviteSalt = "'$(generate_salt)'"' $MM_CONFIG > $MM_CONFIG.tmp && mv $MM_CONFIG.tmp $MM_CONFIG
+ jq '.EmailSettings.PasswordResetSalt = "'$(generate_salt)'"' $MM_CONFIG > $MM_CONFIG.tmp && mv $MM_CONFIG.tmp $MM_CONFIG
+ jq '.RateLimitSettings.Enable = true' $MM_CONFIG > $MM_CONFIG.tmp && mv $MM_CONFIG.tmp $MM_CONFIG
+ jq '.SqlSettings.DriverName = "postgres"' $MM_CONFIG > $MM_CONFIG.tmp && mv $MM_CONFIG.tmp $MM_CONFIG
+ jq '.SqlSettings.AtRestEncryptKey = "'$(generate_salt)'"' $MM_CONFIG > $MM_CONFIG.tmp && mv $MM_CONFIG.tmp $MM_CONFIG
+ else
+ echo "Using existing config file" $MM_CONFIG
+ fi
+
+ if [ -z "$MM_SQLSETTINGS_DATASOURCE"]
+ then
+ echo -ne "Configure database connection..."
+ export MM_SQLSETTINGS_DATASOURCE="postgres://$MM_USERNAME:$MM_PASSWORD@$DB_HOST:$DB_PORT_NUMBER/$MM_DBNAME?sslmode=disable&connect_timeout=10"
+ echo OK
else
- echo SKIP
+ echo "Using existing database connection"
fi
- echo "Wait until database $DB_HOST:$DB_PORT_5432_TCP_PORT is ready..."
- until nc -z $DB_HOST $DB_PORT_5432_TCP_PORT
+ echo "Wait until database $DB_HOST:$DB_PORT_NUMBER is ready..."
+ until nc -z $DB_HOST $DB_PORT_NUMBER
do
sleep 1
done
diff --git a/mattermost/Dockerrun.aws.json b/mattermost/contrib/aws/Dockerrun.aws.json
similarity index 55%
rename from mattermost/Dockerrun.aws.json
rename to mattermost/contrib/aws/Dockerrun.aws.json
index 49d4191d76aa8ad3b7556aa032039a1868322aa6..1a3da28e6a097ffeee4c912308772a164b0328b0 100644
--- a/mattermost/Dockerrun.aws.json
+++ b/mattermost/contrib/aws/Dockerrun.aws.json
@@ -13,14 +13,49 @@
"sourcePath": "/var/app/current/app/mattermost/data"
}
},
+ {
+ "name": "app-logs",
+ "host": {
+ "sourcePath": "/var/app/current/app/mattermost/logs"
+ }
+ },
{
"name": "db-data",
"host": {
"sourcePath": "/var/app/current/db/mattermost/var/lib/postgresql/data"
}
+ },
+ {
+ "name": "web-cert",
+ "host": {
+ "sourcePath": "/var/app/current/web/cert"
+ }
}
],
"containerDefinitions": [
+ {
+ "name": "db",
+ "image": "mattermost/mattermost-prod-db:latest",
+ "memory": 128,
+ "mountPoints": [
+ {
+ "sourceVolume": "db-data",
+ "containerPath": "/var/lib/postgresql/data"
+ }
+ ],
+ "environment": [
+ {
+ "name": "POSTGRES_USER",
+ "value": "mmuser"
+ }, {
+ "name": "POSTGRES_PASSWORD",
+ "value": "mmuser_password"
+ }, {
+ "name": "POSTGRES_DB",
+ "value": "mattermost"
+ }
+ ]
+ },
{
"name": "app",
"image": "mattermost/mattermost-prod-app:latest",
@@ -33,12 +68,10 @@
{
"sourceVolume": "app-data",
"containerPath": "/mattermost/data"
- }
- ],
- "portMappings": [
+ },
{
- "hostPort": 80,
- "containerPort": 80
+ "sourceVolume": "app-logs",
+ "containerPath": "/mattermost/logs"
}
],
"links": [
@@ -46,14 +79,27 @@
]
},
{
- "name": "db",
- "image": "mattermost/mattermost-prod-db:latest",
+ "name": "web",
+ "image": "mattermost/mattermost-prod-web:latest",
"memory": 128,
"mountPoints": [
{
- "sourceVolume": "db-data",
- "containerPath": "/var/lib/postgresql/data"
+ "sourceVolume": "web-cert",
+ "containerPath": "/cert"
}
+ ],
+ "portMappings": [
+ {
+ "hostPort": 80,
+ "containerPort": 80
+ },
+ {
+ "hostPort": 443,
+ "containerPort": 443
+ }
+ ],
+ "links": [
+ "app"
]
}
]
diff --git a/mattermost/README.aws.md b/mattermost/contrib/aws/README.md
similarity index 100%
rename from mattermost/README.aws.md
rename to mattermost/contrib/aws/README.md
diff --git a/mattermost/db/Dockerfile b/mattermost/db/Dockerfile
index 4d707d28ca878df39ca93bdff2cab4974e9c7ceb..4cdb27225b5f4967bba7274400e8b76c3cc452b2 100644
--- a/mattermost/db/Dockerfile
+++ b/mattermost/db/Dockerfile
@@ -1,7 +1,7 @@
FROM postgres:9.4
RUN apt-get update \
- && apt-get install -y python-dev lzop pv daemontools curl build-essential \
+ && apt-get install -y python-dev libffi-dev libssl-dev lzop pv daemontools curl build-essential \
&& curl --silent --show-error --retry 5 https://bootstrap.pypa.io/get-pip.py | python \
&& pip install 'wal-e<1.0.0' \
&& apt-get remove -y build-essential python-dev \
diff --git a/mattermost/docker-compose-v1.yml b/mattermost/docker-compose-v1.yml
deleted file mode 100644
index 4f45ceeff7e35bdde3d71d8f846c8993309d203e..0000000000000000000000000000000000000000
--- a/mattermost/docker-compose-v1.yml
+++ /dev/null
@@ -1,48 +0,0 @@
-db:
- build: db
- restart: unless-stopped
- volumes:
- - ./volumes/db/var/lib/postgresql/data:/var/lib/postgresql/data
- - /etc/localtime:/etc/localtime:ro
- environment:
- - POSTGRES_USER=mmuser
- - POSTGRES_PASSWORD=mmuser_password
- - POSTGRES_DB=mattermost
- # uncomment the following to enable backup
- # - AWS_ACCESS_KEY_ID=XXXX
- # - AWS_SECRET_ACCESS_KEY=XXXX
- # - WALE_S3_PREFIX=s3://BUCKET_NAME/PATH
- # - AWS_REGION=us-east-1
- # in case your config is not in default location
- # - MM_CONFIG=/mattermost/config/config.jso
-app:
- build:
- context: app
- # comment out for team version
- dockerfile: Dockerfile-enterprise
- links:
- - db:db
- restart: unless-stopped
- volumes:
- - ./volumes/app/mattermost/config:/mattermost/config:rw
- - ./volumes/app/mattermost/data:/mattermost/data:rw
- - ./volumes/app/mattermost/logs:/mattermost/logs:rw
- - /etc/localtime:/etc/localtime:ro
- environment:
- # set same as db environment
- - MM_USERNAME=mmuser
- - MM_PASSWORD=mmuser_password
- - MM_DBNAME=mattermost
-
-web:
- build: web
- ports:
- - "80:80"
- - "443:443"
- links:
- - app:app
- restart: unless-stopped
- volumes:
- # This directory must have cert files
- - ./volumes/web/cert:/cert:ro
- - /etc/localtime:/etc/localtime:ro
diff --git a/mattermost/docker-compose.yml b/mattermost/docker-compose.yml
index b0197e984b83afeec78c2ca1644306bfb512d50e..3c6325f86db9be2cadbf991e6fcec838387e94ae 100644
--- a/mattermost/docker-compose.yml
+++ b/mattermost/docker-compose.yml
@@ -17,8 +17,6 @@ services:
# - AWS_SECRET_ACCESS_KEY=XXXX
# - WALE_S3_PREFIX=s3://BUCKET_NAME/PATH
# - AWS_REGION=us-east-1
- # in case your config is not in default location
- # - MM_CONFIG=/mattermost/config/config.jso
app:
build:
@@ -36,8 +34,10 @@ services:
- MM_USERNAME=mmuser
- MM_PASSWORD=mmuser_password
- MM_DBNAME=mattermost
- depends_on:
- - db
+ # in case your config is not in default location
+ #- MM_CONFIG=/mattermost/config/config.json
+ links:
+ - db:db
web:
build: web
@@ -49,5 +49,5 @@ services:
# This directory must have cert files
- ./volumes/web/cert:/cert:ro
- /etc/localtime:/etc/localtime:ro
- depends_on:
- - app
+ links:
+ - app:app
diff --git a/mattermost/web/mattermost b/mattermost/web/mattermost
index 0c428acb1559949c8d7db66a1a5e5feabd373c8d..ee9dc8d7f304caa3c7e6e5267ac27ae625436a2f 100644
--- a/mattermost/web/mattermost
+++ b/mattermost/web/mattermost
@@ -6,17 +6,34 @@ map $http_x_forwarded_proto $proxy_x_forwarded_proto {
server {
listen 80;
+ location ~ /api/v[0-9]+/(users/)?websocket$ {
+ proxy_set_header Upgrade $http_upgrade;
+ proxy_set_header Connection "upgrade";
+ client_max_body_size 50M;
+ proxy_set_header Host $http_host;
+ proxy_set_header X-Real-IP $remote_addr;
+ proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+ proxy_set_header X-Forwarded-Proto $proxy_x_forwarded_proto;
+ proxy_set_header X-Frame-Options SAMEORIGIN;
+ proxy_buffers 256 16k;
+ proxy_buffer_size 16k;
+ proxy_read_timeout 600s;
+ proxy_pass http://app:80;
+ }
+
location / {
- gzip off;
+ gzip on;
client_max_body_size 50M;
- proxy_set_header Upgrade $http_upgrade;
- proxy_set_header Connection "upgrade";
+ proxy_set_header Connection "";
proxy_set_header Host $http_host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $proxy_x_forwarded_proto;
proxy_set_header X-Frame-Options SAMEORIGIN;
+ proxy_buffers 256 16k;
+ proxy_buffer_size 16k;
+ proxy_read_timeout 600s;
proxy_pass http://app:80;
}
}
diff --git a/mattermost/web/mattermost-ssl b/mattermost/web/mattermost-ssl
index 101ab2e1ede0db7857453be4da07e687589a515c..1ef03b495c9257b305bb6bad5a4a308120463412 100644
--- a/mattermost/web/mattermost-ssl
+++ b/mattermost/web/mattermost-ssl
@@ -1,8 +1,9 @@
-# server {
-# listen 80;
-# server_name mattermost.example.com;
-# return 301 https://$server_name$request_uri;
-# }
+server {
+ listen 80 default_server;
+ listen [::]:80 default_server;
+ server_name _;
+ return 301 https://$host$request_uri;
+}
map $http_x_forwarded_proto $proxy_x_forwarded_proto {
default $http_x_forwarded_proto;
@@ -10,7 +11,7 @@ map $http_x_forwarded_proto $proxy_x_forwarded_proto {
}
server {
- listen 443;
+ listen 443 ssl http2;
ssl on;
ssl_certificate /cert/cert.pem;
@@ -20,18 +21,37 @@ server {
ssl_ciphers HIGH:MEDIUM:!SSLv2:!PSK:!SRP:!ADH:!AECDH;
ssl_prefer_server_ciphers on;
+ location ~ /api/v[0-9]+/(users/)?websocket$ {
+ proxy_set_header Upgrade $http_upgrade;
+ proxy_set_header X-Forwarded-Ssl on;
+ proxy_set_header Connection "upgrade";
+
+ client_max_body_size 50M;
+ proxy_set_header Host $http_host;
+ proxy_set_header X-Real-IP $remote_addr;
+ proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+ proxy_set_header X-Forwarded-Proto $proxy_x_forwarded_proto;
+ proxy_set_header X-Frame-Options SAMEORIGIN;
+ proxy_buffers 256 16k;
+ proxy_buffer_size 16k;
+ proxy_read_timeout 600s;
+ proxy_pass http://app:80;
+ }
+
location / {
- gzip off;
+ gzip on;
proxy_set_header X-Forwarded-Ssl on;
client_max_body_size 50M;
- proxy_set_header Upgrade $http_upgrade;
- proxy_set_header Connection "upgrade";
+ proxy_set_header Connection "";
proxy_set_header Host $http_host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $proxy_x_forwarded_proto;
proxy_set_header X-Frame-Options SAMEORIGIN;
+ proxy_buffers 256 16k;
+ proxy_buffer_size 16k;
+ proxy_read_timeout 600s;
proxy_pass http://app:80;
}
}