ldap-demo/docker-compose-mattermost.yml

version: "3.8"

services:
  # LDAP服务
  ldap:
    image: osixia/openldap:1.5.0
    container_name: ldap
    environment:
      LDAP_ORGANISATION: "Example Inc."
      LDAP_DOMAIN: "example.com"
      LDAP_ADMIN_PASSWORD: "admin"
      LDAP_CONFIG_PASSWORD: "config"
      LDAP_READONLY_USER: "false"
      LDAP_RFC2307BIS_SCHEMA: "false"
      LDAP_BACKEND: "mdb"
      LDAP_TLS: "true"
      LDAP_TLS_CRT_FILENAME: "ldap.crt"
      LDAP_TLS_KEY_FILENAME: "ldap.key"
      LDAP_TLS_DH_PARAM_FILENAME: "dhparam.pem"
      LDAP_TLS_CA_CRT_FILENAME: "ca.crt"
      LDAP_TLS_ENFORCE: "false"
      LDAP_TLS_CIPHER_SUITE: "SECURE256:-VERS-SSL3.0"
      LDAP_TLS_VERIFY_CLIENT: "demand"
      LDAP_REPLICATION: "false"
      KEEP_EXISTING_CONFIG: "false"
      LDAP_REMOVE_CONFIG_AFTER_SETUP: "true"
      LDAP_SSL_HELPER_PREFIX: "ldap"
    tty: true
    stdin_open: true
    volumes:
      - ldap_data:/var/lib/ldap
      - ldap_config:/etc/ldap/slapd.d
    ports:
      - "389:389"
      - "636:636"
    hostname: ldap.example.com
    networks:
      - mattermost_network



  # Mattermost Team Edition
  mattermost:
    image: mattermost/mattermost-team-edition:latest
    container_name: mattermost
    hostname: mattermost
    ports:
      - "8065:8065"
    environment:
      # 数据库配置
      MM_SQLSETTINGS_DRIVERNAME: "postgres"
      MM_SQLSETTINGS_DATASOURCE: "postgres://mattermost:mattermost_password@postgres:5432/mattermost?sslmode=disable&connect_timeout=10"
      
      # 服务配置
      MM_SERVICESETTINGS_SITEURL: "http://localhost:8065"
      MM_SERVICESETTINGS_LISTENADDRESS: ":8065"
      MM_SERVICESETTINGS_ENABLEDEVELOPER: "true"
      
      # 文件存储配置
      MM_FILESETTINGS_DRIVERNAME: "local"
      MM_FILESETTINGS_DIRECTORY: "/mattermost/data/"
      
      # 日志配置
      MM_LOGSETTINGS_ENABLECONSOLE: "true"
      MM_LOGSETTINGS_CONSOLELEVEL: "INFO"
      
      # 用户配置
      MM_TEAMSETTINGS_ENABLEUSERCREATION: "true"

      # OpenID Connect (Other) 配置（用于连接Dex）
      MM_OPENIDSETTINGS_ENABLE: "true"
      MM_OPENIDSETTINGS_ID: "mattermost"
      MM_OPENIDSETTINGS_SECRET: "mattermost-secret-key-12345"
      MM_OPENIDSETTINGS_DISCOVERYENDPOINT: "http://localhost:5556/dex/.well-known/openid_configuration"
      MM_OPENIDSETTINGS_BUTTONTEXT: "使用LDAP登录"
      MM_OPENIDSETTINGS_BUTTONCOLOR: "#145DBF"
      MM_TEAMSETTINGS_ENABLEOPENSERVER: "true"
      MM_SERVICESETTINGS_ENABLEEMAILINVITATIONS: "false"
      
      # 安全配置
      MM_SERVICESETTINGS_ENABLEINSECUREOUTGOINGCONNECTIONS: "true"
      
      # 插件配置
      MM_PLUGINSETTINGS_ENABLE: "true"
      MM_PLUGINSETTINGS_ENABLEUPLOADS: "true"
    depends_on:
      postgres:
        condition: service_healthy
    networks:
      - mattermost_network
    volumes:
      - ./mattermost_data:/mattermost/data
      - ./mattermost_logs:/mattermost/logs
      - ./mattermost_plugins:/mattermost/plugins
    restart: unless-stopped
    healthcheck:
      test: ["CMD", "curl", "-f", "http://localhost:8065/api/v4/system/ping"]
      interval: 30s
      timeout: 10s
      retries: 3
      start_period: 90s

  # PostgreSQL数据库
  postgres:
    image: postgres:13-alpine
    container_name: mattermost_postgres
    environment:
      POSTGRES_DB: mattermost
      POSTGRES_USER: mattermost
      POSTGRES_PASSWORD: mattermost_password
      POSTGRES_INITDB_ARGS: "--encoding=UTF8 --lc-collate=C --lc-ctype=C"
    volumes:
      - ./postgres_data:/var/lib/postgresql/data
    networks:
      - mattermost_network
    restart: unless-stopped
    healthcheck:
      test: ["CMD-SHELL", "pg_isready -U mattermost -d mattermost"]
      interval: 30s
      timeout: 10s
      retries: 3
      start_period: 30s

  # Dex OAuth2 Provider (连接LDAP)
  dex:
    image: dexidp/dex:v2.37.0
    container_name: dex
    ports:
      - "5556:5556"
    volumes:
      - ./dex_config.yaml:/etc/dex/config.yaml:ro
    command: ["dex", "serve", "/etc/dex/config.yaml"]
    networks:
      - mattermost_network
    restart: unless-stopped
    healthcheck:
      test: ["CMD", "wget", "--quiet", "--tries=1", "--spider", "http://localhost:5556/dex/healthz"]
      interval: 30s
      timeout: 10s
      retries: 3

networks:
  mattermost_network:
    driver: bridge

volumes:
  ldap_data:
  ldap_config:

# 使用绑定挂载，数据存储在当前目录下
# volumes 部分已删除，因为使用 ./目录 的绑定挂载