version: "3.8" services: postgres: image: postgres:${POSTGRES_IMAGE_TAG} restart: ${RESTART_POLICY} security_opt: - no-new-privileges:true tmpfs: - /tmp - /var/run/postgresql volumes: - postgres_data:/var/lib/postgresql/data environment: # timezone inside container - TZ # necessary Postgres options/variables - POSTGRES_USER - POSTGRES_PASSWORD - POSTGRES_DB networks: - internal mattermost: image: mattermost/${MATTERMOST_IMAGE}:${MATTERMOST_IMAGE_TAG} restart: ${RESTART_POLICY} security_opt: - no-new-privileges:true read_only: ${MATTERMOST_CONTAINER_READONLY} tmpfs: - /tmp volumes: - mattermost_config:/mattermost/config:rw - mattermost_data:/mattermost/data:rw - mattermost_logs:/mattermost/logs:rw - mattermost_plugins:/mattermost/plugins:rw - mattermost_client_plugins:/mattermost/client/plugins:rw environment: # timezone inside container - TZ # necessary Mattermost options/variables (see env.example) - MM_SQLSETTINGS_DRIVERNAME - MM_SQLSETTINGS_DATASOURCE # additional settings - MM_SERVICESETTINGS_SITEURL ports: - ${APP_PORT}:8065 networks: - proxy - internal deploy: labels: - "traefik.enable=true" - "traefik.docker.network=proxy" - "traefik.http.services.${STACK_NAME}.loadbalancer.server.port=80" - "traefik.http.routers.${STACK_NAME}.rule=Host(`${DOMAIN}`${EXTRA_DOMAINS})" - "traefik.http.routers.${STACK_NAME}.tls.certresolver=${LETS_ENCRYPT_ENV}" - "traefik.http.routers.${STACK_NAME}.entrypoints=web-secure" - "traefik.http.routers.${STACK_NAME}.middlewares=${STACK_NAME}-redirect" - "traefik.http.middlewares.${STACK_NAME}-redirect.headers.SSLForceHost=true" - "traefik.http.middlewares.${STACK_NAME}-redirect.headers.SSLHost=${DOMAIN}" networks: proxy: external: true internal: volumes: postgres_data: mattermost_config: mattermost_data: mattermost_logs: mattermost_plugins: mattermost_client_plugins: