├── .gitignore ├── .dockerignore ├── entrypoint.sh ├── docker-compose.yml ├── Dockerfile ├── LICENSE ├── assets ├── build │ └── install.sh └── runtime │ ├── env-defaults │ ├── config │ └── config.json │ └── functions ├── CHANGELOG.md ├── samples └── nginx │ ├── docker-compose.yml │ └── mattermost.template └── README.md /.gitignore: -------------------------------------------------------------------------------- 1 | docker-compose.yml 2 | -------------------------------------------------------------------------------- /.dockerignore: -------------------------------------------------------------------------------- 1 | .git 2 | .gitignore 3 | LICENSE 4 | README.md 5 | CHANGELOG.md 6 | docker-compose.yml 7 | -------------------------------------------------------------------------------- /entrypoint.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | set -e 3 | source ${MATTERMOST_RUNTIME_DIR}/functions 4 | 5 | [[ $DEBUG == true ]] && set -x 6 | 7 | case ${1} in 8 | app:start) 9 | initialize 10 | configure 11 | migrate 12 | ./bin/platform -config ${MATTERMOST_CONF_DIR}/config.json 13 | ;; 14 | 15 | app:migrate) 16 | initialize 17 | configure 18 | migrate -interactive 19 | ;; 20 | 21 | app:help) 22 | echo "Available options:" 23 | echo " app:start - Starts the mattermost server (default)" 24 | echo " app:migrate - Interactively migrate the mattermost server" 25 | echo " app:help - Displays the help" 26 | echo " [command] - Execute the specified command, eg. bash." 27 | ;; 28 | 29 | *) 30 | exec "$@" 31 | ;; 32 | esac 33 | -------------------------------------------------------------------------------- /docker-compose.yml: -------------------------------------------------------------------------------- 1 | mysql: 2 | restart: always 3 | image: mysql:latest 4 | environment: 5 | - MYSQL_USER=mattermost 6 | - MYSQL_PASSWORD=password 7 | - MYSQL_DATABASE=mattermost 8 | - MYSQL_ROOT_PASSWORD=password 9 | volumes: 10 | - /srv/docker/mattermost/mysql:/var/lib/mysql 11 | 12 | mattermost: 13 | restart: always 14 | image: jasl8r/mattermost:3.4.0-1 15 | links: 16 | - mysql:mysql 17 | ports: 18 | - "8080:80" 19 | environment: 20 | - MATTERMOST_SECRET_KEY=long-and-random-alphanumeric-string 21 | - MATTERMOST_LINK_SALT=long-and-random-alphanumeric-string 22 | - MATTERMOST_RESET_SALT=long-and-random-alphanumeric-string 23 | - MATTERMOST_INVITE_SALT=long-and-random-alphanumeric-string 24 | volumes: 25 | - /srv/docker/mattermost/mattermost:/opt/mattermost/data 26 | -------------------------------------------------------------------------------- /Dockerfile: -------------------------------------------------------------------------------- 1 | FROM alpine:3.4 2 | MAINTAINER jasl8r@alum.wpi.edu 3 | 4 | ENV MATTERMOST_VERSION=3.5.1 \ 5 | MATTERMOST_HOME="/opt/mattermost" 6 | 7 | ENV MATTERMOST_DATA_DIR="${MATTERMOST_HOME}/data" \ 8 | MATTERMOST_BUILD_DIR="${MATTERMOST_HOME}/build" \ 9 | MATTERMOST_RUNTIME_DIR="${MATTERMOST_HOME}/runtime" \ 10 | MATTERMOST_INSTALL_DIR="${MATTERMOST_HOME}/mattermost" \ 11 | MATTERMOST_CONF_DIR="${MATTERMOST_HOME}/config" \ 12 | MATTERMOST_LOG_DIR="/var/log/mattermost" 13 | 14 | RUN apk --no-cache add bash gettext \ 15 | mysql-client postgresql-client \ 16 | ca-certificates 17 | 18 | COPY assets/build/ ${MATTERMOST_BUILD_DIR}/ 19 | RUN bash ${MATTERMOST_BUILD_DIR}/install.sh 20 | 21 | COPY assets/runtime/ ${MATTERMOST_RUNTIME_DIR}/ 22 | COPY entrypoint.sh /sbin/entrypoint.sh 23 | RUN chmod 755 /sbin/entrypoint.sh 24 | 25 | EXPOSE 80/tcp 26 | 27 | VOLUME ["${MATTERMOST_DATA_DIR}", "${MATTERMOST_LOG_DIR}"] 28 | WORKDIR ${MATTERMOST_INSTALL_DIR} 29 | ENTRYPOINT ["/sbin/entrypoint.sh"] 30 | CMD ["app:start"] 31 | -------------------------------------------------------------------------------- /LICENSE: -------------------------------------------------------------------------------- 1 | The MIT License (MIT) 2 | 3 | Copyright (c) 2014 Sameer Naik 4 | Copyright (c) 2016 Jeremy Slater 5 | 6 | Permission is hereby granted, free of charge, to any person obtaining a copy 7 | of this software and associated documentation files (the "Software"), to deal 8 | in the Software without restriction, including without limitation the rights 9 | to use, copy, modify, merge, publish, distribute, sublicense, and/or sell 10 | copies of the Software, and to permit persons to whom the Software is 11 | furnished to do so, subject to the following conditions: 12 | 13 | The above copyright notice and this permission notice shall be included in all 14 | copies or substantial portions of the Software. 15 | 16 | THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR 17 | IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, 18 | FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE 19 | AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER 20 | LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, 21 | OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE 22 | SOFTWARE. 23 | -------------------------------------------------------------------------------- /assets/build/install.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | set -e 3 | 4 | MATTERMOST_CLONE_URL=https://github.com/mattermost/platform.git 5 | 6 | export GOPATH=/opt/go 7 | MATTERMOST_BUILD_PATH=${GOPATH}/src/github.com/mattermost 8 | 9 | # install build dependencies 10 | apk --no-cache add --virtual build-dependencies \ 11 | curl go git mercurial nodejs make g++ 12 | 13 | go get github.com/tools/godep 14 | npm update npm --global 15 | 16 | # create build directories 17 | mkdir -p ${GOPATH} 18 | mkdir -p ${MATTERMOST_BUILD_PATH} 19 | cd ${MATTERMOST_BUILD_PATH} 20 | 21 | # install mattermost 22 | echo "Cloning Mattermost ${MATTERMOST_VERSION}..." 23 | git clone -q -b v${MATTERMOST_VERSION} --depth 1 ${MATTERMOST_CLONE_URL} 24 | 25 | echo "Building Mattermost..." 26 | cd platform 27 | sed -i.org 's/sudo //g' Makefile 28 | make build-linux BUILD_NUMBER=${MATTERMOST_VERSION} 29 | 30 | echo "Installing Mattermost..." 31 | cd ${MATTERMOST_HOME} 32 | curl -sSL https://releases.mattermost.com/${MATTERMOST_VERSION}/mattermost-team-${MATTERMOST_VERSION}-linux-amd64.tar.gz | tar -xvz 33 | cp ${GOPATH}/bin/platform ./mattermost/bin/platform 34 | 35 | # cleanup build dependencies, caches and artifacts 36 | apk del build-dependencies 37 | rm -rf ${GOPATH} 38 | rm -rf /tmp/npm* 39 | rm -rf /root/.npm 40 | rm -rf /root/.node-gyp 41 | rm -rf /usr/lib/go/pkg 42 | rm -rf /usr/lib/node_modules 43 | -------------------------------------------------------------------------------- /CHANGELOG.md: -------------------------------------------------------------------------------- 1 | # Changelog 2 | 3 | This file only reflects the changes that are made in this image. Please refer to 4 | the Mattermost [CHANGELOG](http://docs.mattermost.com/administration/changelog.html) 5 | for the list of changes in Mattermost. 6 | 7 | ## 3.5.1 8 | 9 | - mattermost 3.5.1 10 | 11 | ## 3.4.0-1 12 | 13 | - add error message to require upgrading to 3.0 or 3.1 before any higher version 14 | 15 | ## 3.4.0 16 | 17 | - mattermost 3.4.0 18 | - add `MATTERMOST_SITE_URL` and `MATTERMOST_ENABLE_EMAIL_BATCHING` variables 19 | - add `MATTERMOST_WEBSERVER_MODE` variable to control static file handling 20 | - add `MATTERMOST_ENABLE_CUSTOM_EMOJI` variable 21 | - add `MATTERMOST_RESTRICT_DIRECT_MESSAGE` variable 22 | 23 | ## 3.1.0 24 | 25 | - mattermost 3.1.0 26 | - add MATTERMOST_SERVER_LOCALE, MATTERMOST_CLIENT_LOCALE and MATTERMOST_LOCALES variables 27 | - add MATTERMOST_MAX_FILE_SIZE 28 | 29 | ## 3.0.2 30 | 31 | - mattermost 3.0.2 32 | - add version 3.0 migration solution, see [README](README.md) for details 33 | - remove `MATTERMOST_TEAM_DIRECTORY` 34 | - add `MATTERMOST_OPEN_SERVER` to enable user creation without an invite 35 | - add `MATTERMOST_PUSH_FULL_MESSAGE` to configure push notification content 36 | - use `MATTERMOST_EMAIL_SIGNIN` and `MATTERMOST_USERNAME_SIGNIN` variables 37 | 38 | ## 2.2.0 39 | 40 | - mattermost 2.2.0 41 | - change base image to alpine:3.3 42 | - remove embedded nginx server 43 | - add support for postgresql 44 | - add nginx container sample 45 | 46 | ## 2.1.0 47 | 48 | - mattermost 2.1.0 49 | - support gitlab integration 50 | - support most mattermost configuration parameters 51 | -------------------------------------------------------------------------------- /samples/nginx/docker-compose.yml: -------------------------------------------------------------------------------- 1 | mysql: 2 | restart: always 3 | image: mysql:latest 4 | environment: 5 | - MYSQL_USER=mattermost 6 | - MYSQL_PASSWORD=password 7 | - MYSQL_DATABASE=mattermost 8 | - MYSQL_ROOT_PASSWORD=password 9 | volumes: 10 | - /srv/docker/mattermost/mysql:/var/lib/mysql 11 | 12 | mattermost: 13 | restart: always 14 | image: jasl8r/mattermost:3.4.0-1 15 | links: 16 | - mysql:mysql 17 | environment: 18 | - MATTERMOST_SECRET_KEY=long-and-random-alphanumeric-string 19 | - MATTERMOST_LINK_SALT=long-and-random-alphanumeric-string 20 | - MATTERMOST_RESET_SALT=long-and-random-alphanumeric-string 21 | - MATTERMOST_INVITE_SALT=long-and-random-alphanumeric-string 22 | volumes: 23 | - /srv/docker/mattermost/mattermost:/opt/mattermost/data 24 | 25 | nginx: 26 | restart: always 27 | image: nginx:stable-alpine 28 | links: 29 | - mattermost:mattermost 30 | ports: 31 | - "8080:80" 32 | - "8443:443" 33 | environment: 34 | - NGINX_HOST=www.example.com 35 | volumes: 36 | - /srv/docker/mattermost/nginx/mattermost.template:/etc/nginx/conf.d/mattermost.template 37 | - /srv/docker/mattermost/nginx/mattermost.crt:/etc/nginx/mattermost.crt 38 | - /srv/docker/mattermost/nginx/mattermost.key:/etc/nginx/mattermost.key 39 | - /srv/docker/mattermost/nginx/dhparam.pem:/etc/nginx/dhparam.pem 40 | command: /bin/sh -c "envsubst '$$MATTERMOST_PORT_80_TCP_ADDR:$$NGINX_HOST' 41 | < /etc/nginx/conf.d/mattermost.template 42 | > /etc/nginx/conf.d/default.conf 43 | && nginx -g 'daemon off;'" 44 | -------------------------------------------------------------------------------- /samples/nginx/mattermost.template: -------------------------------------------------------------------------------- 1 | upstream mattermost { 2 | server ${MATTERMOST_PORT_80_TCP_ADDR}:80 fail_timeout=0; 3 | } 4 | 5 | server { 6 | listen 0.0.0.0:443 default_server; 7 | listen [::]:443 default_server; 8 | 9 | server_name ${NGINX_HOST}; ## Replace this with something like mattermost.example.com 10 | server_tokens off; ## Don't show the nginx version number, a security best practice 11 | 12 | ## Strong SSL Security 13 | ## https://raymii.org/s/tutorials/Strong_SSL_Security_On_nginx.html & https://cipherli.st/ 14 | ssl on; 15 | ssl_certificate /etc/nginx/mattermost.crt; 16 | ssl_certificate_key /etc/nginx/mattermost.key; 17 | ssl_ciphers 'EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH'; 18 | ssl_protocols TLSv1 TLSv1.1 TLSv1.2; 19 | ssl_prefer_server_ciphers on; 20 | ssl_session_cache shared:SSL:10m; 21 | ssl_session_timeout 5m; 22 | 23 | ssl_dhparam /etc/nginx/dhparam.pem; 24 | 25 | ## [Optional] If your certficate has OCSP, enable OCSP stapling to reduce the overhead and latency of running SSL. 26 | ## Replace with your ssl_trusted_certificate. For more info see: 27 | ## - https://medium.com/devops-programming/4445f4862461 28 | ## - https://www.ruby-forum.com/topic/4419319 29 | ## - https://www.digitalocean.com/community/tutorials/how-to-configure-ocsp-stapling-on-apache-and-nginx 30 | # ssl_stapling on; 31 | # ssl_stapling_verify on; 32 | # ssl_trusted_certificate /etc/nginx/ssl/stapling.trusted.crt; 33 | # resolver 208.67.222.222 208.67.222.220 valid=300s; # Can change to your DNS resolver if desired 34 | # resolver_timeout 5s; 35 | 36 | location / { 37 | client_max_body_size 0; 38 | gzip off; 39 | 40 | proxy_set_header Upgrade $http_upgrade; 41 | proxy_set_header Connection "upgrade"; 42 | proxy_set_header Host $http_host; 43 | proxy_set_header X-Real-IP $remote_addr; 44 | proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; 45 | proxy_set_header X-Forwarded-Proto $scheme; 46 | proxy_set_header X-Frame-Options SAMEORIGIN; 47 | proxy_pass http://mattermost; 48 | } 49 | } 50 | 51 | server { 52 | listen 0.0.0.0:80 default_server; 53 | listen [::]:80 default_server; 54 | 55 | server_name ${NGINX_HOST}; ## Replace this with something like mattermost.example.com 56 | server_tokens off; ## Don't show the nginx version number, a security best practice 57 | return 301 https://$server_name$request_uri; 58 | } 59 | -------------------------------------------------------------------------------- /assets/runtime/env-defaults: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | DEBUG=${DEBUG:-$DEBUG_ENTRYPOINT} 4 | 5 | MATTERMOST_NAME=${MATTERMOST_NAME:-Mattermost} 6 | 7 | # Migration settings 8 | MATTERMOST_MIGRATION_DEFAULT_TEAM=${MATTERMOST_MIGRATION_DEFAULT_TEAM:-} 9 | 10 | # Email settings 11 | MATTERMOST_ENABLE_EMAIL_SIGNUP=${MATTERMOST_ENABLE_EMAIL_SIGNUP:-true} 12 | MATTERMOST_SECRET_KEY=${MATTERMOST_SECRET_KEY:-} 13 | MATTERMOST_RESET_SALT=${MATTERMOST_RESET_SALT:-} 14 | MATTERMOST_INVITE_SALT=${MATTERMOST_INVITE_SALT:-} 15 | 16 | # Service settings 17 | MATTERMOST_SITE_URL=${MATTERMOST_SITE_URL:-} 18 | MATTERMOST_MAX_LOGIN_ATTEMPTS=${MATTERMOST_MAX_LOGIN_ATTEMPTS:-10} 19 | MATTERMOST_SEGMENT_KEY=${MATTERMOST_SEGMENT_KEY:-} 20 | MATTERMOST_GOOGLE_KEY=${MATTERMOST_GOOGLE_KEY:-} 21 | MATTERMOST_ENABLE_ADMIN_INTEGRATIONS=${MATTERMOST_ENABLE_ADMIN_INTEGRATIONS:-true} 22 | MATTERMOST_ENABLE_SLASH_COMMANDS=${MATTERMOST_ENABLE_SLASH_COMMANDS:-false} 23 | MATTERMOST_ENABLE_INCOMING_WEBHOOKS=${MATTERMOST_ENABLE_INCOMING_WEBHOOKS:-false} 24 | MATTERMOST_ENABLE_OUTGOING_WEBHOOKS=${MATTERMOST_ENABLE_OUTGOING_WEBHOOKS:-false} 25 | MATTERMOST_WEBHOOK_OVERRIDE_USERNAME=${MATTERMOST_WEBHOOK_OVERRIDE_USERNAME:-false} 26 | MATTERMOST_WEBHOOK_OVERRIDE_ICON=${MATTERMOST_WEBHOOK_OVERRIDE_ICON:-false} 27 | MATTERMOST_ENABLE_ALERTS=${MATTERMOST_ENABLE_ALERTS:-true} 28 | MATTERMOST_ENABLE_INSECURE_CONNECTIONS=${MATTERMOST_ENABLE_INSECURE_CONNECTIONS:-false} 29 | MATTERMOST_CORS_DOMAINS=${MATTERMOST_CORS_DOMAINS:-} 30 | MATTERMOST_WEB_SESSION_DAYS=${MATTERMOST_WEB_SESSION_DAYS:-30} 31 | MATTERMOST_MOBILE_SESSION_DAYS=${MATTERMOST_MOBILE_SESSION_DAYS:-30} 32 | MATTERMOST_SSO_SESSION_DAYS=${MATTERMOST_SSO_SESSION_DAYS:-30} 33 | MATTERMOST_SESSION_CACHE=${MATTERMOST_SESSION_CACHE:-10} 34 | MATTERMOST_WEBSERVER_MODE=${MATTERMOST_WEBSERVER_MODE:-gzip} 35 | MATTERMOST_ENABLE_CUSTOM_EMOJI=${MATTERMOST_ENABLE_CUSTOM_EMOJI:-true} 36 | MATTERMOST_RESTRICT_DIRECT_MESSAGE=${MATTERMOST_RESTRICT_DIRECT_MESSAGE:-any} 37 | 38 | # Team settings 39 | MATTERMOST_MAX_USERS=${MATTERMOST_MAX_USERS:-50} 40 | MATTERMOST_CREATE_TEAMS=${MATTERMOST_CREATE_TEAMS:-true} 41 | MATTERMOST_CREATE_USERS=${MATTERMOST_CREATE_USERS:-true} 42 | MATTERMOST_USER_DOMAINS=${MATTERMOST_USER_DOMAINS:-} 43 | MATTERMOST_OPEN_SERVER=${MATTERMOST_OPEN_SERVER:-false} 44 | 45 | # Mail settings 46 | MATTERMOST_EMAIL_SIGNIN=${MATTERMOST_EMAIL_SIGNIN:-true} 47 | MATTERMOST_USERNAME_SIGNIN=${MATTERMOST_USERNAME_SIGNIN:-false} 48 | 49 | # Push notifications 50 | MATTERMOST_PUSH_SERVER=${MATTERMOST_PUSH_SERVER:-} 51 | if [[ -z ${MATTERMOST_PUSH_SERVER} ]]; then 52 | MATTERMOST_ENABLE_PUSH_NOTIFICATIONS=false 53 | fi 54 | MATTERMOST_ENABLE_PUSH_NOTIFICATIONS=${MATTERMOST_ENABLE_PUSH_NOTIFICATIONS:-true} 55 | 56 | MATTERMOST_PUSH_FULL_MESSAGE=${MATTERMOST_PUSH_FULL_MESSAGE:-false} 57 | if [[ ${MATTERMOST_PUSH_FULL_MESSAGE} ]];then 58 | MATTERMOST_PUSH_CONTENTS=full 59 | else 60 | MATTERMOST_PUSH_CONTENTS=generic 61 | fi 62 | 63 | # Storage settings 64 | MATTERMOST_LINK_SALT=${MATTERMOST_LINK_SALT:-} 65 | if [[ -z $MATTERMOST_LINK_SALT} ]]; then 66 | MATTERMOST_ENABLE_PUBLIC_LINKS=false 67 | fi 68 | MATTERMOST_ENABLE_PUBLIC_LINKS=${MATTERMOST_ENABLE_PUBLIC_LINKS:-true} 69 | MATTERMOST_MAX_FILE_SIZE=${MATTERMOST_MAX_FILE_SIZE:-52428800} 70 | 71 | # Rate limit settings 72 | MATTERMOST_ENABLE_RATE_LIMIT=${MATTERMOST_ENABLE_RATE_LIMIT:-true} 73 | MATTERMOST_RATE_LIMIT_QPS=${MATTERMOST_RATE_LIMIT_QPS:-10} 74 | MATTERMOST_RATE_LIMIT_SESSIONS=${MATTERMOST_RATE_LIMIT_SESSIONS:-10000} 75 | MATTERMOST_RATE_LIMIT_BY_IP=${MATTERMOST_RATE_LIMIT_BY_IP:-true} 76 | MATTERMOST_RATE_LIMIT_HEADERS=${MATTERMOST_RATE_LIMIT_HEADERS:-} 77 | 78 | # Privacy settings 79 | MATTERMOST_SHOW_EMAIL=${MATTERMOST_SHOW_EMAIL:-true} 80 | MATTERMOST_SHOW_NAME=${MATTERMOST_SHOW_NAME:-true} 81 | 82 | # Localization 83 | MATTERMOST_SERVER_LOCALE=${MATTERMOST_SERVER_LOCALE:-en} 84 | MATTERMOST_CLIENT_LOCALE=${MATTERMOST_CLIENT_LOCALE:-en} 85 | MATTERMOST_LOCALES=${MATTERMOST_LOCALES:-en,es,fr,ja,pt-BR} 86 | 87 | # Database settings 88 | DB_ADAPTER=${DB_ADAPTER:-} 89 | DB_HOST=${DB_HOST:-} 90 | DB_PORT=${DB_PORT:-} 91 | DB_USER=${DB_USER:-} 92 | DB_PASS=${DB_PASS:-} 93 | DB_NAME=${DB_NAME:-} 94 | DB_ENCODING=${DB_ENCODING:-} 95 | MATTERMOST_DATASOURCE= 96 | 97 | # SMTP settings 98 | SMTP_HOST=${SMTP_HOST:-} 99 | SMTP_PORT=${SMTP_PORT:-25} 100 | SMTP_USER=${SMTP_USER:-} 101 | SMTP_PASS=${SMTP_PASS:-} 102 | SMTP_SECURITY=${SMTP_SECURITY:-} 103 | MATTERMOST_EMAIL=${MATTERMOST_EMAIL:-${SMTP_USER}} 104 | MATTERMOST_EMAIL=${MATTERMOST_EMAIL:-example@example.com} 105 | MATTERMOST_SUPPORT_EMAIL=${MATTERMOST_SUPPORT_EMAIL:-support@example.com} 106 | if [[ -z ${SMTP_HOST} ]]; then 107 | MATTERMOST_EMAIL_NOTIFICATIONS=false 108 | MATTERMOST_EMAIL_VERIFICATION=false 109 | fi 110 | MATTERMOST_EMAIL_NOTIFICATIONS=${MATTERMOST_EMAIL_NOTIFICATIONS:-true} 111 | MATTERMOST_EMAIL_VERIFICATION=${MATTERMOST_EMAIL_VERIFICATION:-true} 112 | 113 | if [[ -z ${MATTERMOST_SITE_URL} ]]; then 114 | MATTERMOST_ENABLE_EMAIL_BATCHING=false 115 | fi 116 | MATTERMOST_ENABLE_EMAIL_BATCHING=${MATTERMOST_ENABLE_EMAIL_BATCHING:-${MATTERMOST_EMAIL_NOTIFICATIONS}} 117 | 118 | # GitLab settings 119 | GITLAB_SECRET=${GITLAB_SECRET:-} 120 | GITLAB_ID=${GITLAB_ID:-} 121 | GITLAB_SCOPE=${GITLAB_SCOPE:-} 122 | GITLAB_AUTH_ENDPOINT=${GITLAB_AUTH_ENDPOINT:-} 123 | GITLAB_TOKEN_ENDPOINT=${GITLAB_TOKEN_ENDPOINT:-} 124 | GITLAB_API_ENDPOINT=${GITLAB_API_ENDPOINT:-} 125 | if [[ -z ${GITLAB_ID} ]]; then 126 | GITLAB_ENABLE=false 127 | fi 128 | GITLAB_ENABLE=${GITLAB_ENABLE:-true} 129 | -------------------------------------------------------------------------------- /assets/runtime/config/config.json: -------------------------------------------------------------------------------- 1 | { 2 | "ServiceSettings": { 3 | "SiteURL": "{{MATTERMOST_SITE_URL}}", 4 | "ListenAddress": ":80", 5 | "ConnectionSecurity": "", 6 | "TLSCertFile": "", 7 | "TLSKeyFile": "", 8 | "UseLetsEncrypt": false, 9 | "LetsEncryptCertificateCacheFile": "./config/letsencrypt.cache", 10 | "Forward80To443": false, 11 | "ReadTimeout": 300, 12 | "WriteTimeout": 300, 13 | "MaximumLoginAttempts": {{MATTERMOST_MAX_LOGIN_ATTEMPTS}}, 14 | "SegmentDeveloperKey": "{{MATTERMOST_SEGMENT_KEY}}", 15 | "GoogleDeveloperKey": "{{MATTERMOST_GOOGLE_KEY}}", 16 | "EnableOAuthServiceProvider": false, 17 | "EnableIncomingWebhooks": {{MATTERMOST_ENABLE_INCOMING_WEBHOOKS}}, 18 | "EnableOutgoingWebhooks": {{MATTERMOST_ENABLE_OUTGOING_WEBHOOKS}}, 19 | "EnableCommands": {{MATTERMOST_ENABLE_SLASH_COMMANDS}}, 20 | "EnableOnlyAdminIntegrations": {{MATTERMOST_ENABLE_ADMIN_INTEGRATIONS}}, 21 | "EnablePostUsernameOverride": {{MATTERMOST_WEBHOOK_OVERRIDE_USERNAME}}, 22 | "EnablePostIconOverride": {{MATTERMOST_WEBHOOK_OVERRIDE_ICON}}, 23 | "EnableTesting": false, 24 | "EnableDeveloper": false, 25 | "EnableSecurityFixAlert": {{MATTERMOST_ENABLE_ALERTS}}, 26 | "EnableInsecureOutgoingConnections": {{MATTERMOST_ENABLE_INSECURE_CONNECTIONS}}, 27 | "EnableMultifactorAuthentication": false, 28 | "AllowCorsFrom": "{{MATTERMOST_CORS_DOMAINS}}", 29 | "SessionLengthWebInDays": {{MATTERMOST_WEB_SESSION_DAYS}}, 30 | "SessionLengthMobileInDays": {{MATTERMOST_MOBILE_SESSION_DAYS}}, 31 | "SessionLengthSSOInDays": {{MATTERMOST_SSO_SESSION_DAYS}}, 32 | "SessionCacheInMinutes": {{MATTERMOST_SESSION_CACHE}}, 33 | "WebsocketSecurePort": 443, 34 | "WebsocketPort": 80, 35 | "WebserverMode": "{{MATTERMOST_WEBSERVER_MODE}}", 36 | "EnableCustomEmoji": {{MATTERMOST_ENABLE_CUSTOM_EMOJI}}, 37 | "RestrictCustomEmojiCreation": "" 38 | }, 39 | "TeamSettings": { 40 | "SiteName": "{{MATTERMOST_NAME}}", 41 | "MaxUsersPerTeam": {{MATTERMOST_MAX_USERS}}, 42 | "EnableTeamCreation": {{MATTERMOST_CREATE_TEAMS}}, 43 | "EnableUserCreation": {{MATTERMOST_CREATE_USERS}}, 44 | "EnableOpenServer": {{MATTERMOST_OPEN_SERVER}}, 45 | "RestrictCreationToDomains": "{{MATTERMOST_USER_DOMAINS}}", 46 | "EnableCustomBrand": false, 47 | "CustomBrandText": "", 48 | "CustomDescriptionText": "", 49 | "RestrictDirectMessage": "{{MATTERMOST_RESTRICT_DIRECT_MESSAGE}}", 50 | "RestrictTeamInvite": "all", 51 | "RestrictPublicChannelManagement": "all", 52 | "RestrictPrivateChannelManagement": "all", 53 | "UserStatusAwayTimeout": 300, 54 | "MaxChannelsPerTeam": 2000 55 | }, 56 | "SqlSettings": { 57 | "DriverName": "{{DB_ADAPTER}}", 58 | "DataSource": "{{MATTERMOST_DATASOURCE}}", 59 | "DataSourceReplicas": [], 60 | "MaxIdleConns": 20, 61 | "MaxOpenConns": 300, 62 | "Trace": false, 63 | "AtRestEncryptKey": "{{MATTERMOST_SECRET_KEY}}" 64 | }, 65 | "LogSettings": { 66 | "EnableConsole": false, 67 | "ConsoleLevel": "INFO", 68 | "EnableFile": true, 69 | "FileLevel": "INFO", 70 | "FileFormat": "", 71 | "FileLocation": "{{MATTERMOST_LOG_DIR}}/mattermost.log", 72 | "EnableWebhookDebugging": true, 73 | "EnableDiagnostics": true 74 | }, 75 | "PasswordSettings": { 76 | "MinimumLength": 5, 77 | "Lowercase": false, 78 | "Number": false, 79 | "Uppercase": false, 80 | "Symbol": false 81 | }, 82 | "FileSettings": { 83 | "MaxFileSize": {{MATTERMOST_MAX_FILE_SIZE}}, 84 | "DriverName": "local", 85 | "Directory": "{{MATTERMOST_DATA_DIR}}", 86 | "EnablePublicLink": {{MATTERMOST_ENABLE_PUBLIC_LINKS}}, 87 | "PublicLinkSalt": "{{MATTERMOST_LINK_SALT}}", 88 | "ThumbnailWidth": 120, 89 | "ThumbnailHeight": 100, 90 | "PreviewWidth": 1024, 91 | "PreviewHeight": 0, 92 | "ProfileWidth": 128, 93 | "ProfileHeight": 128, 94 | "InitialFont": "luximbi.ttf", 95 | "AmazonS3AccessKeyId": "", 96 | "AmazonS3SecretAccessKey": "", 97 | "AmazonS3Bucket": "", 98 | "AmazonS3Region": "us-east-1", 99 | "AmazonS3Endpoint": "s3.amazonaws.com", 100 | "AmazonS3SSL": true 101 | }, 102 | "EmailSettings": { 103 | "EnableSignUpWithEmail": {{MATTERMOST_ENABLE_EMAIL_SIGNUP}}, 104 | "EnableSignInWithEmail": {{MATTERMOST_EMAIL_SIGNIN}}, 105 | "EnableSignInWithUsername": {{MATTERMOST_USERNAME_SIGNIN}}, 106 | "SendEmailNotifications": {{MATTERMOST_EMAIL_NOTIFICATIONS}}, 107 | "RequireEmailVerification": {{MATTERMOST_EMAIL_VERIFICATION}}, 108 | "FeedbackName": "{{MATTERMOST_NAME}}", 109 | "FeedbackEmail": "{{MATTERMOST_EMAIL}}", 110 | "FeedbackOrganization": "", 111 | "SMTPUsername": "{{SMTP_USER}}", 112 | "SMTPPassword": "{{SMTP_PASS}}", 113 | "SMTPServer": "{{SMTP_HOST}}", 114 | "SMTPPort": "{{SMTP_PORT}}", 115 | "ConnectionSecurity": "{{SMTP_SECURITY}}", 116 | "InviteSalt": "{{MATTERMOST_INVITE_SALT}}", 117 | "PasswordResetSalt": "{{MATTERMOST_RESET_SALT}}", 118 | "SendPushNotifications": {{MATTERMOST_ENABLE_PUSH_NOTIFICATIONS}}, 119 | "PushNotificationServer": "{{MATTERMOST_PUSH_SERVER}}", 120 | "PushNotificationContents": "{{MATTERMOST_PUSH_CONTENTS}}", 121 | "EnableEmailBatching": {{MATTERMOST_ENABLE_EMAIL_BATCHING}}, 122 | "EmailBatchingBufferSize": 256, 123 | "EmailBatchingInterval": 30 124 | }, 125 | "RateLimitSettings": { 126 | "EnableRateLimiter": {{MATTERMOST_ENABLE_RATE_LIMIT}}, 127 | "PerSec": {{MATTERMOST_RATE_LIMIT_QPS}}, 128 | "MaxBurst": 100, 129 | "MemoryStoreSize": {{MATTERMOST_RATE_LIMIT_SESSIONS}}, 130 | "VaryByRemoteAddr": {{MATTERMOST_RATE_LIMIT_BY_IP}}, 131 | "VaryByHeader": "{{MATTERMOST_RATE_LIMIT_HEADERS}}" 132 | }, 133 | "PrivacySettings": { 134 | "ShowEmailAddress": {{MATTERMOST_SHOW_EMAIL}}, 135 | "ShowFullName": {{MATTERMOST_SHOW_NAME}} 136 | }, 137 | "SupportSettings": { 138 | "TermsOfServiceLink": "/static/help/terms.html", 139 | "PrivacyPolicyLink": "/static/help/privacy.html", 140 | "AboutLink": "/static/help/about.html", 141 | "HelpLink": "/static/help/help.html", 142 | "ReportAProblemLink": "/static/help/report_problem.html", 143 | "SupportEmail": "{{MATTERMOST_SUPPORT_EMAIL}}" 144 | }, 145 | "GitLabSettings": { 146 | "Enable": {{GITLAB_ENABLE}}, 147 | "Secret": "{{GITLAB_SECRET}}", 148 | "Id": "{{GITLAB_ID}}", 149 | "Scope": "{{GITLAB_SCOPE}}", 150 | "AuthEndpoint": "{{GITLAB_AUTH_ENDPOINT}}", 151 | "TokenEndpoint": "{{GITLAB_TOKEN_ENDPOINT}}", 152 | "UserApiEndpoint": "{{GITLAB_API_ENDPOINT}}" 153 | }, 154 | "GoogleSettings": { 155 | "Enable": false, 156 | "Secret": "", 157 | "Id": "", 158 | "Scope": "profile email", 159 | "AuthEndpoint": "https://accounts.google.com/o/oauth2/v2/auth", 160 | "TokenEndpoint": "https://www.googleapis.com/oauth2/v4/token", 161 | "UserApiEndpoint": "https://www.googleapis.com/plus/v1/people/me" 162 | }, 163 | "Office365Settings": { 164 | "Enable": false, 165 | "Secret": "", 166 | "Id": "", 167 | "Scope": "User.Read", 168 | "AuthEndpoint": "https://login.microsoftonline.com/common/oauth2/v2.0/authorize", 169 | "TokenEndpoint": "https://login.microsoftonline.com/common/oauth2/v2.0/token", 170 | "UserApiEndpoint": "https://graph.microsoft.com/v1.0/me" 171 | }, 172 | "LdapSettings": { 173 | "Enable": false, 174 | "LdapServer": "", 175 | "LdapPort": 389, 176 | "ConnectionSecurity": "", 177 | "BaseDN": "", 178 | "BindUsername": "", 179 | "BindPassword": "", 180 | "UserFilter": "", 181 | "FirstNameAttribute": "", 182 | "LastNameAttribute": "", 183 | "EmailAttribute": "", 184 | "UsernameAttribute": "", 185 | "NicknameAttribute": "", 186 | "IdAttribute": "", 187 | "SyncIntervalMinutes": 60, 188 | "SkipCertificateVerification": false, 189 | "QueryTimeout": 60, 190 | "MaxPageSize": 0, 191 | "LoginFieldName": "" 192 | }, 193 | "ComplianceSettings": { 194 | "Enable": false, 195 | "Directory": "./data/", 196 | "EnableDaily": false 197 | }, 198 | "LocalizationSettings": { 199 | "DefaultServerLocale": "{{MATTERMOST_SERVER_LOCALE}}", 200 | "DefaultClientLocale": "{{MATTERMOST_CLIENT_LOCALE}}", 201 | "AvailableLocales": "{{MATTERMOST_LOCALES}}" 202 | }, 203 | "SamlSettings": { 204 | "Enable": false, 205 | "Verify": false, 206 | "Encrypt": false, 207 | "IdpUrl": "", 208 | "IdpDescriptorUrl": "", 209 | "AssertionConsumerServiceURL": "", 210 | "IdpCertificateFile": "", 211 | "PublicCertificateFile": "", 212 | "PrivateKeyFile": "", 213 | "FirstNameAttribute": "", 214 | "LastNameAttribute": "", 215 | "EmailAttribute": "", 216 | "UsernameAttribute": "", 217 | "NicknameAttribute": "", 218 | "LocaleAttribute": "", 219 | "LoginButtonText": "With SAML" 220 | }, 221 | "NativeAppSettings": { 222 | "AppDownloadLink": "https://about.mattermost.com/downloads/", 223 | "AndroidAppDownloadLink": "https://about.mattermost.com/mattermost-android-app/", 224 | "IosAppDownloadLink": "https://about.mattermost.com/mattermost-ios-app/" 225 | }, 226 | "ClusterSettings": { 227 | "Enable": false, 228 | "InterNodeListenAddress": ":8075", 229 | "InterNodeUrls": [] 230 | }, 231 | "WebrtcSettings": { 232 | "Enable": false, 233 | "GatewayWebsocketUrl": "", 234 | "GatewayAdminUrl": "", 235 | "GatewayAdminSecret": "", 236 | "StunURI": "", 237 | "TurnURI": "", 238 | "TurnUsername": "", 239 | "TurnSharedKey": "" 240 | } 241 | } 242 | -------------------------------------------------------------------------------- /assets/runtime/functions: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | set -e 3 | source ${MATTERMOST_RUNTIME_DIR}/env-defaults 4 | 5 | SYSCONF_TEMPLATES_DIR="${MATTERMOST_RUNTIME_DIR}/config" 6 | 7 | MATTERMOST_CONFIG="${MATTERMOST_CONF_DIR}/config.json" 8 | 9 | # Compares two version strings `a` and `b` 10 | # Returns 11 | # - negative integer, if `a` is less than `b` 12 | # - 0, if `a` and `b` are equal 13 | # - non-negative integer, if `a` is greater than `b` 14 | vercmp() { 15 | expr '(' "$1" : '\([^.]*\)' ')' '-' '(' "$2" : '\([^.]*\)' ')' '|' \ 16 | '(' "$1.0" : '[^.]*[.]\([^.]*\)' ')' '-' '(' "$2.0" : '[^.]*[.]\([^.]*\)' ')' '|' \ 17 | '(' "$1.0.0" : '[^.]*[.][^.]*[.]\([^.]*\)' ')' '-' '(' "$2.0.0" : '[^.]*[.][^.]*[.]\([^.]*\)' ')' '|' \ 18 | '(' "$1.0.0.0" : '[^.]*[.][^.]*[.][^.]*[.]\([^.]*\)' ')' '-' '(' "$2.0.0.0" : '[^.]*[.][^.]*[.][^.]*[.]\([^.]*\)' ')' 19 | } 20 | 21 | ## Copies configuration template to the destination as the specified USER 22 | ### Looks up for overrides in ${USERCONF_TEMPLATES_DIR} before using the defaults from ${SYSCONF_TEMPLATES_DIR} 23 | # $1: copy-as user 24 | # $2: source file 25 | # $3: destination location 26 | # $4: mode of destination 27 | install_template() { 28 | local OWNERSHIP=${1} 29 | local SRC=${2} 30 | local DEST=${3} 31 | local MODE=${4:-0644} 32 | if [[ -f ${SYSCONF_TEMPLATES_DIR}/${SRC} ]]; then 33 | cp ${SYSCONF_TEMPLATES_DIR}/${SRC} ${DEST} 34 | fi 35 | chmod ${MODE} ${DEST} 36 | chown ${OWNERSHIP} ${DEST} 37 | } 38 | 39 | ## Replace placeholders with values 40 | # $1: file with placeholders to replace 41 | # $x: placeholders to replace 42 | update_template() { 43 | local FILE=${1?missing argument} 44 | shift 45 | 46 | [[ ! -f ${FILE} ]] && return 1 47 | 48 | local VARIABLES=($@) 49 | local USR=$(stat -c %U ${FILE}) 50 | local tmp_file=$(mktemp) 51 | cp -a "${FILE}" ${tmp_file} 52 | 53 | local variable 54 | for variable in ${VARIABLES[@]}; do 55 | # Keep the compatibilty: {{VAR}} => ${VAR} 56 | sed -ri "s/[{]{2}$variable[}]{2}/\${$variable}/g" ${tmp_file} 57 | done 58 | 59 | # Replace placeholders 60 | ( 61 | export ${VARIABLES[@]} 62 | local IFS=":"; envsubst "${VARIABLES[*]/#/$}" < ${tmp_file} > ${FILE} 63 | ) 64 | rm -f ${tmp_file} 65 | } 66 | 67 | initialize_datadir() { 68 | echo "Initializing datadir..." 69 | chmod 755 ${MATTERMOST_DATA_DIR} 70 | } 71 | 72 | initialize_logdir() { 73 | echo "Initializing logdir..." 74 | mkdir -p ${MATTERMOST_LOG_DIR} 75 | chmod -R 0755 ${MATTERMOST_LOG_DIR} 76 | chown -R root: ${MATTERMOST_LOG_DIR} 77 | } 78 | 79 | install_configuration_templates() { 80 | echo "Installing configuration templates..." 81 | 82 | mkdir -p ${MATTERMOST_CONF_DIR} 83 | 84 | install_template root: config.json ${MATTERMOST_CONFIG} 0640 85 | } 86 | 87 | finalize_database_parameters() { 88 | # is a mysql or postgresql database linked? 89 | # requires that the mysql or postgresql containers have exposed 90 | # port 3306 and 5432 respectively. 91 | if [[ -n ${MYSQL_PORT_3306_TCP_ADDR} ]]; then 92 | DB_ADAPTER=${DB_ADAPTER:-mysql} 93 | DB_HOST=${DB_HOST:-${MYSQL_PORT_3306_TCP_ADDR}} 94 | DB_PORT=${DB_PORT:-${MYSQL_PORT_3306_TCP_PORT}} 95 | DB_USER=${DB_USER:-${MYSQL_ENV_MYSQL_USER}} 96 | DB_PASS=${DB_PASS:-${MYSQL_ENV_MYSQL_PASSWORD}} 97 | DB_NAME=${DB_NAME:-${MYSQL_ENV_MYSQL_DATABASE}} 98 | elif [[ -n ${POSTGRES_PORT_5432_TCP_ADDR} ]]; then 99 | DB_ADAPTER=${DB_ADAPTER:-postgres} 100 | DB_HOST=${DB_HOST:-${POSTGRES_PORT_5432_TCP_ADDR}} 101 | DB_PORT=${DB_PORT:-${POSTGRES_PORT_5432_TCP_PORT}} 102 | DB_USER=${DB_USER:-${POSTGRES_ENV_POSTGRES_USER}} 103 | DB_PASS=${DB_PASS:-${POSTGRES_ENV_POSTGRES_PASSWORD}} 104 | DB_NAME=${DB_NAME:-${POSTGRES_ENV_POSTGRES_DB}} 105 | DB_NAME=${DB_NAME:-${POSTGRES_ENV_POSTGRES_USER}} 106 | fi 107 | 108 | if [[ -z ${DB_HOST} ]]; then 109 | echo 110 | echo "ERROR: " 111 | echo " Please configure the database connection." 112 | echo " Cannot continue without a database. Aborting..." 113 | echo 114 | return 1 115 | fi 116 | 117 | # set default port number if not specified 118 | DB_ADAPTER=${DB_ADAPTER:-mysql} 119 | case ${DB_ADAPTER} in 120 | mysql) 121 | DB_PORT=${DB_PORT:-3306} 122 | DB_ENCODING=${DB_ENCODING:-utf8mb4,utf8} 123 | DB_PARAMS="charset=${DB_ENCODING}" 124 | MATTERMOST_DATASOURCE="${DB_USER}:${DB_PASS}@tcp(${DB_HOST}:${DB_PORT})/${DB_NAME}?${DB_PARAMS}" 125 | ;; 126 | postgres) 127 | DB_PORT=${DB_PORT:-5432} 128 | DB_PARAMS="sslmode=disable&connect_timeout=10" 129 | MATTERMOST_DATASOURCE="${DB_ADAPTER}://${DB_USER}:${DB_PASS}@${DB_HOST}:${DB_PORT}/${DB_NAME}?${DB_PARAMS}" 130 | ;; 131 | *) 132 | echo 133 | echo "ERROR: " 134 | echo " Please specify the database type in use via the DB_ADAPTER configuration option." 135 | echo " Accepted values are \"postgres\" or \"mysql\". Aborting..." 136 | echo 137 | return 1 138 | ;; 139 | esac 140 | 141 | # set default user and database 142 | DB_USER=${DB_USER:-root} 143 | DB_NAME=${DB_NAME:-mattermost} 144 | } 145 | 146 | check_database_connection() { 147 | case ${DB_ADAPTER} in 148 | mysql) 149 | prog=(mysqladmin -h ${DB_HOST} -P ${DB_PORT} -u ${DB_USER} ${DB_PASS:+-p$DB_PASS} status) 150 | ;; 151 | postgres) 152 | export PGPASSWORD=${DB_PASS} 153 | prog=(psql -h ${DB_HOST} -p ${DB_PORT} -U ${DB_USER} -t -c "select now()") 154 | ;; 155 | esac 156 | timeout=60 157 | while ! "${prog[@]}" >/dev/null 2>&1 158 | do 159 | timeout=$(expr $timeout - 1) 160 | if [[ $timeout -eq 0 ]]; then 161 | echo 162 | echo "Could not connect to database server. Aborting..." 163 | return 1 164 | fi 165 | echo -n "." 166 | sleep 1 167 | done 168 | echo 169 | } 170 | 171 | configure_database() { 172 | echo -n "Configuring mattermost database..." 173 | 174 | finalize_database_parameters 175 | check_database_connection 176 | 177 | update_template ${MATTERMOST_CONFIG} \ 178 | DB_ADAPTER \ 179 | MATTERMOST_DATASOURCE 180 | } 181 | 182 | configure_mattermost() { 183 | update_template ${MATTERMOST_CONFIG} \ 184 | MATTERMOST_SITE_URL \ 185 | MATTERMOST_NAME \ 186 | MATTERMOST_PORT \ 187 | MATTERMOST_WEBSERVER_MODE \ 188 | MATTERMOST_ENABLE_EMAIL_SIGNUP \ 189 | MATTERMOST_SECRET_KEY \ 190 | MATTERMOST_RESET_SALT \ 191 | MATTERMOST_INVITE_SALT \ 192 | MATTERMOST_DATA_DIR \ 193 | MATTERMOST_LOG_DIR \ 194 | MATTERMOST_MAX_LOGIN_ATTEMPTS \ 195 | MATTERMOST_SEGMENT_KEY \ 196 | MATTERMOST_GOOGLE_KEY \ 197 | MATTERMOST_RESTRICT_DIRECT_MESSAGE \ 198 | MATTERMOST_ENABLE_CUSTOM_EMOJI \ 199 | MATTERMOST_ENABLE_ADMIN_INTEGRATIONS \ 200 | MATTERMOST_ENABLE_SLASH_COMMANDS \ 201 | MATTERMOST_ENABLE_INCOMING_WEBHOOKS \ 202 | MATTERMOST_ENABLE_OUTGOING_WEBHOOKS \ 203 | MATTERMOST_WEBHOOK_OVERRIDE_USERNAME \ 204 | MATTERMOST_WEBHOOK_OVERRIDE_ICON \ 205 | MATTERMOST_ENABLE_ALERTS \ 206 | MATTERMOST_ENABLE_INSECURE_CONNECTIONS \ 207 | MATTERMOST_CORS_DOMAINS \ 208 | MATTERMOST_WEB_SESSION_DAYS \ 209 | MATTERMOST_MOBILE_SESSION_DAYS \ 210 | MATTERMOST_SSO_SESSION_DAYS \ 211 | MATTERMOST_SESSION_CACHE \ 212 | MATTERMOST_MAX_USERS \ 213 | MATTERMOST_CREATE_TEAMS \ 214 | MATTERMOST_CREATE_USERS \ 215 | MATTERMOST_USER_DOMAINS \ 216 | MATTERMOST_OPEN_SERVER \ 217 | MATTERMOST_EMAIL_SIGNIN \ 218 | MATTERMOST_USERNAME_SIGNIN \ 219 | MATTERMOST_EMAIL_NOTIFICATIONS \ 220 | MATTERMOST_ENABLE_EMAIL_BATCHING \ 221 | MATTERMOST_EMAIL_VERIFICATION \ 222 | MATTERMOST_ENABLE_PUSH_NOTIFICATIONS \ 223 | MATTERMOST_PUSH_SERVER \ 224 | MATTERMOST_PUSH_CONTENTS \ 225 | MATTERMOST_MAX_FILE_SIZE \ 226 | MATTERMOST_ENABLE_PUBLIC_LINKS \ 227 | MATTERMOST_LINK_SALT \ 228 | MATTERMOST_ENABLE_RATE_LIMIT \ 229 | MATTERMOST_RATE_LIMIT_QPS \ 230 | MATTERMOST_RATE_LIMIT_SESSIONS \ 231 | MATTERMOST_RATE_LIMIT_BY_IP \ 232 | MATTERMOST_RATE_LIMIT_HEADERS \ 233 | MATTERMOST_SHOW_EMAIL \ 234 | MATTERMOST_SHOW_NAME \ 235 | MATTERMOST_SUPPORT_EMAIL \ 236 | MATTERMOST_SERVER_LOCALE \ 237 | MATTERMOST_CLIENT_LOCALE \ 238 | MATTERMOST_LOCALES 239 | } 240 | 241 | configure_smtp() { 242 | echo "Configuring SMTP..." 243 | update_template ${MATTERMOST_CONFIG} \ 244 | SMTP_USER \ 245 | SMTP_PASS \ 246 | SMTP_HOST \ 247 | SMTP_PORT \ 248 | SMTP_SECURITY \ 249 | MATTERMOST_NAME \ 250 | MATTERMOST_EMAIL 251 | } 252 | 253 | configure_gitlab() { 254 | echo "Configuring GitLab..." 255 | update_template ${MATTERMOST_CONFIG} \ 256 | GITLAB_ENABLE \ 257 | GITLAB_SECRET \ 258 | GITLAB_ID \ 259 | GITLAB_SCOPE \ 260 | GITLAB_AUTH_ENDPOINT \ 261 | GITLAB_TOKEN_ENDPOINT \ 262 | GITLAB_API_ENDPOINT 263 | } 264 | 265 | migrate_version() { 266 | CACHE_VERSION=$1 267 | 268 | if [[ $(vercmp ${MATTERMOST_VERSION} ${CACHE_VERSION}) -lt 0 ]]; then 269 | echo 270 | echo "ERROR: " 271 | echo " Cannot downgrade from Mattermost version ${CACHE_VERSION} to ${MATTERMOST_VERSION}." 272 | echo " Only upgrades are allowed. Please use jasl8r/mattermost:${CACHE_VERSION} or higher." 273 | echo " Cannot continue. Aborting!" 274 | echo 275 | return 1 276 | fi 277 | 278 | if [[ $(vercmp ${MATTERMOST_VERSION} 3.4.0) -ge 0 && 279 | $(vercmp ${CACHE_VERSION} 3.0.0) -lt 0 ]]; then 280 | echo 281 | echo "ERROR: " 282 | echo " Cannot upgrade from Mattermost version ${CACHE_VERSION} to ${MATTERMOST_VERSION}." 283 | echo " Mattermost version ${CACHE_VERSION} must be upgraded to version 3.0.2 or 3.1.0 first." 284 | echo " Please run jasl8r/mattermost:3.1.0 followed by jasl8r/mattermost:${MATTERMOST_VERSION}" 285 | echo " Cannot continue. Aborting!" 286 | echo 287 | return 1 288 | fi 289 | 290 | # Handle version 3 migration 291 | if [[ $(vercmp ${MATTERMOST_VERSION} 3.0.0) -ge 0 && 292 | $(vercmp ${CACHE_VERSION} 3.0.0) -lt 0 ]]; then 293 | echo "Migrating database to version 3.0" 294 | if [[ $INTERACTIVE -eq 1 ]]; then 295 | ./bin/platform -config ${MATTERMOST_CONF_DIR}/config.json -upgrade_db_30 296 | elif [[ -n ${MATTERMOST_MIGRATION_DEFAULT_TEAM} ]]; then 297 | rm -f /tmp/fifo 298 | mkfifo /tmp/fifo 299 | exec 3<> /tmp/fifo 300 | echo YES > /tmp/fifo 301 | echo ${MATTERMOST_MIGRATION_DEFAULT_TEAM} > /tmp/fifo 302 | ./bin/platform -config ${MATTERMOST_CONF_DIR}/config.json -upgrade_db_30 < /tmp/fifo 303 | rm /tmp/fifo 304 | else 305 | echo 306 | echo "ERROR: " 307 | echo " Cannot upgrade from Mattermost version ${CACHE_VERSION} to ${MATTERMOST_VERSION}." 308 | echo " Mattermost version 3.0.0 introduced a major user model change that requires" 309 | echo " defining a default team. You may interactively run this upgrade by running" 310 | echo " the app:upgrade task or you may automatically perform the upgrade by specifying" 311 | echo " your default team in the MATTERMOST_MIGRATION_DEFAULT_TEAM environment variable." 312 | echo 313 | return 1 314 | fi 315 | fi 316 | } 317 | 318 | initialize() { 319 | echo "Initializing mattermost..." 320 | initialize_datadir 321 | initialize_logdir 322 | install_configuration_templates 323 | } 324 | 325 | configure() { 326 | echo "Configuring mattermost..." 327 | configure_database 328 | configure_mattermost 329 | configure_smtp 330 | configure_gitlab 331 | } 332 | 333 | migrate() { 334 | INTERACTIVE=$([[ ${1} = "-interactive" ]] && echo 1 || echo 0) 335 | 336 | # check if this is a new installation 337 | case ${DB_ADAPTER} in 338 | mysql) 339 | QUERY="SELECT count(*) FROM information_schema.tables WHERE table_schema = '${DB_NAME}';" 340 | COUNT=$(mysql -h ${DB_HOST} -P ${DB_PORT} -u ${DB_USER} ${DB_PASS:+-p$DB_PASS} -ss -e "${QUERY}") 341 | ;; 342 | postgres) 343 | QUERY="SELECT count(*) FROM information_schema.tables WHERE table_schema = 'public';" 344 | COUNT=$(PGPASSWORD="${DB_PASS}" psql -h ${DB_HOST} -p ${DB_PORT} -U ${DB_USER} -d ${DB_NAME} -Atw -c "${QUERY}") 345 | ;; 346 | esac 347 | 348 | if [[ -z ${COUNT} || ${COUNT} -eq 0 ]]; then 349 | echo "Configuring new Mattermost installation..." 350 | else 351 | # check if the mattermost version has changed. 352 | [[ -f ${MATTERMOST_DATA_DIR}/VERSION ]] && CACHE_VERSION=$(cat ${MATTERMOST_DATA_DIR}/VERSION) 353 | CACHE_VERSION=${CACHE_VERSION:-2.0.0} 354 | 355 | if [[ ${MATTERMOST_VERSION} != ${CACHE_VERSION} ]]; then 356 | migrate_version $CACHE_VERSION 357 | fi 358 | fi 359 | 360 | echo "${MATTERMOST_VERSION}" > ${MATTERMOST_DATA_DIR}/VERSION 361 | } 362 | -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- 1 | [![Docker Repository on Quay.io](https://quay.io/repository/jasl8r/mattermost/status "Docker Repository on Quay.io")](https://quay.io/repository/jasl8r/mattermost) [![](https://badge.imagelayers.io/jasl8r/mattermost:latest.svg)](https://imagelayers.io/?images=jasl8r/mattermost:latest 'Get your own badge on imagelayers.io') 2 | 3 | # Docker Mattermost 4 | 5 | - [Introduction](#introduction) 6 | - [Changelog](CHANGELOG.md) 7 | - [Contributing](#contributing) 8 | - [Issues](#issues) 9 | - [Installation](#installation) 10 | - [Quick Start](#quick-start) 11 | - [Configuration](#configuration) 12 | - [Data Store](#data-store) 13 | - [Database](#database) 14 | - [MySQL](#mysql) 15 | - [External MySQL Server](#external-mysql-server) 16 | - [Linking to MySQL Container](#linking-to-mysql-container) 17 | - [PostgreSQL](#postgresql) 18 | - [External PostgreSQL Server](#external-postgresql-server) 19 | - [Linking to PostgreSQL Container](#linking-to-postgresql-container) 20 | - [Mail](#mail) 21 | - [SSL](#ssl) 22 | - [Generation of Self Signed Certificates](#generation-of-self-signed-certificates) 23 | - [Strengthening the Server Security](#strengthening-the-server-security) 24 | - [Installation of the SSL Certificates](#installation-of-the-ssl-certificates) 25 | - [Running Mattermost with HTTPS](#running-mattermost-with-https) 26 | - [GitLab Integration](#gitlab-integration) 27 | - [Available Configuration Parameters](#available-configuration-parameters) 28 | - [Maintenance](#maintenance) 29 | - [Upgrading](#upgrading) 30 | - [Upgrading to Version 3](#upgrading-to-version-3) 31 | - [Shell Access](#shell-access) 32 | - [References](#references) 33 | 34 | # Introduction 35 | 36 | Dockerfile to build a [Mattermost](https://www.mattermost.org/) container image. 37 | 38 | # Contributing 39 | 40 | If you find this image useful here's how you can help: 41 | 42 | - Send a Pull Request with your awesome new features and bug fixes 43 | - Help new users with [Issues](https://github.com/jasl8r/docker-mattermost/issues) they may encounter 44 | 45 | # Issues 46 | 47 | Please file a issue request on the [issues](https://github.com/jasl8r/docker-mattermost/issues) page. 48 | 49 | # Installation 50 | 51 | Automated builds of the image are available on [Dockerhub](https://hub.docker.com/r/jasl8r/mattermost) and is the recommended method of installation. 52 | 53 | > **Note**: Builds are also available on [Quay.io](https://quay.io/repository/jasl8r/mattermost) 54 | 55 | ```bash 56 | docker pull jasl8r/mattermost:3.5.1 57 | ``` 58 | 59 | You can also pull the `latest` tag which is built from the repository *HEAD* 60 | 61 | ```bash 62 | docker pull jasl8r/mattermost:latest 63 | ``` 64 | 65 | Alternatively you can build the image locally. 66 | 67 | ```bash 68 | docker build -t jasl8r/mattermost github.com/jasl8r/docker-mattermost 69 | ``` 70 | 71 | # Quick Start 72 | 73 | The quickest way to get started is using [docker-compose](https://docs.docker.com/compose/). 74 | 75 | ```bash 76 | wget https://raw.githubusercontent.com/jasl8r/docker-mattermost/master/docker-compose.yml 77 | ``` 78 | 79 | Generate and assign random strings to the `MATTERMOST_SECRET_KEY`, `MATTERMOST_LINK_SALT`, `MATTERMOST_RESET_SALT` and `MATTERMOST_INVITE_SALT` environment variables. Once set you should not change these values and ensure you backup these values. 80 | 81 | > **Tip**: You can generate a random string using `pwgen -Bsv1 64`. 82 | 83 | Start Mattermost using: 84 | 85 | ```bash 86 | docker-compose up 87 | ``` 88 | 89 | Alternatively, you can manually launch the `mattermost` container and the supporting `mysql` and `redis` containers by following this three step guide. 90 | 91 | Step 1. Launch a mysql container 92 | 93 | ```bash 94 | docker run --name mattermost-mysql -d \ 95 | --env 'MYSQL_USER=mattermost' --env 'MYSQL_PASSWORD=password' \ 96 | --env 'MYSQL_DATABASE=mattermost' --env 'MYSQL_ROOT_PASSWORD=password' \ 97 | --volume /srv/docker/mattermost/mysql:/var/lib/mysql 98 | mysql:latest 99 | ``` 100 | 101 | Step 2. Launch the mattermost container 102 | 103 | ```bash 104 | docker run --name mattermost -d \ 105 | --link mattermost-mysql:mysql \ 106 | --publish 8080:80 \ 107 | --env 'MATTERMOST_SECRET_KEY=long-and-random-alphanumeric-string' \ 108 | --env 'MATTERMOST_LINK_SALT=long-and-random-alphanumeric-string' \ 109 | --env 'MATTERMOST_RESET_SALT=long-and-random-alphanumeric-string' \ 110 | --env 'MATTERMOST_INVITE_SALT=long-and-random-alphanumeric-string' \ 111 | --volume /srv/docker/mattermost/mattermost:/opt/mattermost/data \ 112 | jasl8r/mattermost:3.5.1 113 | ``` 114 | 115 | *Please refer to [Available Configuration Parameters](#available-configuration-parameters) to understand `MATTERMOST_PORT` and other configuration options* 116 | 117 | __NOTE__: Please allow a couple of minutes for the Mattermost application to start. 118 | 119 | Point your browser to `http://localhost:8080` and create your administrator account. 120 | 121 | You should now have the Mattermost application up and ready for testing. If you want to use this image in production the please read on. 122 | 123 | *The rest of the document will use the docker command line. You can quite simply adapt your configuration into a `docker-compose.yml` file if you wish to do so.* 124 | 125 | # Configuration 126 | 127 | ## Data Store 128 | 129 | Mattermost stores data in the file system for features like file uploads and avatars. To avoid losing this data you should mount a volume at, 130 | 131 | * `/opt/mattermost/data` 132 | 133 | SELinux users are also required to change the security context of the mount point so that it plays nicely with selinux. 134 | 135 | ```bash 136 | mkdir -p /srv/docker/mattermost/mattermost 137 | sudo chcon -Rt svirt_sandbox_file_t /srv/docker/mattermost/mattermost 138 | ``` 139 | 140 | Volumes can be mounted in docker by specifying the `-v` option in the docker run command. 141 | 142 | ```bash 143 | docker run --name mattermost -d \ 144 | --volume /srv/docker/mattermost/mattermost:/opt/mattermost/data \ 145 | jasl8r/mattermost:3.5.1 146 | ``` 147 | 148 | ## Database 149 | 150 | Mattermost uses a database backend to store its data. You can configure this image to use MySQL. 151 | 152 | ### MySQL 153 | 154 | #### External MySQL Server 155 | 156 | The image can be configured to use an external MySQL database. The database configuration should be specified using environment variables while starting the Mattermost image. 157 | 158 | Before you start the Mattermost image create a user and database for mattermost. 159 | 160 | ```sql 161 | CREATE USER 'mattermost'@'%.%.%.%' IDENTIFIED BY 'password'; 162 | CREATE DATABASE IF NOT EXISTS `mattermost` DEFAULT CHARACTER SET `utf8` COLLATE `utf8_unicode_ci`; 163 | GRANT ALL PRIVILEGES ON `mattermost`.* TO 'mattermost'@'%.%.%.%'; 164 | ``` 165 | 166 | We are now ready to start the Mattermost application. 167 | 168 | *Assuming that the mysql server host is 192.168.1.100* 169 | 170 | ```bash 171 | docker run --name mattermost -d \ 172 | --env 'DB_ADAPTER=mysql' --env 'DB_HOST=192.168.1.100' \ 173 | --env 'DB_NAME=mattermost' \ 174 | --env 'DB_USER=mattermost' --env 'DB_PASS=password' \ 175 | --volume /srv/docker/mattermost/mattermost:/opt/mattermost/data \ 176 | jasl8r/mattermost:3.5.1 177 | ``` 178 | 179 | #### Linking to MySQL Container 180 | 181 | You can link this image with a mysql container for the database requirements. The alias of the mysql server container should be set to **mysql** while linking with the mattermost image. 182 | 183 | If a mysql container is linked, only the `DB_ADAPTER`, `DB_HOST` and `DB_PORT` settings are automatically retrieved using the linkage. You may still need to set other database connection parameters such as the `DB_NAME`, `DB_USER`, `DB_PASS` and so on. 184 | 185 | To illustrate linking with a mysql container, we will use the official [mysql](https://hub.docker.com/_/mysql/) image. When using mysql in production you should mount a volume for the mysql data store. 186 | 187 | First, lets pull the mysql image from the docker index. 188 | 189 | ```bash 190 | docker pull mysql:latest 191 | ``` 192 | 193 | For data persistence lets create a store for the mysql and start the container. 194 | 195 | SELinux users are also required to change the security context of the mount point so that it plays nicely with selinux. 196 | 197 | ```bash 198 | mkdir -p /srv/docker/mattermost/mysql 199 | sudo chcon -Rt svirt_sandbox_file_t /srv/docker/mattermost/mysql 200 | ``` 201 | 202 | The run command looks like this. 203 | 204 | ```bash 205 | docker run --name mattermost-mysql -d \ 206 | --env 'MYSQL_USER=mattermost' --env 'MYSQL_PASSWORD=password' \ 207 | --env 'MYSQL_DATABASE=mattermost' --env 'MYSQL_ROOT_PASSWORD=password' \ 208 | --volume /srv/docker/mattermost/mysql:/var/lib/mysql 209 | mysql:latest 210 | ``` 211 | 212 | The above command will create a database named `mattermost` and also create a user named `mattermost` with the password `password` with full/remote access to the `mattermost` database. 213 | 214 | We are now ready to start the Mattermost application. 215 | 216 | ```bash 217 | docker run --name mattermost -d --link mattermost-mysql:mysql \ 218 | --volume /srv/docker/mattermost/mattermost:/opt/mattermost/data \ 219 | jasl8r/mattermost:3.5.1 220 | ``` 221 | 222 | Here the image will also automatically fetch the `MYSQL_DATABASE`, `MYSQL_USER` and `MYSQL_PASSWORD` variables from the mysql container as they are specified in the `docker run` command for the mysql container. This is made possible using the magic of docker links and works with the following images: 223 | 224 | - [mysql](https://hub.docker.com/_/mysql/) 225 | - [sameersbn/mysql](https://quay.io/repository/sameersbn/mysql/) 226 | - [centurylink/mysql](https://hub.docker.com/r/centurylink/mysql/) 227 | - [orchardup/mysql](https://hub.docker.com/r/orchardup/mysql/) 228 | 229 | ### PostgreSQL 230 | 231 | #### External PostgreSQL Server 232 | 233 | The image also supports using an external PostgreSQL server. This is also controlled via environment variables. 234 | 235 | ```sql 236 | CREATE ROLE mattermost with LOGIN CREATEDB PASSWORD 'password'; 237 | CREATE DATABASE mattermost; 238 | GRANT ALL PRIVILEGES ON DATABASE mattermost to mattermost; 239 | ``` 240 | 241 | We are now ready to start the Mattermost application. 242 | 243 | *Assuming that the PostgreSQL server host is 192.168.1.100* 244 | 245 | ```bash 246 | docker run --name mattermost -d \ 247 | --env 'DB_ADAPTER=postgres' --env 'DB_HOST=192.168.1.100' \ 248 | --env 'DB_NAME=mattermost' \ 249 | --env 'DB_USER=mattermost' --env 'DB_PASS=password' \ 250 | --volume /srv/docker/mattermost/mattermost:/opt/mattermost/data \ 251 | jasl8r/mattermost:3.5.1 252 | ``` 253 | 254 | #### Linking to PostgreSQL Container 255 | 256 | You can link this image with a postgres container for the database requirements. The alias of the postgres server container should be set to **postgres** while linking with the mattermost image. 257 | 258 | If a postgres container is linked, only the `DB_ADAPTER`, `DB_HOST` and `DB_PORT` settings are automatically retrieved using the linkage. You may still need to set other database connection parameters such as the `DB_NAME`, `DB_USER`, `DB_PASS` and so on. 259 | 260 | To illustrate linking with a postgres container, we will use the [postgres](https://hub.docker.com/_/postgres/) image. When using postgres image in production you should mount a volume for the postgres data store. Please refer the [postgres](https://hub.docker.com/_/postgres/) documentation for details. 261 | 262 | First, lets pull the postgres image from the docker index. 263 | 264 | ```bash 265 | docker pull postgres:latest 266 | ``` 267 | 268 | For data persistence lets create a store for the postgres and start the container. 269 | 270 | SELinux users are also required to change the security context of the mount point so that it plays nicely with selinux. 271 | 272 | ```bash 273 | mkdir -p /srv/docker/mattermost/postgres 274 | sudo chcon -Rt svirt_sandbox_file_t /srv/docker/mattermost/postgres 275 | ``` 276 | 277 | The run command looks like this. 278 | 279 | ```bash 280 | docker run --name mattermost-postgres -d \ 281 | --env 'POSTGRES_USER=mattermost' --env 'POSTGRES_PASSWORD=password' \ 282 | --volume /srv/docker/mattermost/postgres:/var/lib/postgresql \ 283 | postgresql:latest 284 | ``` 285 | 286 | The above command will create a database named `mattermost` and also create a user named `mattermost` with the password `password` with access to the `mattermost` database. 287 | 288 | We are now ready to start the Mattermost application. 289 | 290 | ```bash 291 | docker run --name mattermost -d --link mattermost-postgres:postgres \ 292 | --volume /srv/docker/mattermost/mattermost:/opt/mattermost/data \ 293 | jasl8r/mattermost:3.5.1 294 | ``` 295 | 296 | Here the image will also automatically fetch the `POSTGRES_DB`, `POSTGRES_USER` and `POSTGRES_PASSWORD` variables from the postgres container as they are specified in the `docker run` command for the postgres container. This is made possible using the magic of docker links and works with the official [postgres](https://hub.docker.com/_/postgres/) image. 297 | 298 | ### Mail 299 | 300 | The mail configuration should be specified using environment variables while starting the Mattermost image. 301 | 302 | If you are using Gmail then all you need to do is: 303 | 304 | ```bash 305 | docker run --name mattermost -d \ 306 | --env 'SMTP_USER=USER@gmail.com' --env 'SMTP_PASS=PASSWORD' 307 | --env 'SMTP_DOMAIN=www.gmail.com' \ 308 | --env 'SMTP_HOST=smtp.gmail.com' --env 'SMTP_PORT=587' \ 309 | --volume /srv/docker/mattermost/mattermost:/opt/mattermost/data \ 310 | jasl8r/mattermost:3.5.1 311 | ``` 312 | 313 | Please refer the [Available Configuration Parameters](#available-configuration-parameters) section for the list of SMTP parameters that can be specified. 314 | 315 | ### SSL 316 | 317 | The mattermost container and default docker compose configuration only provides an insecure HTTP interface. To ensure privacy mattermost should be run behind a proxy like nginx, haproxy or hipache to perform HTTPS termination via SSL offload. Configuring and utilizing proxies beyond using the sample nginx docker compose solution presented below are outside the scope of this document. 318 | 319 | A docker compose file, `samples/nginx/docker-compose.yml` is included to run nginx as a proxy in front of mattermost. This configuration requires runtime data provided as docker volumes: 320 | 321 | - **Private key (.key)** 322 | - **SSL certificate (.crt)** 323 | - **DHE parameters** 324 | - **nginx site template** 325 | 326 | When using CA certified certificates, the private key and certificate are provided to you by the CA. When using self-signed certificates you need to generate these files yourself. Skip to [Strengthening the Server Security](#strengthening-the-server-security) section if you are armed with CA certified SSL certificates. 327 | 328 | #### Generation of Self Signed Certificates 329 | 330 | Generation of self-signed SSL certificates involves a simple 3 step procedure. 331 | 332 | **STEP 1**: Create the server private key 333 | 334 | ```bash 335 | openssl genrsa -out mattermost.key 2048 336 | ``` 337 | 338 | **STEP 2**: Create the certificate signing request (CSR) 339 | 340 | ```bash 341 | openssl req -new -key mattermost.key -out mattermost.csr 342 | ``` 343 | 344 | **STEP 3**: Sign the certificate using the private key and CSR 345 | 346 | ```bash 347 | openssl x509 -req -days 3650 -in mattermost.csr -signkey mattermost.key -out mattermost.crt 348 | ``` 349 | 350 | Congratulations! you have now generated an SSL certificate that will be valid for 10 years. 351 | 352 | #### Strengthening the Server Security 353 | 354 | This section provides you with instructions to [strengthen your server security](https://raymii.org/s/tutorials/Strong_SSL_Security_On_nginx.html). To achieve this we need to generate stronger DHE parameters. 355 | 356 | ```bash 357 | openssl dhparam -out dhparam.pem 2048 358 | ``` 359 | 360 | #### Installation of the SSL Certificates 361 | 362 | Out of the four files generated above, we need to install the `mattermost.key`, `mattermost.crt` and `dhparam.pem` files for the nginx server. The CSR file is not needed, but do make sure you safely backup the file (in case you ever need it again). The configuration template, `mattermost.template`, also needs to be provided to nginx. 363 | 364 | The default path that the nginx application is configured to look for the SSL certificates is at `/etc/nginx`. Following the conventions in this guide, the certificates and configuration can be provided as docker volumes by installing them in `/srv/docker/mattermost/nginx/`. 365 | 366 | ```bash 367 | mkdir -p /srv/docker/mattermost/nginx 368 | cp mattermost.key /srv/docker/mattermost/nginx/ 369 | cp mattermost.crt /srv/docker/mattermost/nginx/ 370 | cp dhparam.pem /srv/docker/mattermost/nginx/ 371 | chmod 400 /srv/docker/mattermost/nginx/mattermost.key 372 | ``` 373 | 374 | #### Running Mattermost with HTTPS 375 | 376 | Download the necessary docker-compose files. 377 | 378 | ```bash 379 | wget https://raw.githubusercontent.com/jasl8r/docker-mattermost/master/samples/nginx/docker-compose.yml 380 | wget https://raw.githubusercontent.com/jasl8r/docker-mattermost/master/samples/nginx/mattermost.template 381 | mv mattermost.template /srv/docker/mattermost/nginx/ 382 | ``` 383 | 384 | As in the [Quick Start](#quick-start) section, generate and assign random strings to the `MATTERMOST_SECRET_KEY`, `MATTERMOST_LINK_SALT`, `MATTERMOST_RESET_SALT` and `MATTERMOST_INVITE_SALT` environment variables. In addition, set the `NGINX_HOST` variable for the nginx service. 385 | 386 | In this configuration, any requests made over the plain HTTP protocol will automatically be redirected to use the HTTPS protocol. The default template file assumes that mattermost will be hosted on ports `80` and `443`. If you want to host on different ports and retain the functionality of the HTTP redirect, be sure to update the `mattermost.template` accordingly. 387 | 388 | Start Mattermost using: 389 | 390 | ```bash 391 | docker-compose up 392 | ``` 393 | 394 | Point your browser to `https://localhost:8443` to access mattermost over a secure connection. 395 | 396 | ### GitLab Integration 397 | 398 | Mattermost allows users to sign in using GitLab as an OAuth provider. Configuring GitLab does not prevent standard Mattermost authentication from continuing to work. Users can choose to sign in using any of the configured mechanisms. 399 | 400 | Refer to the Mattermost [documentation](http://docs.mattermost.com/deployment/sso-gitlab.html) for additional information. 401 | 402 | To enable GitLab SSO you must register your application with GitLab. GitLab will generate a Client ID and secret for you to use. Please refer to the GitLab [documentation](http://doc.gitlab.com/ce/integration/gitlab.html) for the procedure to generate the Client ID and secret with GitLab. 403 | 404 | Once you have the Client ID and secret generated, configure the SSO credentials using the `GITLAB_ID`, `GITLAB_SECRET`, `GITLAB_SCOPE`, `GITLAB_AUTH_ENDPOINT`, `GITLAB_TOKEN_ENDPOINT` and `GITLAB_API_ENDPOINT` environment variables. 405 | 406 | ### Available Configuration Parameters 407 | 408 | *Please refer the docker run command options for the `--env-file` flag where you can specify all required environment variables in a single file. This will save you from writing a potentially long docker run command. Alternatively you can use docker-compose.* 409 | 410 | Below is the complete list of available options that can be used to customize your Mattermost installation. 411 | 412 | - **DEBUG**: Set this to `true` to enable entrypoint debugging. 413 | - **MATTERMOST_NAME**: The name of the Mattermost server. Defaults to `Mattermost`. 414 | - **MATTERMOST_SITE_URL**: The URL of the Mattermost server. Necessary to send batched emails. 415 | - **MATTERMOST_WEBSERVER_MODE**: Static file serving mode. May be set to `gzip`, `uncompressed` or `disabled`. Defaults to `gzip`. 416 | - **MATTERMOST_ENABLE_EMAIL_SIGNUP**: Enable or disable user signup via email. Defaults to `true`. 417 | - **MATTERMOST_SECRET_KEY**: Used to encrypt sensitive fields in the database. Ensure that you don't lose it. You can generate one using `pwgen -Bsv1 64`. No defaults. 418 | - **MATTERMOST_RESET_SALT**: Salt used to sign password reset emails. No defaults. 419 | - **MATTERMOST_INVITE_SALT**: Salt used to sign email invites. No defaults. 420 | - **MATTERMOST_MAX_LOGIN_ATTEMPTS**: Number of attempts a user may enter a password before being required to reset it. Defaults to `10`. 421 | - **MATTERMOST_SEGMENT_KEY**: Segment API key for tracking metrics. No defaults. 422 | - **MATTERMOST_GOOGLE_KEY**: Google API key for embeddeding YouTube videos. No defaults. 423 | - **MATTERMOST_RESTRICT_DIRECT_MESSAGE**: Configuration for direct messaging. Set to `any` to allow users to message anyone on the server or `team` to message only members of the team. Defaults to `any`. 424 | - **MATTERMOST_ENABLE_CUSTOM_EMOJI**: Enable to allow users to create custom emoji. Defaults to `true`. 425 | - **MATTERMOST_ENABLE_ADMIN_INTEGRATIONS**: Disable to allow any user to add integrations. Defaults to `true`. 426 | - **MATTERMOST_ENABLE_SLASH_COMMANDS**: Enable to allow users to create custom slash commands. Defaults to `false`. 427 | - **MATTERMOST_ENABLE_INCOMING_WEBHOOKS**: Enable to allow incoming webhooks. Defaults to `false`. 428 | - **MATTERMOST_ENABLE_OUTGOING_WEBHOOKS**: Enable to allow outgoing webhooks. Defaults to `false`. 429 | - **MATTERMOST_WEBHOOK_OVERRIDE_USERNAME**: Enable to allow webhooks to set the username for a post. Defaults to `false`. 430 | - **MATTERMOST_WEBHOOK_OVERRIDE_ICON**: Enable to allow webhooks to set the icon for a post. Defaults to `false`. 431 | - **MATTERMOST_ENABLE_ALERTS**: Send administrators an email if security fixes are announced. Defaults to `true`. 432 | - **MATTERMOST_ENABLE_INSECURE_CONNECTIONS**: Allow outgoing self-signed HTTPS connections. Defaults to `false`. 433 | - **MATTERMOST_CORS_DOMAINS**: Domains allowed for HTTP cross-origin requests. Set to `*` to allow CORS from any domain. No defaults. 434 | - **MATTERMOST_WEB_SESSION_DAYS**: Session duration in days for web clients. Defaults to `30`. 435 | - **MATTERMOST_MOBILE_SESSION_DAYS**: Session duration in days for mobile clients. Defaults to `30`. 436 | - **MATTERMOST_SSO_SESSION_DAYS**: Days until an SSO session expires. Defaults to `30`. 437 | - **MATTERMOST_SESSION_CACHE**: Session cache duration in minutes. Defaults to `10`. 438 | - **MATTERMOST_MAX_USERS**: Maximum number of users allowed per team. Defaults to `50`. 439 | - **MATTERMOST_CREATE_TEAMS**: Allow users to create teams. Defaults to `true`. 440 | - **MATTERMOST_CREATE_USERS**: Allow user signup. Defaults to `true`. 441 | - **MATTERMOST_OPEN_SERVER**: Allow users to create accounts without being invited. Defaults to `false`. 442 | - **MATTERMOST_USER_DOMAINS**: Restrict user signup to emails belonging to the list of domains. No defaults. 443 | - **MATTERMOST_EMAIL_SIGNIN**: Allow users to sign in with their email. Defaults to `true`. 444 | - **MATTERMOST_USERNAME_SIGNIN**: Allow users to sign in with their username. Defaults to `false`. 445 | - **MATTERMOST_ENABLE_EMAIL_BATCHING**: Enable to batch multiple user notifications into a single email. Defaults to `true` if `MATTERMOST_SITE_URL` and `MATTERMOST_EMAIL_NOTIFICATIONS` are set. 446 | - **MATTERMOST_PUSH_SERVER**: Location of the Mattermost Push Notification Service (MPNS). No defaults. 447 | - **MATTERMOST_ENABLE_PUSH_NOTIFICATIONS**: Enable to send push notifications. Defaults to `true` if `MATTERMOST_PUSH_SERVER` is set. 448 | - **MATTERMOST_PUSH_FULL_MESSAGE**: Enable to send full message for push notifications. Otherwise only the names and channels will be sent. Defaults to `false`. 449 | - **MATTERMOST_MAX_FILE_SIZE**: Maximum file size for uploads. Defaults to `52428800`. 450 | - **MATTERMOST_LINK_SALT**: Salt used to sign public image links. No defaults. 451 | - **MATTERMOST_ENABLE_PUBLIC_LINKS**: Enable to allow public image links. Defaults to `true` if `MATTERMOST_LINK_SALT` is set. 452 | - **MATTERMOST_ENABLE_RATE_LIMIT**: Throttle API access according to `MATTERMOST_RATE_LIMIT_QPS`, `MATTERMOST_RATE_LIMIT_SESSIONS`, `MATTERMOST_RATE_LIMIT_BY_IP` and `MATTERMOST_RATE_LIMIT_HEADERS`. Defaults to `true`. 453 | - **MATTERMOST_RATE_LIMIT_QPS**: Queries per second allowed by rate limiter. Defaults to `10`. 454 | - **MATTERMOST_RATE_LIMIT_SESSIONS**: Maximum number of user sessions connected determined by `MATTERMOST_RATE_LIMIT_BY_IP` and `MATTERMOST_RATE_LIMIT_HEADERS`. Defaults to `10000`. 455 | - **MATTERMOST_RATE_LIMIT_BY_IP**: Enforce rate limit by IP address. Defaults to `true`. 456 | - **MATTERMOST_RATE_LIMIT_HEADERS**: Enforce rate limit by the provided HTTP headers. No defaults. 457 | - **MATTERMOST_SHOW_EMAIL**: Show user email addresses. Defaults to `true`. 458 | - **MATTERMOST_SHOW_NAME**: Show full name of users. Defaults to `true`. 459 | - **MATTERMOST_SERVER_LOCALE**: Default server locale. Defaults to `en`. 460 | - **MATTERMOST_CLIENT_LOCALE**: Default client locale. Defaults to `en`. 461 | - **MATTERMOST_LOCALES**: Available locales. This list must include at least the `MATTERMOST_CLIENT_LOCALE` value. Defaults to `en,es,fr,ja,pt-BR`. 462 | - **DB_ADAPTER**: The database type. Only supports `mysql`. Defaults to `mysql`. 463 | - **DB_HOST**: The database server hostname. No defaults. 464 | - **DB_PORT**: The database server port. Defaults to `3306` for mysql. 465 | - **DB_NAME**: The database database name. Defaults to `mattermost`. 466 | - **DB_USER**: The database database user. Defaults to `root`. 467 | - **DB_PASS**: The database database password. Defaults to no password. 468 | - **SMTP_HOST**: SMTP hostname. No defaults. 469 | - **SMTP_PORT**: SMTP port. No defaults. 470 | - **SMTP_USER**: SMTP username. No defaults. 471 | - **SMTP_PASS**: SMTP password. No defaults. 472 | - **SMTP_SECURITY**: SMTP connection security. Leave unset for no encryption. Supports `TLS` or `STARTTLS`. No defaults. 473 | - **MATTERMOST_EMAIL**: The email address for the Mattermost server. Defaults to value of `SMTP_USER`, else defaults to `example@example.com`. 474 | - **MATTERMOST_SUPPORT_EMAIL**: The email address listed for feedback or support requests. Defaults to `support@example.com`. 475 | - **MATTERMOST_EMAIL_NOTIFICATIONS**: Send email notifications. Defaults to `true` if `SMTP_HOST` is configured. 476 | - **MATTERMOST_EMAIL_VERIFICATION**: Enable to require email verification prior to logging in. Defaults to `true` if `SMTP_HOST` is configured. 477 | - **GITLAB_SECRET**: GitLab API secret. No defaults. 478 | - **GITLAB_ID**: GitLab API ID. No defaults. 479 | - **GITLAB_SCOPE**: GitLab API scope. No defaults. 480 | - **GITLAB_AUTH_ENDPOINT**: GitLab API authentication endpoint. No defaults. 481 | - **GITLAB_TOKEN_ENDPOINT**: GitLab API token endpoint. No defaults. 482 | - **GITLAB_API_ENDPOINT**: GitLab API endpoint. No defaults. 483 | - **MATTERMOST_MIGRATION_DEFAULT_TEAM**: The default team to use during the Mattermost version 3 migration. No defaults. 484 | 485 | # Maintenance 486 | 487 | ## Upgrading 488 | 489 | Mattermost releases new versions on the 16th of every month. I will update this project shortly after a release is made. 490 | 491 | To upgrade to newer Mattermost releases, simply follow this 4 step upgrade procedure. 492 | 493 | - **Step 1**: Update the docker image. 494 | 495 | ```bash 496 | docker pull jasl8r/mattermost:3.5.1 497 | ``` 498 | 499 | - **Step 2**: Stop and remove the currently running image 500 | 501 | ```bash 502 | docker stop mattermost 503 | docker rm mattermost 504 | ``` 505 | 506 | - **Step 3**: Create a backup 507 | 508 | Backup your database and local file storage by your preferred backup method. All of the necessary data is located under `/srv/docker/mattermost` if the docker volume conventions of this guide are followed. 509 | 510 | - **Step 4**: Start the image 511 | 512 | ```bash 513 | docker run --name mattermost -d [OPTIONS] jasl8r/mattermost:3.5.1 514 | ``` 515 | 516 | ### Upgrading to Version 3 517 | 518 | With Mattermost version 3.0.0, the database must be destructively migrated to support the new global user model. This upgrade may be performed automatically or interactively using the built-in Mattermost upgrade mechanism. Due to the destructive and pervasive nature of this upgrade, it is imperative that you perform a backup of the database before upgrading. 519 | 520 | In order to automatically upgrade the database, simply add the `MATTERMOST_MIGRATION_DEFAULT_TEAM` environment variable with the name of primary team used during the migration. 521 | 522 | ```bash 523 | docker run --name mattermost -d --link mattermost-postgres:postgres \ 524 | --volume /srv/docker/mattermost/mattermost:/opt/mattermost/data \ 525 | --env 'MATTERMOST_MIGRATION_DEFAULT_TEAM=myteam' \ 526 | jasl8r/mattermost:3.5.1 527 | ``` 528 | 529 | Manually perform the migration by running the `app:migrate` command and follow the interactive prompt. 530 | 531 | ```bash 532 | docker run -it --name mattermost -d --link mattermost-postgres:postgres \ 533 | --volume /srv/docker/mattermost/mattermost:/opt/mattermost/data \ 534 | jasl8r/mattermost:3.5.1 app:migrate 535 | ``` 536 | 537 | ## Shell Access 538 | 539 | For debugging and maintenance purposes you may want access the containers shell. If you are using docker version `1.3.0` or higher you can access a running containers shell using `docker exec` command. 540 | 541 | ```bash 542 | docker exec -it mattermost bash 543 | ``` 544 | 545 | # References 546 | 547 | * https://github.com/mattermost/platform 548 | * http://docs.mattermost.com/ 549 | * https://github.com/sameersbn/docker-gitlab 550 | --------------------------------------------------------------------------------