Mattermost - Docker Compose Stack with Nginx Reverse Proxy

# Create folder structure
sudo mkdir -p /opt/mattermost/volumes/app/mattermost/{config,data,logs,plugins,client/plugins,bleve-indexes} && cd /opt/mattermost/

# Change permissions
sudo chown -R 2000:2000 /opt/mattermost/volumes/app/mattermost

# Create Docker Compose file
sudo vi docker-compose.yml

# docker-compose.yml
version: "2.4"
services:
  postgres:
    image: postgres:13-alpine
    restart: unless-stopped
    security_opt:
      - no-new-privileges:true
    pids_limit: 100
    read_only: true
    tmpfs:
      - /tmp
      - /var/run/postgresql
    volumes:
      - ${POSTGRES_DATA_PATH}:/var/lib/postgresql/data
    environment:
      - TZ
      - POSTGRES_USER
      - POSTGRES_PASSWORD
      - POSTGRES_DB

  mattermost:
    depends_on:
      - postgres
    image: mattermost/mattermost-team-edition:latest
    ports:
      - "8065:8065"
    restart: unless-stopped
    security_opt:
      - no-new-privileges:true
    pids_limit: 200
    read_only: ${MATTERMOST_CONTAINER_READONLY}
    tmpfs:
      - /tmp
    volumes:
      - ${MATTERMOST_CONFIG_PATH}:/mattermost/config:rw
      - ${MATTERMOST_DATA_PATH}:/mattermost/data:rw
      - ${MATTERMOST_LOGS_PATH}:/mattermost/logs:rw
      - ${MATTERMOST_PLUGINS_PATH}:/mattermost/plugins:rw
      - ${MATTERMOST_CLIENT_PLUGINS_PATH}:/mattermost/client/plugins:rw
      - ${MATTERMOST_BLEVE_INDEXES_PATH}:/mattermost/bleve-indexes:rw
    environment:
      - TZ
      - MM_SQLSETTINGS_DRIVERNAME
      - MM_SQLSETTINGS_DATASOURCE
      - MM_BLEVESETTINGS_INDEXDIR
      - MM_SERVICESETTINGS_SITEURL

# Create environment file
sudo vi .env

#.env
DOMAIN=mattermost.jklug.work
TZ=Europe/Berlin

POSTGRES_DATA_PATH=./volumes/db/var/lib/postgresql/data
POSTGRES_USER=mmuser
POSTGRES_PASSWORD=my-postgres-pw # Define database PW
POSTGRES_DB=mattermost

NGINX_IMAGE_TAG=alpine
NGINX_CONFIG_PATH=./nginx/conf.d
NGINX_DHPARAMS_FILE=./nginx/dhparams4096.pem
CERT_PATH=./volumes/web/cert/cert.pem
KEY_PATH=./volumes/web/cert/key-no-password.pem
HTTPS_PORT=443
HTTP_PORT=80

MATTERMOST_CONFIG_PATH=./volumes/app/mattermost/config
MATTERMOST_DATA_PATH=./volumes/app/mattermost/data
MATTERMOST_LOGS_PATH=./volumes/app/mattermost/logs
MATTERMOST_PLUGINS_PATH=./volumes/app/mattermost/plugins
MATTERMOST_CLIENT_PLUGINS_PATH=./volumes/app/mattermost/client/plugins
MATTERMOST_BLEVE_INDEXES_PATH=./volumes/app/mattermost/bleve-indexes

MM_BLEVESETTINGS_INDEXDIR=/mattermost/bleve-indexes
MATTERMOST_CONTAINER_READONLY=false
APP_PORT=8065

MM_SQLSETTINGS_DRIVERNAME=postgres
MM_SQLSETTINGS_DATASOURCE=postgres://${POSTGRES_USER}:${POSTGRES_PASSWORD}@postgres:5432/${POSTGRES_DB}?sslmode=disable&connect_timeout=10
MM_SERVICESETTINGS_SITEURL=https://${DOMAIN}

# Create / start Docker stack
sudo docker compose up -d

# Install Certbot
sudo apt install certbot -y

# Create certificate
sudo certbot certonly --standalone -d mattermost.jklug.work

# Install nginx
sudo apt install nginx -y

# Copy default config
sudo cp /etc/nginx/sites-available/default /etc/nginx/sites-available/mattermost.jklug.work

# Edit config
sudo vi /etc/nginx/sites-available/mattermost.jklug.work

# mattermost.jklug.work
server {
    listen 443 ssl;
    server_name mattermost.jklug.work;

    ssl_certificate         /etc/letsencrypt/live/mattermost.jklug.work/fullchain.pem;
    ssl_certificate_key     /etc/letsencrypt/live/mattermost.jklug.work/privkey.pem;


    location / {
        proxy_pass http://127.0.0.1:8065/;
        proxy_set_header Host $host;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-Proto $scheme;
    }
}

# Disable default config
sudo rm /etc/nginx/sites-enabled/default

# Enable config
sudo ln -s /etc/nginx/sites-available/mattermost.jklug.work /etc/nginx/sites-enabled/

# Restart Nginx
sudo systemctl restart nginx

# Open GUI
https://mattermost.jklug.work

# DockerHub
https://hub.docker.com/r/mattermost/mattermost-team-edition

# GitHub
https://github.com/mattermost/docker

# Mattermost Editions
https://docs.mattermost.com/about/editions-and-offerings.html