version: "3.8" services: # LDAP服务 ldap: image: osixia/openldap:1.5.0 container_name: ldap environment: LDAP_ORGANISATION: "Example Inc." LDAP_DOMAIN: "example.com" LDAP_ADMIN_PASSWORD: "admin" LDAP_CONFIG_PASSWORD: "config" LDAP_READONLY_USER: "false" LDAP_RFC2307BIS_SCHEMA: "false" LDAP_BACKEND: "mdb" LDAP_TLS: "true" LDAP_TLS_CRT_FILENAME: "ldap.crt" LDAP_TLS_KEY_FILENAME: "ldap.key" LDAP_TLS_DH_PARAM_FILENAME: "dhparam.pem" LDAP_TLS_CA_CRT_FILENAME: "ca.crt" LDAP_TLS_ENFORCE: "false" LDAP_TLS_CIPHER_SUITE: "SECURE256:-VERS-SSL3.0" LDAP_TLS_VERIFY_CLIENT: "demand" LDAP_REPLICATION: "false" KEEP_EXISTING_CONFIG: "false" LDAP_REMOVE_CONFIG_AFTER_SETUP: "true" LDAP_SSL_HELPER_PREFIX: "ldap" tty: true stdin_open: true volumes: - ldap_data:/var/lib/ldap - ldap_config:/etc/ldap/slapd.d ports: - "389:389" - "636:636" hostname: ldap.example.com networks: - mattermost_network # Mattermost Team Edition mattermost: image: mattermost/mattermost-team-edition:latest container_name: mattermost hostname: mattermost ports: - "8065:8065" environment: # 数据库配置 MM_SQLSETTINGS_DRIVERNAME: "postgres" MM_SQLSETTINGS_DATASOURCE: "postgres://mattermost:mattermost_password@postgres:5432/mattermost?sslmode=disable&connect_timeout=10" # 服务配置 MM_SERVICESETTINGS_SITEURL: "http://localhost:8065" MM_SERVICESETTINGS_LISTENADDRESS: ":8065" MM_SERVICESETTINGS_ENABLEDEVELOPER: "true" # 文件存储配置 MM_FILESETTINGS_DRIVERNAME: "local" MM_FILESETTINGS_DIRECTORY: "/mattermost/data/" # 日志配置 MM_LOGSETTINGS_ENABLECONSOLE: "true" MM_LOGSETTINGS_CONSOLELEVEL: "INFO" # 用户配置 MM_TEAMSETTINGS_ENABLEUSERCREATION: "true" # OpenID Connect (Other) 配置(用于连接Dex) MM_OPENIDSETTINGS_ENABLE: "true" MM_OPENIDSETTINGS_ID: "mattermost" MM_OPENIDSETTINGS_SECRET: "mattermost-secret-key-12345" MM_OPENIDSETTINGS_DISCOVERYENDPOINT: "http://localhost:5556/dex/.well-known/openid_configuration" MM_OPENIDSETTINGS_BUTTONTEXT: "使用LDAP登录" MM_OPENIDSETTINGS_BUTTONCOLOR: "#145DBF" MM_TEAMSETTINGS_ENABLEOPENSERVER: "true" MM_SERVICESETTINGS_ENABLEEMAILINVITATIONS: "false" # 安全配置 MM_SERVICESETTINGS_ENABLEINSECUREOUTGOINGCONNECTIONS: "true" # 插件配置 MM_PLUGINSETTINGS_ENABLE: "true" MM_PLUGINSETTINGS_ENABLEUPLOADS: "true" depends_on: postgres: condition: service_healthy networks: - mattermost_network volumes: - ./mattermost_data:/mattermost/data - ./mattermost_logs:/mattermost/logs - ./mattermost_plugins:/mattermost/plugins restart: unless-stopped healthcheck: test: ["CMD", "curl", "-f", "http://localhost:8065/api/v4/system/ping"] interval: 30s timeout: 10s retries: 3 start_period: 90s # PostgreSQL数据库 postgres: image: postgres:13-alpine container_name: mattermost_postgres environment: POSTGRES_DB: mattermost POSTGRES_USER: mattermost POSTGRES_PASSWORD: mattermost_password POSTGRES_INITDB_ARGS: "--encoding=UTF8 --lc-collate=C --lc-ctype=C" volumes: - ./postgres_data:/var/lib/postgresql/data networks: - mattermost_network restart: unless-stopped healthcheck: test: ["CMD-SHELL", "pg_isready -U mattermost -d mattermost"] interval: 30s timeout: 10s retries: 3 start_period: 30s # Dex OAuth2 Provider (连接LDAP) dex: image: dexidp/dex:v2.37.0 container_name: dex ports: - "5556:5556" volumes: - ./dex_config.yaml:/etc/dex/config.yaml:ro command: ["dex", "serve", "/etc/dex/config.yaml"] networks: - mattermost_network restart: unless-stopped healthcheck: test: ["CMD", "wget", "--quiet", "--tries=1", "--spider", "http://localhost:5556/dex/healthz"] interval: 30s timeout: 10s retries: 3 networks: mattermost_network: driver: bridge volumes: ldap_data: ldap_config: # 使用绑定挂载,数据存储在当前目录下 # volumes 部分已删除,因为使用 ./目录 的绑定挂载