Working on secrets
This commit is contained in:
notplants
@ -2,7 +2,7 @@ version: "3.8"
|
||||
|
||||
services:
|
||||
postgres:
|
||||
image: postgres:${POSTGRES_IMAGE_TAG}
|
||||
image: postgres:13-alpine
|
||||
restart: ${RESTART_POLICY}
|
||||
security_opt:
|
||||
- no-new-privileges:true
|
||||
@ -16,14 +16,14 @@ services:
|
||||
- TZ
|
||||
|
||||
# necessary Postgres options/variables
|
||||
- POSTGRES_USER
|
||||
- POSTGRES_PASSWORD
|
||||
- POSTGRES_DB
|
||||
- POSTGRES_USER=mattermost
|
||||
- POSTGRES_PASSWORD=/run/secrets/postgres_password
|
||||
- POSTGRES_DB=mattermost
|
||||
networks:
|
||||
- internal
|
||||
|
||||
mattermost:
|
||||
image: mattermost/${MATTERMOST_IMAGE}:${MATTERMOST_IMAGE_TAG}
|
||||
image: mattermost/mattermost-team-edition:5.39
|
||||
restart: ${RESTART_POLICY}
|
||||
security_opt:
|
||||
- no-new-privileges:true
|
||||
@ -40,14 +40,14 @@ services:
|
||||
# timezone inside container
|
||||
- TZ
|
||||
|
||||
# necessary Mattermost options/variables (see env.example)
|
||||
- MM_SQLSETTINGS_DRIVERNAME
|
||||
- MM_SQLSETTINGS_DATASOURCE
|
||||
# necessary Mattermost options/variables (see env.sample)
|
||||
- MM_SQLSETTINGS_DRIVERNAME=postgres
|
||||
# - MM_SQLSETTINGS_DATASOURCE=postgres://${POSTGRES_USER}:${POSTGRES_PASSWORD}@postgres:5432/${POSTGRES_DB}?sslmode=disable&connect_timeout=10
|
||||
|
||||
# additional settings
|
||||
- MM_SERVICESETTINGS_SITEURL
|
||||
- MM_SERVICESETTINGS_SITEURL=https://${DOMAIN}
|
||||
ports:
|
||||
- ${APP_PORT}:8065
|
||||
- 8065:8065
|
||||
networks:
|
||||
- proxy
|
||||
- internal
|
||||
@ -55,13 +55,30 @@ services:
|
||||
labels:
|
||||
- "traefik.enable=true"
|
||||
- "traefik.docker.network=proxy"
|
||||
- "traefik.http.services.${STACK_NAME}.loadbalancer.server.port=${APP_PORT}"
|
||||
- "traefik.http.services.${STACK_NAME}.loadbalancer.server.port=8065"
|
||||
- "traefik.http.routers.${STACK_NAME}.rule=Host(`${DOMAIN}`${EXTRA_DOMAINS})"
|
||||
- "traefik.http.routers.${STACK_NAME}.tls.certresolver=${LETS_ENCRYPT_ENV}"
|
||||
- "traefik.http.routers.${STACK_NAME}.entrypoints=web-secure"
|
||||
- "traefik.http.routers.${STACK_NAME}.middlewares=${STACK_NAME}-redirect"
|
||||
- "traefik.http.middlewares.${STACK_NAME}-redirect.headers.SSLForceHost=true"
|
||||
- "traefik.http.middlewares.${STACK_NAME}-redirect.headers.SSLHost=${DOMAIN}"
|
||||
configs:
|
||||
- source: abra_mattermost_entrypoint
|
||||
target: /abra-mattermost-entrypoint.sh
|
||||
mode: 0555
|
||||
secrets:
|
||||
- postgres_password
|
||||
entrypoint: /abra-mattermost-entrypoint.sh
|
||||
|
||||
secrets:
|
||||
postgres_password:
|
||||
external: true
|
||||
name: ${STACK_NAME}_postgres_password_${SECRET_POSTGRES_PASSWORD_VERSION}
|
||||
|
||||
configs:
|
||||
abra_mattermost_entrypoint:
|
||||
name: abra_mattermost_entrypoint
|
||||
file: ./abra-mattermost-entrypoint.sh
|
||||
|
||||
networks:
|
||||
proxy:
|
||||
|
||||
Reference in New Issue
Block a user