From 503eb0e21a8763fd1c93955f556907bf4a6982cb Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Rapha=C3=ABl=20COMBEAU?= Date: Mon, 11 Oct 2021 15:54:49 +0200 Subject: [PATCH 1/3] Update env.example to reflect latest Mattermost version --- env.example | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/env.example b/env.example index 03cb1fd..dee9151 100644 --- a/env.example +++ b/env.example @@ -56,7 +56,7 @@ MATTERMOST_CLIENT_PLUGINS_PATH=./volumes/app/mattermost/client/plugins ## This will be 'mattermost-enterprise-edition' or 'mattermost-team-edition' based on the version of Mattermost you're installing. MATTERMOST_IMAGE=mattermost-enterprise-edition -MATTERMOST_IMAGE_TAG=5.38 +MATTERMOST_IMAGE_TAG=5.39 ## The app port is only relevant for using Mattermost without the nginx container as reverse proxy. This is not meant ## to be used with the internal HTTP server exposed but rather in case one wants to host several services on one host From b7d0323afabe2eec1ee4d24ef822cfbbaf118701 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Rapha=C3=ABl=20COMBEAU?= Date: Mon, 11 Oct 2021 16:03:22 +0200 Subject: [PATCH 2/3] Revert "Fix environment timezone" This reverts commit cba045df6920dbf7826484d9d6cc8b937e854293. --- docker-compose.nginx.yml | 2 +- docker-compose.yml | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/docker-compose.nginx.yml b/docker-compose.nginx.yml index e91bf4a..7994d8a 100644 --- a/docker-compose.nginx.yml +++ b/docker-compose.nginx.yml @@ -27,7 +27,7 @@ services: # - ${GITLAB_PKI_CHAIN_PATH}:/etc/ssl/certs/pki_chain.pem:ro environment: # timezone inside container - - TZ: ${TZ} + - TZ ports: - ${HTTPS_PORT}:443 - ${HTTP_PORT}:80 diff --git a/docker-compose.yml b/docker-compose.yml index 946e599..5874da0 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -18,7 +18,7 @@ services: - ${POSTGRES_DATA_PATH}:/var/lib/postgresql/data environment: # timezone inside container - - TZ: ${TZ} + - TZ # necessay Postgres options/variables - POSTGRES_USER @@ -45,7 +45,7 @@ services: - ${MATTERMOST_CLIENT_PLUGINS_PATH}:/mattermost/client/plugins:rw environment: # timezone inside container - - TZ: ${TZ} + - TZ # necessary Mattermost options/variables (see env.example) - MM_SQLSETTINGS_DRIVERNAME From f901fee09451a3b2b0e44eda127d39b202752aec Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Rapha=C3=ABl=20COMBEAU?= Date: Mon, 11 Oct 2021 16:03:36 +0200 Subject: [PATCH 3/3] Revert "Fix: Missing certificate signed by unknown authority refs: https://github.com/mattermost/docker/issues/34" This reverts commit de05aa712bacfdbd8ae41e7765acd2fe0665216e. --- README.md | 14 +++----------- docker-compose.nginx.yml | 4 ---- env.example | 1 - 3 files changed, 3 insertions(+), 16 deletions(-) diff --git a/README.md b/README.md index 7ad036f..9258bbe 100644 --- a/README.md +++ b/README.md @@ -64,28 +64,20 @@ mkdir -p ./volumes/web/cert cp PATH-TO-CERT.PEM ./volumes/web/cert/cert.pem cp PATH-TO-KEY.PEM ./volumes/web/cert/key-no-password.pem ``` -#### 5.2 Configure SSO with GitLab -If you are looking for SSO with GitLab and you use self signed certificate you have to add the PKI chain of your authority in app because Alpine doesn't know him. This is required to avoid **Token request failed: certificate signed by unknown authority** -For that uncomment this line : -``` -# - ${GITLAB_PKI_CHAIN_PATH}:/etc/ssl/certs/pki_chain.pem:ro -``` - -#### 5.3 Let's Encrypt +#### 5.2 Let's Encrypt For using Let's Encrypt you can use this Bash script located in scripts/issue-certificate.sh (or follow the steps in docs/issuing-letsencrypt-certificate.md). Make sure to adjust `mm.example.com` to match your domain configured in step 2. ``` bash scripts/issue-certificate.sh -d mm.example.com -o ${PWD}/certs ``` Otherwise please consult the Certbot [documentation](https://certbot.eff.org/instructions) on how to issue a standalone certificate and ensure the paths to the certificate and key are correctly set in your *.env*. -#### 5.4 Adjusting the `.env` file. -Once you've completed 5.1 or 5.2 or 5.3 you'll need to adjust the `.env` file accordingly. With 5.1 verify the first two lines below are uncommented in the `.env` file, with 5.2 uncomment the third line and put the correct path for your pki chain, with 5.3 comment out the first two lines and uncomment the last two lines. +#### 5.3 Adjusting the `.env` file. +Once you've completed 5.1 or 5.2 you'll need to adjust the `.env` file accordingly. With 5.1 verify the first two lines below are uncommented in the `.env` file, with 5.2 comment out the first two lines and uncomment the last two lines. ``` CERT_PATH=./volumes/web/cert/cert.pem KEY_PATH=./volumes/web/cert/key-no-password.pem -#GITLAB_PKI_CHAIN_PATH=/pki_chain.pem #CERT_PATH=./certs/etc/letsencrypt/live/${DOMAIN}/fullchain.pem #KEY_PATH=./certs/etc/letsencrypt/live/${DOMAIN}/privkey.pem ``` diff --git a/docker-compose.nginx.yml b/docker-compose.nginx.yml index 7994d8a..a709d55 100644 --- a/docker-compose.nginx.yml +++ b/docker-compose.nginx.yml @@ -21,10 +21,6 @@ services: - ${CERT_PATH}:/cert.pem:ro - ${KEY_PATH}:/key.pem:ro - shared-webroot:/usr/share/nginx/html - # When you want to use SSO with GitLab, you have to add the cert pki chain of GitLab inside Alpine - # to avoid Token request failed: certificate signed by unknown authority - # (link: https://github.com/mattermost/mattermost-server/issues/13059 and https://github.com/mattermost/docker/issues/34) - # - ${GITLAB_PKI_CHAIN_PATH}:/etc/ssl/certs/pki_chain.pem:ro environment: # timezone inside container - TZ diff --git a/env.example b/env.example index dee9151..526f856 100644 --- a/env.example +++ b/env.example @@ -37,7 +37,6 @@ NGINX_DHPARAMS_FILE=./nginx/dhparams4096.pem CERT_PATH=./volumes/web/cert/cert.pem KEY_PATH=./volumes/web/cert/key-no-password.pem -#GITLAB_PKI_CHAIN_PATH=/pki_chain.pem #CERT_PATH=./certs/etc/letsencrypt/live/${DOMAIN}/fullchain.pem #KEY_PATH=./certs/etc/letsencrypt/live/${DOMAIN}/privkey.pem