Commit ba659599 authored by Picasoft Registry's avatar Picasoft Registry
Browse files

Upgrade mattermost

parent 37550e51
......@@ -12,11 +12,13 @@ install:
- sleep 30
env:
- BUILD="docker-compose up -d"
- BUILD="docker run -d --name db -e POSTGRES_USER=mmuser -e POSTGRES_PASSWORD=mmuser_password -e POSTGRES_DB=mattermost mattermost-prod-db && sleep 5 && docker run -d --link db -p 80:80 --name app mattermost-prod-app"
- BUILD="mkdir -p ./volumes/app/mattermost/{data,logs,config} && docker-compose up -d"
- BUILD="docker run -d --name db -e POSTGRES_USER=mmuser -e POSTGRES_PASSWORD=mmuser_password -e POSTGRES_DB=mattermost mattermost-prod-db && sleep 5 && docker run -d --link db -p 80:8000 --name app mattermost-prod-app"
script:
- curl -sSf http://localhost > /dev/null
- docker ps -a | grep app | grep healthy
- docker ps -a | grep db | grep healthy
after_failure:
- timeout 3s docker-compose logs app db web
......@@ -16,8 +16,8 @@ The following instructions deploy Mattermost in a production configuration using
### Requirements
* [docker] (version `1.10.0+`)
* [docker-compose] (version `1.6.0+` to support Compose file version `2.0`)
* [docker] (version `1.12+`)
* [docker-compose] (version `1.10.0+` to support Compose file version `3.0`)
### Choose Edition to Install
......@@ -86,7 +86,10 @@ them you may generate a self-signed SSL certificate.
### Starting/Stopping Docker
#### Start
If you are running docker with non root user, make sure the UID and GID in app/Dockerfile are the same as your current UID/GID
```
mkdir -p ./volumes/app/mattermost/{data,logs,config}
chown -R 2000:2000 ./volumes/app/mattermost/
docker-compose start
```
......
......@@ -2,10 +2,13 @@ FROM alpine:3.6
# Some ENV variables
ENV PATH="/mattermost/bin:${PATH}"
ENV MM_VERSION=4.8.0
ENV MM_VERSION=4.9.0
# Build argument to set Mattermost edition
ARG edition=enterprise
ARG PUID=2000
ARG PGID=2000
# Install some needed packages
RUN apk add --no-cache \
......@@ -27,14 +30,24 @@ RUN mkdir -p /mattermost/data \
&& cp /mattermost/config/config.json /config.json.save \
&& rm -rf /mattermost/config/config.json
# Get ready for production
RUN addgroup -g ${PGID} mattermost \
&& adduser -D -u ${PUID} -G mattermost -h /mattermost -D mattermost \
&& chown -R mattermost:mattermost /mattermost /config.json.save
USER mattermost
#Healthcheck to make sure container is ready
HEALTHCHECK CMD curl --fail http://localhost:8000 || exit 1
# Configure entrypoint and command
COPY entrypoint.sh /
ENTRYPOINT ["/entrypoint.sh"]
WORKDIR /mattermost
CMD ["platform"]
# Expose port 80 of the container
EXPOSE 80
# Expose port 8000 of the container
EXPOSE 8000
# Use a volume for the data directory
VOLUME /mattermost/data
# Declare volumes for mount point directories
VOLUME ["/mattermost/data", "/mattermost/logs", "/mattermost/config"]
......@@ -35,7 +35,7 @@ if [ "$1" = 'platform' ]; then
# Copy default configuration file
cp /config.json.save $MM_CONFIG
# Substitue some parameters with jq
jq '.ServiceSettings.ListenAddress = ":80"' $MM_CONFIG > $MM_CONFIG.tmp && mv $MM_CONFIG.tmp $MM_CONFIG
jq '.ServiceSettings.ListenAddress = ":8000"' $MM_CONFIG > $MM_CONFIG.tmp && mv $MM_CONFIG.tmp $MM_CONFIG
jq '.LogSettings.EnableConsole = false' $MM_CONFIG > $MM_CONFIG.tmp && mv $MM_CONFIG.tmp $MM_CONFIG
jq '.LogSettings.ConsoleLevel = "INFO"' $MM_CONFIG > $MM_CONFIG.tmp && mv $MM_CONFIG.tmp $MM_CONFIG
jq '.FileSettings.Directory = "/mattermost/data/"' $MM_CONFIG > $MM_CONFIG.tmp && mv $MM_CONFIG.tmp $MM_CONFIG
......
# This file allows you to run mattermost within your docker swarm mode cluster
# for more informations check: https://docs.docker.com/engine/swarm/
#
# Simply run:
#
# `docker stack up [STACK NAME] -c docker-stack-traefik.yml`
#
# In this case `mm` is going to be stack name, so the command will be:
#
# `docker stack up mm -c docker-stack-traefik.yml`
#
# From now on all the services that belong to this stack will be prefixed with `mm_`
# this file defines 3 services, these are going to be mm_db, mm_app and mm_web,
# each of these names is the service's hostname as well, they can communicate
# with each other easily by using the hostname instead of the ip or exposing ports to the host.
#
# As a side note, images tagged as latest are pulled by default,
# that means there's no need to use `image:latest`
#
# use latest compose v3.3 file format for optimal compatibility with latest docker release and swarm features.
# see https://docs.docker.com/compose/compose-file/compose-versioning/#version-3
# and https://docs.docker.com/compose/compose-file/compose-versioning/#version-33
# and https://docs.docker.com/compose/compose-file/compose-versioning/#upgrading
version: '3.3'
networks:
# network for App <-> DB transactions
mm-in:
driver: overlay
internal: true
# this network faces the outside world
mm-out:
driver: overlay
internal: false
volumes:
mm-dbdata:
traefik-certs:
services:
db:
# use official mattermost prod-db image
image: mattermost/mattermost-prod-db
networks:
- mm-in
volumes:
# use a named-volume for data persistency
- mm-dbdata:/var/lib/postgresql/data
- /etc/localtime:/etc/localtime:ro
environment:
- POSTGRES_USER=mmuser
- POSTGRES_PASSWORD=mmuser_password
- POSTGRES_DB=mattermost
# uncomment the following to enable backup
# - AWS_ACCESS_KEY_ID=XXXX
# - AWS_SECRET_ACCESS_KEY=XXXX
# - WALE_S3_PREFIX=s3://BUCKET_NAME/PATH
# - AWS_REGION=us-east-1
deploy:
restart_policy:
condition: on-failure
app:
# use official mattermost prod-app image
image: mattermost/mattermost-prod-app
networks:
- mm-in
- mm-out
volumes:
- /var/lib/mattermost/config:/mattermost/config:rw
- /var/lib/mattermost/data:/mattermost/data:rw
- /var/lib/mattermost/logs:/mattermost/logs:rw
- /etc/localtime:/etc/localtime:ro
environment:
# use service's hostname
- DB_HOST=mm_db
# talk to the port within the overlay network
# without (over)exposing ports
- DB_PORT_NUMBER=5432
- MM_USERNAME=mmuser
- MM_PASSWORD=mmuser_password
- MM_DBNAME=mattermost
# pass the edition to be used, default is enterprise
# setting this env var will make the app use the team edition
- edition=team
# in case your config is not in default location
# - MM_CONFIG=/mattermost/config/config.json
deploy:
labels:
- "traefik.backend.loadbalancer.sticky=true"
- "traefik.backend.loadbalancer.swarm=true"
# the backend service needs a name
- "traefik.backend=mmapp"
# network is prefixed `mm_` as well
- "traefik.docker.network=mm_mm-out"
# generate a TLS cert for this domain
- "traefik.entrypoints=https"
- "traefik.frontend.passHostHeader=true"
# add your domain below here
- "traefik.frontend.rule=Host:mattermost.domain.com"
- "traefik.port=80"
restart_policy:
condition: on-failure
web:
# use official traefik image
image: traefik
ports:
- "80:80"
# you can view the traefik's dashboard in http://localhost:8080
- "8080:8080"
- "443:443"
networks:
- mm-out
command: --acme --acme.email="[ADD YOUR EMAIL HERE]" --acme.entrypoint=https --acme.onhostrule --acme.storage="acme/certs.json" --acme.acmelogging --web --docker --docker.domain=docker.localhost --docker.swarmmode --docker.watch --logLevel=DEBUG
volumes:
# traefik needs the docker socket in order to work properly
- /var/run/docker.sock:/var/run/docker.sock
# no traefik config file is being used
# you can deep further in the traefik docs
# http://docs.traefik.io/user-guide/examples/
- /dev/null:/traefik.toml
# use a named-volume for certs persistency
- traefik-certs:/acme
deploy:
restart_policy:
condition: on-failure
\ No newline at end of file
......@@ -10,15 +10,20 @@ RUN apk add --no-cache \
libffi-dev \
linux-headers \
python-dev \
py-pip \
py-cryptography \
&& curl --silent --show-error --retry 5 https://bootstrap.pypa.io/get-pip.py | python \
&& pip --no-cache-dir install 'wal-e<1.0.0' envdir \
&& rm -rf /var/cache/apk/* /tmp/* /var/tmp/*
# Add wale script
COPY setup-wale.sh /docker-entrypoint-initdb.d/
#Healthcheck to make sure container is ready
HEALTHCHECK CMD pg_isready -U postgres || exit 1
# Add and configure entrypoint and command
COPY entrypoint.sh /
ENTRYPOINT ["/entrypoint.sh"]
CMD ["postgres"]
VOLUME ["/var/run/postgresql", "/usr/share/postgresql/", "/var/lib/postgresql/data", "/tmp"]
......@@ -4,6 +4,7 @@ services:
db:
build: db
read_only: true
restart: unless-stopped
volumes:
- ./volumes/db/var/lib/postgresql/data:/var/lib/postgresql/data
......@@ -21,9 +22,11 @@ services:
app:
build:
context: app
# comment out 2 following lines for team edition
# comment out following lines for team edition or change UID/GID
args:
- edition=team
# - PUID=1000
# - PGID=1000
restart: unless-stopped
volumes:
- ./volumes/app/mattermost/config:/mattermost/config:rw
......@@ -43,6 +46,7 @@ services:
ports:
- "80:80"
- "443:443"
read_only: true
restart: unless-stopped
volumes:
# This directory must have cert files if you want to enable SSL
......
FROM nginx:mainline-alpine
# Remove default configuration and add our custom Nginx configuration files
RUN rm /etc/nginx/conf.d/default.conf
COPY ./mattermost /etc/nginx/sites-available/
COPY ./mattermost-ssl /etc/nginx/sites-available/
RUN rm /etc/nginx/conf.d/default.conf \
&& apk add --no-cache curl
COPY ["./mattermost", "./mattermost-ssl", "/etc/nginx/sites-available/"]
COPY ./security.conf /etc/nginx/conf.d/
# Add and setup entrypoint
COPY entrypoint.sh /
#Healthcheck to make sure container is ready
HEALTHCHECK CMD curl --fail http://localhost:80 || exit 1
ENTRYPOINT ["/entrypoint.sh"]
VOLUME ["/var/run", "/etc/nginx/conf.d/", "/var/cache/nginx/"]
......@@ -2,7 +2,7 @@
# Define default value for app container hostname and port
APP_HOST=${APP_HOST:-app}
APP_PORT_NUMBER=${APP_PORT_NUMBER:-80}
APP_PORT_NUMBER=${APP_PORT_NUMBER:-8000}
# Check if SSL should be enabled (if certificates exists)
if [ -f "/cert/cert.pem" -a -f "/cert/key-no-password.pem" ]; then
......
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment