Hello everyone!
I am calling upon the wizards to retrieve some assistance with Traefik, Mattermost, Docker, and getting some ports exposed. I currently have a working instance of Jellyfin that is reachable over the Internet (locked down to my home IP address only right now) and confirms to be functioning. The docker-compose.yml file is below for review.
```version: "2.1"
services:
jellyfin:
image: lscr.io/linuxserver/jellyfin:latest
container_name: jellyfin
environment:
- PUID=1000
- PGID=1000
- TZ=America/New_York
networks:
- proxy
volumes:
- /mnt/HDD_01/Jellyfin:/config
- /mnt/HDD_01/:/data
# ports:
# - 8096:8096
# - 8920:8920
# - 7359:7359/udp
# - 1900:1900/udp
restart: unless-stopped
labels:
- "traefik.enable=true"
- "traefik.http.routers.jellyfin.entrypoints=http"
- "traefik.http.routers.jellyfin.rule=Host(`REDACTED`)"
- "traefik.http.middlewares.jellyfin-https-redirect.redirectscheme.scheme=https"
- "traefik.http.routers.jellyfin.middlewares=portainer-https-redirect"
- "traefik.http.routers.jellyfin-secure.entrypoints=https"
- "traefik.http.routers.jellyfin-secure.rule=Host(`REDACTED`)"
- "traefik.http.routers.jellyfin-secure.tls=true"
- "traefik.http.routers.jellyfin-secure.service=jellyfin-svc"
- "traefik.http.services.jellyfin-svc.loadbalancer.server.port=8096"
- "traefik.docker.network=proxy"
networks:
proxy:
external: true
I have ZERO issues with this container at this time, so I believe it is set up in the ideal manner. However, I am trying to spin up a Mattermost server as well and I cannot figure out why it won’t work. Below is the docker-compose.yml file, and if further explanation is needed please let me know.
I will say this, the issue with the Mattermost docker container is that even though it launches, is accessible internally, it refuses to forward the correct port out to my Cloudflare instance. Thank you in advance!!
version: "2.4"
services:
postgres:
image: postgres:${POSTGRES_IMAGE_TAG}
restart: ${RESTART_POLICY}
security_opt:
- no-new-privileges:true
pids_limit: 100
read_only: true
networks:
- proxy
tmpfs:
- /tmp
- /var/run/postgresql
volumes:
- ${POSTGRES_DATA_PATH}:/var/lib/postgresql/data
environment:
# timezone inside container
- TZ
# necessary Postgres options/variables
- POSTGRES_USER
- POSTGRES_PASSWORD
- POSTGRES_DB
mattermost:
depends_on:
- postgres
image: mattermost/${MATTERMOST_IMAGE}:${MATTERMOST_IMAGE_TAG}
restart: ${RESTART_POLICY}
security_opt:
- no-new-privileges:true
pids_limit: 200
read_only: ${MATTERMOST_CONTAINER_READONLY}
networks:
- proxy
tmpfs:
- /tmp
volumes:
- ${MATTERMOST_CONFIG_PATH}:/mattermost/config:rw
- ${MATTERMOST_DATA_PATH}:/mattermost/data:rw
- ${MATTERMOST_LOGS_PATH}:/mattermost/logs:rw
- ${MATTERMOST_PLUGINS_PATH}:/mattermost/plugins:rw
- ${MATTERMOST_CLIENT_PLUGINS_PATH}:/mattermost/client/plugins:rw
- ${MATTERMOST_BLEVE_INDEXES_PATH}:/mattermost/bleve-indexes:rw
# When you want to use SSO with GitLab, you have to add the cert pki chain of GitLab inside Alpine
# to avoid Token request failed: certificate signed by unknown authority
# (link: https://github.com/mattermost/mattermost-server/issues/13059 and https://github.com/mattermost/docker/issues/34)
# - ${GITLAB_PKI_CHAIN_PATH}:/etc/ssl/certs/pki_chain.pem:ro
environment:
# timezone inside container
- TZ
# necessary Mattermost options/variables (see env.example)
- MM_SQLSETTINGS_DRIVERNAME
- MM_SQLSETTINGS_DATASOURCE
# necessary for bleve
- MM_BLEVESETTINGS_INDEXDIR
# additional settings
- MM_SERVICESETTINGS_SITEURL
labels:
- "traefik.enable=true"
- "traefik.http.routers.mattermost.entrypoints=http"
- "traefik.http.routers.mattermost.rule=Host(`REDACTED`)"
- "traefik.http.middlewares.mattermost-https-redirect.redirectscheme.scheme=https"
- "traefik.http.routers.mattermost.middlewares=portainer-https-redirect"
- "traefik.http.routers.mattermost-secure.entrypoints=https"
- "traefik.http.routers.mattermsot-secure.rule=Host(`REDACTED`)"
- "traefik.http.routers.mattermost-secure.tls=true"
- "traefik.http.routers.mattermost-secure.service=mattermost-svc"
- "traefik.http.services.mattermost-svc.loadbalancer.server.port=8065"
- "traefik.docker.network=proxy"
networks:
proxy:
external: true
# If you use rolling image tags and feel lucky watchtower can automatically pull new images and
# instantiate containers from it. https://containrrr.dev/watchtower/
# Please keep in mind watchtower will have access on the docker socket. This can be a security risk.
#
# watchtower:
# container_name: watchtower
# image: containrrr/watchtower:latest
# restart: unless-stopped
# volumes:
# - /var/run/docker.sock:/var/run/docker.sock```