Deploying Mattermost with Traefik Labels and Using It Under a DNS Entry
Lewin Grunenberg 4 Minuten Lesezeit

Deploying Mattermost with Traefik Labels and Using It Under a DNS Entry

Learn how to deploy Mattermost using Docker Compose and Traefik, and access it via a DNS entry.
mattermost traefik docker on-premise self-hosted

Mattermost and Traefik - Integration and Network Configuration

Introduction

In this post, we will show you how to deploy Mattermost using Docker Compose and Traefik, and access it via a DNS entry like https://chat.your-domain.org. This configuration allows for a simple and secure deployment of your communication platform.

Introducing Traefik

Traefik is a dynamic reverse proxy and load balancer specifically designed for microservices and modern cloud-native applications. It enables automatic service discovery and management of SSL/TLS certificates. For more details and a comprehensive tutorial, visit our Traefik tutorial.

Introducing Mattermost

Mattermost is an open-source platform for internal team communication and collaboration, offering a secure alternative to commercial solutions like Slack. With Mattermost, you can exchange messages, share files, and organize in channels. The platform also supports integrations with numerous third-party tools and provides an API for customizations.

Setting the DNS Entry

Before proceeding with the setup, ensure that the DNS entry for chat.your-domain.org is correctly set. This entry should point to the IP address of the server where Traefik is running. Use your DNS management service, such as Cloudflare, to add the appropriate entry.

Introducing Docker and Docker Compose

Docker allows applications to run in isolated containers, significantly simplifying their deployment and scaling. Docker Compose is a tool for defining and running multi-container applications. It helps manage complex application environments with just a few commands.

Presenting Docker Compose for Mattermost

Postgres

The PostgreSQL service stores the data for Mattermost. Here are the relevant configuration details:

services:
  postgres:
    image: postgres:13-alpine
    restart: unless-stopped
    security_opt:
      - no-new-privileges:true
    pids_limit: 100
    read_only: true
    tmpfs:
      - /tmp
      - /var/run/postgresql
    volumes:
      - ./volumes/db/var/lib/postgresql/data:/var/lib/postgresql/data
    environment:
      - TZ=Europe/Berlin
      - POSTGRES_USER=mmuser  # Username for the PostgreSQL database
      - POSTGRES_PASSWORD=mmuser_password  # Password for the PostgreSQL database
      - POSTGRES_DB=mattermost  # Name of the database to be created
    networks:
      - default

This section defines the PostgreSQL database service, which acts as the data store for Mattermost. The configuration includes security options, process limits, and locations for temporary files and data volumes.

Mattermost

The Mattermost service provides the communication platform and is made accessible via Traefik:

  mattermost:
    depends_on:
      - postgres
    image: mattermost/mattermost-team-edition:latest
    restart: unless-stopped
    security_opt:
      - no-new-privileges:true
    pids_limit: 200
    read_only: false
    tmpfs:
      - /tmp
    volumes:
      - ./volumes/app/mattermost/config:/mattermost/config:rw
      - ./volumes/app/mattermost/data:/mattermost/data:rw
      - ./volumes/app/mattermost/logs:/mattermost/logs:rw
      - ./volumes/app/mattermost/plugins:/mattermost/plugins:rw
      - ./volumes/app/mattermost/client/plugins:/mattermost/client/plugins:rw
      - ./volumes/app/mattermost/bleve-indexes:/mattermost/bleve-indexes:rw
    environment:
      - TZ=Europe/Berlin
      - MM_SQLSETTINGS_DRIVERNAME=postgres
      - MM_SQLSETTINGS_DATASOURCE=postgres://mmuser:mmuser_password@postgres:5432/mattermost?sslmode=disable&connect_timeout=10
      - MM_BLEVESETTINGS_INDEXDIR=/mattermost/bleve-indexes
      - MM_SERVICESETTINGS_SITEURL=https://chat.your-domain.org  # Replace 'your-domain.org' with your actual domain

This section defines the Mattermost service, which depends on the PostgreSQL service. The configuration includes security options, process limits, and locations for configuration files, data, logs, and plugins. The environment variables configure the database connection and the URL for accessing Mattermost.

Traefik

The Traefik labels are crucial for correctly configuring the service and routing traffic accordingly:

    labels:
      - "traefik.enable=true"
      - "traefik.http.routers.mattermost.rule=Host(`chat.your-domain.org`)"  # Replace 'your-domain.org' with your actual domain
      - "traefik.http.routers.mattermost.entrypoints=websecure"
      - "traefik.http.routers.mattermost.tls.certresolver=lets-encrypt"
      - "traefik.http.services.mattermost.loadbalancer.server.port=8065"
      - "traefik.docker.network=web"
    networks:
      - web
      - default
  • traefik.enable=true: Enables Traefik for this service, allowing Traefik to monitor and route requests.
  • traefik.http.routers.mattermost.rule=Host('chat.your-domain.org'): Defines the URL mapping condition, specifying that requests to chat.your-domain.org are routed to the Mattermost service.
  • traefik.http.routers.mattermost.entrypoints=websecure: Instructs Traefik to serve this service via the websecure entry point, used for HTTPS traffic.
  • traefik.http.routers.mattermost.tls.certresolver=lets-encrypt: Indicates that Traefik uses Let’s Encrypt to secure HTTPS traffic.
  • traefik.http.services.mattermost.loadbalancer.server.port=8065: Specifies the internal port of the Mattermost service to which Traefik routes traffic.
  • traefik.docker.network=web: Specifies the Docker network used by Traefik to manage connections.

Networks

The network settings define the network Traefik uses to connect the services:


networks:
  web:
    external: true  # Uses an external network managed by Traefik

This section defines the network used by Traefik to connect the various services and manage connections.

Conclusion

With this guide, you can efficiently and securely deploy Mattermost with Traefik and Docker. The configuration is flexible and can be easily adapted to individual requirements. For further questions or professional support, check out our Discord channel. We are happy to assist you with the optimal setup and management of your applications.

Complete Docker Compose

Here is the complete docker-compose.yml file for the Mattermost installation:


version: "2.4"

services:
  postgres:
    image: postgres:13-alpine
    restart: unless-stopped
    security_opt:
      - no-new-privileges:true
    pids_limit: 100
    read_only: true
    tmpfs:
      - /tmp
      - /var/run/postgresql
    volumes:
      - ./volumes/db/var/lib/postgresql/data:/var/lib/postgresql/data
    environment:
      - TZ=Europe/Berlin
      - POSTGRES_USER=mmuser
      - POSTGRES_PASSWORD=mmuser_password
      - POSTGRES_DB=mattermost
    networks:
      - default

  mattermost:
    depends_on:
      - postgres
    image: mattermost/mattermost-team-edition:latest
    restart: unless-stopped
    security_opt:
      - no-new-privileges:true
    pids_limit: 200
    read_only: false
    tmpfs:
      - /tmp
    volumes:
      - ./volumes/app/mattermost/config:/mattermost/config:rw
      - ./volumes/app/mattermost/data:/mattermost/data:rw
      - ./volumes/app/mattermost/logs:/mattermost/logs:rw
      - ./volumes/app/mattermost/plugins:/mattermost/plugins:rw
      - ./volumes/app/mattermost/client/plugins:/mattermost/client/plugins:rw
      - ./volumes/app/mattermost/bleve-indexes:/mattermost/bleve-indexes:rw
    environment:
      - TZ=Europe/Berlin
      - MM_SQLSETTINGS_DRIVERNAME=postgres
      - MM_SQLSETTINGS_DATASOURCE=postgres://mmuser:mmuser_password@postgres:5432/mattermost?sslmode=disable&connect_timeout=10
      - MM_BLEVESETTINGS_INDEXDIR=/mattermost/bleve-indexes
      - MM_SERVICESETTINGS_SITEURL=https://chat.your-domain.org
    labels:
      - "traefik.enable=true"
      - "traefik.http.routers.mattermost.rule=Host(`chat.your-domain.org`)"  # Replace 'your-domain.org' with your actual domain
      - "traefik.http.routers.mattermost.entrypoints=websecure"
      - "traefik.http.routers.mattermost.tls.certresolver=lets-encrypt"
      - "traefik.http.services.mattermost.loadbalancer.server.port=8065"
      - "traefik.docker.network=web"
    networks:
      - web
      - default

networks:
  web:
    external: true  # Uses an external network managed by Traefik
Vorheriger Post Alle Posts Nächster Post

Ähnliche Artikel