version: "2.4" services: nginx: depends_on: - mattermost container_name: nginx_mattermost image: nginx:${NGINX_IMAGE_TAG} restart: ${RESTART_POLICY} security_opt: - no-new-privileges:true pids_limit: 100 read_only: true tmpfs: - /var/run - /var/cache - /var/log/nginx volumes: - ${NGINX_CONFIG_PATH}:/etc/nginx/conf.d:ro - ${NGINX_DHPARAMS_FILE}:/dhparams4096.pem - ${CERT_PATH}:/cert.pem:ro - ${KEY_PATH}:/key.pem:ro - shared-webroot:/usr/share/nginx/html # When you want to use SSO with GitLab, you have to add the cert pki chain of GitLab inside Alpine # to avoid Token request failed: certificate signed by unknown authority # (link: https://github.com/mattermost/mattermost-server/issues/13059 and https://github.com/mattermost/docker/issues/34) # - ${GITLAB_PKI_CHAIN_PATH}:/etc/ssl/certs/pki_chain.pem:ro environment: # timezone inside container - TZ ports: - ${HTTPS_PORT}:443 - ${HTTP_PORT}:80 # Shared volume for Let's Encrypt certificate renewal with a webroot volumes: shared-webroot: name: shared-webroot # This network name is being used for Let's Encrypt certificate renewal networks: default: name: mattermost