diff --git a/autoconf/IngressController.py b/autoconf/IngressController.py index 0904d90b..06e73b48 100644 --- a/autoconf/IngressController.py +++ b/autoconf/IngressController.py @@ -1,6 +1,6 @@ from traceback import format_exc from kubernetes import client, config, watch -from client.exceptions import ApiException +from kubernetes.client.exceptions import ApiException from threading import Thread, Lock from logger import log from sys import exit diff --git a/examples/mattermost/.env b/examples/mattermost/.env new file mode 100644 index 00000000..77a84c89 --- /dev/null +++ b/examples/mattermost/.env @@ -0,0 +1,85 @@ +# Domain of service +DOMAIN=www.example.com + +# Container settings +## Timezone inside the containers. The value needs to be in the form 'Europe/Berlin'. +## A list of these tz database names can be looked up at Wikipedia +## https://en.wikipedia.org/wiki/List_of_tz_database_time_zones +TZ=UTC +RESTART_POLICY=unless-stopped + +# Postgres settings +## Documentation for this image and available settings can be found on hub.docker.com +## https://hub.docker.com/_/postgres +## Please keep in mind this will create a superuser and it's recommended to use a less privileged +## user to connect to the database. +## A guide on how to change the database user to a nonsuperuser can be found in docs/creation-of-nonsuperuser.md +POSTGRES_IMAGE_TAG=13-alpine +POSTGRES_DATA_PATH=./volumes/db/var/lib/postgresql/data + +POSTGRES_USER=mmuser +POSTGRES_PASSWORD=mmuser_password +POSTGRES_DB=mattermost + +# Nginx +## The nginx container will use a configuration found at the NGINX_MATTERMOST_CONFIG. The config aims +## to be secure and uses a catch-all server vhost which will work out-of-the-box. For additional settings +## or changes ones can edit it or provide another config. Important note: inside the container, nginx sources +## every config file inside */etc/nginx/conf.d* ending with a *.conf* file extension. + +## Inside the container the uid and gid is 101. The folder owner can be set with +## `sudo chown -R 101:101 ./nginx` if needed. +NGINX_IMAGE_TAG=alpine + +## The folder containing server blocks and any additional config to nginx.conf +NGINX_CONFIG_PATH=./nginx/conf.d +NGINX_DHPARAMS_FILE=./nginx/dhparams4096.pem + +CERT_PATH=./volumes/web/cert/cert.pem +KEY_PATH=./volumes/web/cert/key-no-password.pem +#GITLAB_PKI_CHAIN_PATH=/pki_chain.pem +#CERT_PATH=./certs/etc/letsencrypt/live/${DOMAIN}/fullchain.pem +#KEY_PATH=./certs/etc/letsencrypt/live/${DOMAIN}/privkey.pem + +## Exposed ports to the host. Inside the container 80 and 443 will be used +HTTPS_PORT=443 +HTTP_PORT=80 + +# Mattermost settings +## Inside the container the uid and gid is 2000. The folder owner can be set with +## `sudo chown -R 2000:2000 ./volumes/app/mattermost`. +MATTERMOST_CONFIG_PATH=./volumes/app/mattermost/config +MATTERMOST_DATA_PATH=./volumes/app/mattermost/data +MATTERMOST_LOGS_PATH=./volumes/app/mattermost/logs +MATTERMOST_PLUGINS_PATH=./volumes/app/mattermost/plugins +MATTERMOST_CLIENT_PLUGINS_PATH=./volumes/app/mattermost/client/plugins +MATTERMOST_BLEVE_INDEXES_PATH=./volumes/app/mattermost/bleve-indexes + +## Bleve index (inside the container) +MM_BLEVESETTINGS_INDEXDIR=/mattermost/bleve-indexes + +## This will be 'mattermost-enterprise-edition' or 'mattermost-team-edition' based on the version of Mattermost you're installing. +MATTERMOST_IMAGE=mattermost-enterprise-edition +MATTERMOST_IMAGE_TAG=6.3 + +## Make Mattermost container readonly. This interferes with the regeneration of root.html inside the container. Only use +## it if you know what you're doing. +## See https://github.com/mattermost/docker/issues/18 +MATTERMOST_CONTAINER_READONLY=false + +## The app port is only relevant for using Mattermost without the nginx container as reverse proxy. This is not meant +## to be used with the internal HTTP server exposed but rather in case one wants to host several services on one host +## or for using it behind another existing reverse proxy. +APP_PORT=8065 + +## Configuration settings for Mattermost. Documentation on the variables and the settings itself can be found at +## https://docs.mattermost.com/administration/config-settings.html +## Keep in mind that variables set here will take precedence over the same setting in config.json. This includes +## the system console as well and settings set with env variables will be greyed out. + +## Below one can find necessary settings to spin up the Mattermost container +MM_SQLSETTINGS_DRIVERNAME=postgres +MM_SQLSETTINGS_DATASOURCE=postgres://${POSTGRES_USER}:${POSTGRES_PASSWORD}@postgres:5432/${POSTGRES_DB}?sslmode=disable&connect_timeout=10 + +## Example settings (any additional setting added here also needs to be introduced in the docker-compose.yml) +MM_SERVICESETTINGS_SITEURL=https://${DOMAIN} diff --git a/examples/mattermost/docker-compose.yml b/examples/mattermost/docker-compose.yml new file mode 100644 index 00000000..dd42ae70 --- /dev/null +++ b/examples/mattermost/docker-compose.yml @@ -0,0 +1,87 @@ +version: '3' + +services: + + mybunker: + image: bw + ports: + - 80:8080 + - 443:8443 + # ⚠️ read this if you use local folders for volumes ⚠️ + # bunkerweb runs as an unprivileged user with UID/GID 101 + # don't forget to edit the permissions of the files and folders accordingly + # example if you need to create a directory : mkdir folder && chown root:101 folder && chmod 770 folder + # another example for existing folder : chown -R root:101 folder && chmod -R 770 folder + # more info at https://docs.bunkerweb.io + volumes: + - bw_data:/data + environment: + - SERVER_NAME=www.example.com # replace with your domain + - AUTO_LETS_ENCRYPT=yes + - DISABLE_DEFAULT_SERVER=yes + - USE_CLIENT_CACHE=yes + - SERVE_FILES=no + - MAX_CLIENT_SIZE=50m + - ALLOWED_METHODS=GET|POST|HEAD|DELETE|PUT + - USE_GZIP=yes + - USE_REVERSE_PROXY=yes + - REVERSE_PROXY_URL_1=/ + - REVERSE_PROXY_HOST_1=http://mattermost:8065 + - REVERSE_PROXY_URL_2=~ /api/v[0-9]+/(users/)?websocket$$ + - REVERSE_PROXY_WS_2=yes + + mattermost: + depends_on: + - postgres + image: mattermost/${MATTERMOST_IMAGE}:${MATTERMOST_IMAGE_TAG} + restart: ${RESTART_POLICY} + security_opt: + - no-new-privileges:true + pids_limit: 200 + read_only: ${MATTERMOST_CONTAINER_READONLY} + tmpfs: + - /tmp + volumes: + - ${MATTERMOST_CONFIG_PATH}:/mattermost/config:rw + - ${MATTERMOST_DATA_PATH}:/mattermost/data:rw + - ${MATTERMOST_LOGS_PATH}:/mattermost/logs:rw + - ${MATTERMOST_PLUGINS_PATH}:/mattermost/plugins:rw + - ${MATTERMOST_CLIENT_PLUGINS_PATH}:/mattermost/client/plugins:rw + - ${MATTERMOST_BLEVE_INDEXES_PATH}:/mattermost/bleve-indexes:rw + # When you want to use SSO with GitLab, you have to add the cert pki chain of GitLab inside Alpine + # to avoid Token request failed: certificate signed by unknown authority + # (link: https://github.com/mattermost/mattermost-server/issues/13059 and https://github.com/mattermost/docker/issues/34) + # - ${GITLAB_PKI_CHAIN_PATH}:/etc/ssl/certs/pki_chain.pem:ro + environment: + # timezone inside container + - TZ + # necessary Mattermost options/variables (see env.example) + - MM_SQLSETTINGS_DRIVERNAME + - MM_SQLSETTINGS_DATASOURCE + # necessary for bleve + - MM_BLEVESETTINGS_INDEXDIR + # additional settings + - MM_SERVICESETTINGS_SITEURL + + postgres: + image: postgres:${POSTGRES_IMAGE_TAG} + restart: ${RESTART_POLICY} + security_opt: + - no-new-privileges:true + pids_limit: 100 + read_only: true + tmpfs: + - /tmp + - /var/run/postgresql + volumes: + - ${POSTGRES_DATA_PATH}:/var/lib/postgresql/data + environment: + # timezone inside container + - TZ + # necessary Postgres options/variables + - POSTGRES_USER + - POSTGRES_PASSWORD + - POSTGRES_DB + +volumes: + bw_data: