version: "3" services: mybunker: image: bunkerity/bunkerweb:1.5.0 ports: - 80:8080 - 443:8443 environment: - SERVER_NAME=www.example.com # replace with your domain - AUTO_LETS_ENCRYPT=yes - DISABLE_DEFAULT_SERVER=yes - USE_CLIENT_CACHE=yes - SERVE_FILES=no - MAX_CLIENT_SIZE=50m - USE_GZIP=yes # Methods used to query the api # more info at https://api.mattermost.com/ - ALLOWED_METHODS=GET|POST|HEAD|DELETE|PUT # Reverse proxy to Mattermost # second endpoint needs websocket enabled # more info at https://docs.mattermost.com/install/config-proxy-nginx.html - USE_REVERSE_PROXY=yes - REVERSE_PROXY_INTERCEPT_ERRORS=no - REVERSE_PROXY_URL_1=/ - REVERSE_PROXY_HOST_1=http://mattermost:8065 - REVERSE_PROXY_URL_2=~ /api/v[0-9]+/(users/)?websocket$$ - REVERSE_PROXY_HOST_2=http://mattermost:8065 - REVERSE_PROXY_WS_2=yes # Default limit rate for URLs - LIMIT_REQ_URL_1=/ - LIMIT_REQ_RATE_1=3r/s # Limit rate for api endpoints - LIMIT_REQ_URL_2=^/api/ - LIMIT_REQ_RATE_2=10r/s # Limit rate for static resources - LIMIT_REQ_URL_3=^/static/ - LIMIT_REQ_RATE_3=10r/s labels: - "bunkerweb.INSTANCE" # required for the scheduler to recognize the container networks: - bw-universe - bw-services bw-scheduler: image: bunkerity/bunkerweb-scheduler:1.5.0 depends_on: - mybunker environment: - DOCKER_HOST=tcp://bw-docker-proxy:2375 volumes: - bw-data:/data networks: - bw-universe - bw-docker bw-docker-proxy: image: tecnativa/docker-socket-proxy:0.1 volumes: - /var/run/docker.sock:/var/run/docker.sock:ro environment: - CONTAINERS=1 networks: - bw-docker mattermost: depends_on: - postgres image: mattermost/${MATTERMOST_IMAGE}:${MATTERMOST_IMAGE_TAG} restart: ${RESTART_POLICY} security_opt: - no-new-privileges:true pids_limit: 200 read_only: ${MATTERMOST_CONTAINER_READONLY} tmpfs: - /tmp volumes: - ${MATTERMOST_CONFIG_PATH}:/mattermost/config:rw - ${MATTERMOST_DATA_PATH}:/mattermost/data:rw - ${MATTERMOST_LOGS_PATH}:/mattermost/logs:rw - ${MATTERMOST_PLUGINS_PATH}:/mattermost/plugins:rw - ${MATTERMOST_CLIENT_PLUGINS_PATH}:/mattermost/client/plugins:rw - ${MATTERMOST_BLEVE_INDEXES_PATH}:/mattermost/bleve-indexes:rw # When you want to use SSO with GitLab, you have to add the cert pki chain of GitLab inside Alpine # to avoid Token request failed: certificate signed by unknown authority # (link: https://github.com/mattermost/mattermost-server/issues/13059 and https://github.com/mattermost/docker/issues/34) # - ${GITLAB_PKI_CHAIN_PATH}:/etc/ssl/certs/pki_chain.pem:ro environment: # timezone inside container - TZ # necessary Mattermost options/variables (see env.example) - MM_SQLSETTINGS_DRIVERNAME - MM_SQLSETTINGS_DATASOURCE # necessary for bleve - MM_BLEVESETTINGS_INDEXDIR # additional settings - MM_SERVICESETTINGS_SITEURL networks: - bw-services postgres: image: postgres:${POSTGRES_IMAGE_TAG} restart: ${RESTART_POLICY} security_opt: - no-new-privileges:true pids_limit: 100 read_only: true tmpfs: - /tmp - /var/run/postgresql volumes: - ${POSTGRES_DATA_PATH}:/var/lib/postgresql/data environment: # timezone inside container - TZ # necessary Postgres options/variables - POSTGRES_USER - POSTGRES_PASSWORD - POSTGRES_DB networks: - bw-services volumes: bw-data: networks: bw-universe: ipam: driver: default config: - subnet: 10.20.30.0/24 bw-services: bw-docker: