forked from mirrors/mattermost-docker
44 lines
1.3 KiB
YAML
44 lines
1.3 KiB
YAML
version: "2.4"
|
|
|
|
services:
|
|
nginx:
|
|
depends_on:
|
|
- mattermost
|
|
container_name: nginx_mattermost
|
|
image: nginx:${NGINX_IMAGE_TAG}
|
|
restart: ${RESTART_POLICY}
|
|
security_opt:
|
|
- no-new-privileges:true
|
|
pids_limit: 100
|
|
read_only: true
|
|
tmpfs:
|
|
- /var/run
|
|
- /var/cache
|
|
- /var/log/nginx
|
|
volumes:
|
|
- ${NGINX_CONFIG_PATH}:/etc/nginx/conf.d:ro
|
|
- ${NGINX_DHPARAMS_FILE}:/dhparams4096.pem
|
|
- ${CERT_PATH}:/cert.pem:ro
|
|
- ${KEY_PATH}:/key.pem:ro
|
|
- shared-webroot:/usr/share/nginx/html
|
|
# When you want to use SSO with GitLab, you have to add the cert pki chain of GitLab inside Alpine
|
|
# to avoid Token request failed: certificate signed by unknown authority
|
|
# (link: https://github.com/mattermost/mattermost-server/issues/13059 and https://github.com/mattermost/docker/issues/34)
|
|
# - ${GITLAB_PKI_CHAIN_PATH}:/etc/ssl/certs/pki_chain.pem:ro
|
|
environment:
|
|
# timezone inside container
|
|
- TZ
|
|
ports:
|
|
- ${HTTPS_PORT}:443
|
|
- ${HTTP_PORT}:80
|
|
|
|
# Shared volume for Let's Encrypt certificate renewal with a webroot
|
|
volumes:
|
|
shared-webroot:
|
|
name: shared-webroot
|
|
|
|
# This network name is being used for Let's Encrypt certificate renewal
|
|
networks:
|
|
default:
|
|
name: mattermost
|