Issue Installing Mattermost via Docker in Plesk - issues with containers

[David Borrink]

Server operating system version

CentOS 7.9

Plesk version and microupdate number

18.0.58 #2

This is my first attempt at using Docker. I want to install Mattermost on my server to use for a chat system between members of my family. I went to Mattermost's page for installing via Docker (Install Mattermost via Docker — Mattermost documentation) and I'm having some confusion regarding how to do this. I ran the container for Mattermost Team Edition and it's installed. I also ran the PostgreSQL container to get a database added and that container is set up. The MM instructions say, "When the installation is complete, the PostgreSQL server is running, and a Linux user account called postgres has been created." I have an error in the overview of that container that says...

Error: Database is uninitialized and superuser password is not specified.
You must specify POSTGRES_PASSWORD to a non-empty value for the
superuser. For example, "-e POSTGRES_PASSWORD=password" on "docker run".

Since this is not in the MM instructions, I need some advice on how to proceed.

They say I need to be running Docker Engine and Docker Compose in order to do this, but is this different than using the Docker Extension in Plesk? I'm a Docker newbie, for the record.

Has anyone run the Mattermost Team Edition setup via Docker in Plesk and can advise me or point me to some helpful tips or tutorials regarding doing this? I'm assuming that once I get the containers set up that I run sudo commands per the instructions, correct?

Thanks for any advice.

 

[David Borrink]

I'm bumping this conversation. I haven't had any responses and it's travelled down the page for a couple weeks.

 

[David Borrink]

Image files of my Docker area and the two containers I've installed, plus a shot of the details of the postgres console log and error message.

 

[scsa20]

You might not find much help in here since this section is primary for plesk itself but from the error I'm seeing you haven't set any environment variables for postgres and that requires the variable of POSTGRES_PASSWORD. You might want to review their example ENV file to see what is required for variables which can be seen at docker/env.example at main · mattermost/docker (I wouldn't use 1 to 1, like for example, the port numbers should be different and map accordingly to the container's internal ports).

 

[scsa20]

OK so I've decided to try to do this myself so I can see the process, the only difference is I used Portainer to do a lot of the deployments instead of using the native which lets me easily use docker compose but you should be able to do this as well if you have access to the shell (since this would make things SOOO much easier).

So if you do have shell info, make a folder somewhere and create a docker compose file with this content:

# https://docs.docker.com/compose/environment-variables/

version: "2.4"

services:
  postgres:
    image: postgres:${POSTGRES_IMAGE_TAG}
    restart: ${RESTART_POLICY}
    security_opt:
      - no-new-privileges:true
    pids_limit: 100
    read_only: true
    tmpfs:
      - /tmp
      - /var/run/postgresql
    volumes:
      - ${POSTGRES_DATA_PATH}:/var/lib/postgresql/data
    environment:
      # timezone inside container
      - TZ

      # necessary Postgres options/variables
      - POSTGRES_USER
      - POSTGRES_PASSWORD
      - POSTGRES_DB

  mattermost:
    depends_on:
      - postgres
    image: mattermost/${MATTERMOST_IMAGE}:${MATTERMOST_IMAGE_TAG}
    restart: ${RESTART_POLICY}
    security_opt:
      - no-new-privileges:true
    pids_limit: 200
    read_only: ${MATTERMOST_CONTAINER_READONLY}
    tmpfs:
      - /tmp
    ports:
      - ${APP_PORT}:8065
      - ${CALLS_PORT}:${CALLS_PORT}/udp
      - ${CALLS_PORT}:${CALLS_PORT}/tcp
    volumes:
      - ${MATTERMOST_CONFIG_PATH}:/mattermost/config:rw
      - ${MATTERMOST_DATA_PATH}:/mattermost/data:rw
      - ${MATTERMOST_LOGS_PATH}:/mattermost/logs:rw
      - ${MATTERMOST_PLUGINS_PATH}:/mattermost/plugins:rw
      - ${MATTERMOST_CLIENT_PLUGINS_PATH}:/mattermost/client/plugins:rw
      - ${MATTERMOST_BLEVE_INDEXES_PATH}:/mattermost/bleve-indexes:rw
      # When you want to use SSO with GitLab, you have to add the cert pki chain of GitLab inside Alpine
      # to avoid Token request failed: certificate signed by unknown authority
      # (link: https://github.com/mattermost/mattermost-server/issues/13059 and https://github.com/mattermost/docker/issues/34)
      # - ${GITLAB_PKI_CHAIN_PATH}:/etc/ssl/certs/pki_chain.pem:ro
    environment:
      # timezone inside container
      - TZ

      # necessary Mattermost options/variables (see env.example)
      - MM_SQLSETTINGS_DRIVERNAME
      - MM_SQLSETTINGS_DATASOURCE

      # necessary for bleve
      - MM_BLEVESETTINGS_INDEXDIR

      # additional settings
      - MM_SERVICESETTINGS_SITEURL

# If you use rolling image tags and feel lucky watchtower can automatically pull new images and
# instantiate containers from it. https://containrrr.dev/watchtower/
# Please keep in mind watchtower will have access on the docker socket. This can be a security risk.
#
#  watchtower:
#    container_name: watchtower
#    image: containrrr/watchtower:latest
#    restart: unless-stopped
#    volumes:
#      - /var/run/docker.sock:/var/run/docker.sock

Make an .env file within the same directory with the following content:

DOMAIN=domain.youare.using
TZ=UTC
RESTART_POLICY=unless-stopped
POSTGRES_IMAGE_TAG=13-alpine
POSTGRES_DATA_PATH=/data/mattermostpostgresql/data
POSTGRES_USER=mmuser
POSTGRES_PASSWORD=mmuser_password
POSTGRES_DB=mattermost
CALLS_PORT=8449
MATTERMOST_CONFIG_PATH=./volumes/app/mattermost/config
MATTERMOST_DATA_PATH=./volumes/app/mattermost/data
MATTERMOST_LOGS_PATH=./volumes/app/mattermost/logs
MATTERMOST_PLUGINS_PATH=./volumes/app/mattermost/plugins
MATTERMOST_CLIENT_PLUGINS_PATH=./volumes/app/mattermost/client/plugins
MATTERMOST_BLEVE_INDEXES_PATH=./volumes/app/mattermost/bleve-indexes
MM_BLEVESETTINGS_INDEXDIR=/mattermost/bleve-indexes
MATTERMOST_IMAGE=mattermost-team-edition
MATTERMOST_IMAGE_TAG=9.1
MATTERMOST_CONTAINER_READONLY=false
APP_PORT=8065
MM_SQLSETTINGS_DRIVERNAME=postgres
MM_SQLSETTINGS_DATASOURCE=postgres://${POSTGRES_USER}:${POSTGRES_PASSWORD}@postgres:5432/${POSTGRES_DB}?sslmode=disable&connect_timeout=10
MM_SERVICESETTINGS_SITEURL=https://${DOMAIN}

You can change the path to wherever like I had (see below for example)

MATTERMOST_CONFIG_PATH=/data/mattermost/config
MATTERMOST_DATA_PATH=/data/mattermost/data
MATTERMOST_LOGS_PATH=/data/mattermost/logs
MATTERMOST_PLUGINS_PATH=/data/mattermost/plugins
MATTERMOST_CLIENT_PLUGINS_PATH=/data/mattermost/client/plugins
MATTERMOST_BLEVE_INDEXES_PATH=/data/mattermost/bleve-indexes

Start the docker compose by running

docker compose up -d

After that you'll want to update the permission by running the following:

sudo chown -R 2000:2000 ./volumes/app/mattermost

At this point you can restart the mattermost container or bring down the stack then start it back up.

Congrats you are half way there!

Now within Plesk, make a new sub domain of the same name you've set for DOMAIN. Go into the domain go to Hosting & DNS, then Apache & nginx.

Now disable Proxy mode under Nginx Settings so Apache isn't being used, then for additional nginx directive paste in the following:

location ~ /api/v[0-9]+/(users/)?websocket$ {
    proxy_set_header Upgrade $http_upgrade;
    proxy_set_header Connection "upgrade";
    proxy_set_header Host $http_host;
    proxy_set_header X-Real-IP $remote_addr;
    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
    proxy_set_header X-Forwarded-Proto $scheme;
    proxy_set_header X-Frame-Options SAMEORIGIN;
    proxy_buffers 256 16k;
    proxy_buffer_size 16k;
    client_body_timeout 60;
    send_timeout 300;
    lingering_timeout 5;
    proxy_connect_timeout 90;
    proxy_send_timeout 300;
    proxy_read_timeout 90s;
    proxy_pass http://localhost:8065;
}

location / {
    proxy_set_header Connection "";
    proxy_set_header Host $http_host;
    proxy_set_header X-Real-IP $remote_addr;
    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
    proxy_set_header X-Forwarded-Proto $scheme;
    proxy_set_header X-Frame-Options SAMEORIGIN;
    proxy_buffers 256 16k;
    proxy_buffer_size 16k;
    proxy_read_timeout 600s;
    proxy_http_version 1.1;
    proxy_pass http://localhost:8065;
}

From there, you're basically done (don't forget to go to the dashboard of your domain and issue yourself a SSL from Let's Encrypt). Now go to the site and register yourself an account and you're done!

Please note that the environment variables I showed above is a mixture of the default settings and settings I've set (for example, CALLS_PORT I've changed) so I would recommend that you change the username and password for the POSTGRES_USER and POSTGRES_PASSWORD.

If you want to do everything through Plesk panel's native docker extension here's what it looks like (you can ignore the PATH (and basically anything that is not listed in the ENV above) variable since that will be auto generated anyways).

 

[David Borrink]

scsa20. Wow. You are a wonderfully curious person and I really, really appreciate this. A lot. I'll look this over.

I did find the Docker Compose extension and installed that. So I do have Docker compose at my disposal now. I have an issue where I'm verifying my password for shell use (a hosting issue I need to resolve) but this gives me a lot of good solid info to work with, especially because you went through the steps here.

 

[scsa20]

No problem, hope this all works out for you

 

[David Borrink]

I have a question for you. A lot of this makes sense.

The .env file. I have it created as "example.env" in that directory. Is that okay or do I need to give it another file name? You didn't mention what the file name needs to be.

 

[David Borrink]

I went with "example.env" for now. I went to the shell to run the "docker compose up -d" command, and after getting a message that the configuration file wasn't found, assumed I was not in the right directory for a sec, cd'd to my "chatsetup" folder where the .env and .docker-compose file were and then ran "docker compose up -d" again. Something happened but I have a few errors.

I used the examples you shared above and only edited the subdomain name, the postgres user name and postgres password, and the six lines you showed for the paths, and I used what you typed. Here are the errors. Would you advise what is happening here?

Here's a screen shot.

 

[scsa20]

It's just plain old .env, nothing before it. (so basically remove example)

mv example.env .env

 

[David Borrink]

Okay, after changing the name to just .env and verifying I had all the info correct, I ran the "docker compose up -d" command and got this. Is this in relation to the permissions situation you gave in the next step or is this an error that needs fixing?

Last login: Wed Mar 13 13:52:21 2024 from localhost.localdomain -bash-4.2$ cd chatsetup/ -bash-4.2$ docker compose up -d permission denied while trying to connect to the Docker daemon socket at unix:///var/run/docker.sock: Get "http://%2Fvar%2Frun%2Fdocker.sock/v1.44/containers/json?all=1&filters=%7B%22label%22%3A%7B%22com.docker.compose.config-hash%22%3Atrue%2C%22com.docker.compose.project%3Dchatsetup%22%3Atrue%7D%7D": dial unix /var/run/docker.sock: connect: permission denied -bash-4.2$ sudo chown -R 2000:2000 ./volumes/app/mattermost

 

[scsa20]

In this case it's in relation to your user account not being able to start up the docker daemon socket, this can be fixed by adding your user account to the docker group by doing the following:

sudo usermod -aG docker $USER

(note if you do not have the docker group already, you can make it by running the following command:

sudo groupadd docker

then run the previous command)

Then log out and log back in and you should be able to run it without root

OR

add sudo in front of docker compose up -d

sudo docker compose up -d

Basically refer to Linux post-installation steps for Docker Engine

 

[David Borrink]

I actually had to have my server reset to update the root password because I couldn't sudo. Once back up I went to Docker area and found that Mattermost Team edition was running and that the PostGre was also running and up. So that is actually where I really appear to be. It appears I have things installed at that point and now need to run the permissions issue.

 

[David Borrink]

I'm unable to run that permissions issue because I'm still not able to sudo due to my password not working. I'll deal with that but I went to the nginx proxy task, disabled the proxy and pasted in that code to the directives panel and got a warning when I clicked "Apply" it said (and I'm redacting a couple domains and IPs numbers (but not port numbers) of mine with all X's and Y's and Z's and 0's for privacy sake)..... The ZZZ is the domain I'm putting Mattermost on. XXX and YYY are two other domains of mine.
Invalid nginx configuration: nginx: [warn] protocol options redefined for 00.000.000.00:443 in /etc/nginx/plesk.conf.d/webmails/XXX.com_webmail.conf:7 nginx: [warn] protocol options redefined for 00.000.000.00:443 in /etc/nginx/plesk.conf.d/webmails/YYY.com_webmail.conf:7 nginx: [emerg] duplicate location "/" in /var/www/vhosts/system/chat.ZZZ.com/conf/vhost_nginx.conf:20 nginx: configuration file /etc/nginx/nginx.conf test failed

 

[David Borrink]

the email notification from my server also had this info: "Please resolve the errors in web server configuration templates and generate the file again."

 

[David Borrink]

scsa20, here is my situation. I was able to get the root password fixed and verified that it works. Since I got interrupted in the flow of things I'm trying to resume. I was at the step above where you said to

After that you'll want to update the permission by running the following:

Code:
sudo chown -R 2000:2000 ./volumes/app/mattermost

I did the following instead, according to the path I put in the env file.

sudo chown -R 2000:2000 /data/mattermost

but it said "chown: cannot access ‘/data/mattermost’: No such file or directory"

I thought I was to be in the folder where I had been yesterday which is cd chatsetup/ which is the folder I created to put the docker compose and env files. I look in my file manager and I don't see anything else in chatsetup. And according to the info on the docker panel for mattermost team edition, in the only environment variables section it says the path is /mattermost/bin:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin.

Am I able to continue from this point once I get a clear idea of where my files are so I can do that permissions command, or... is it better that I just start over since I got disrupted in the flow of things and this whole process got out of whack? I do have the containers active with information (see post #13 above with my screen shots). I'm just not sure about the state of the installation at this point.

If I start over, I assume I can just delete the docker containers and load fresh ones to begin again, correct?

 

[David Borrink]

Bumping this discussion. Hoping that scsa20 or someone else in the know can answer my questions in the previous post from Thursday. Thanks!

 

[scsa20]

You'll need to replace /data/mattermost with whatever the path you had set for your variables

For example, if the variable MATTERMOST_CONFIG_PATH is set for ./volumes/app/mattermost/config, then the path you need to give permissions to is the directory of where the dockerfile is at then volumes then app then mattermost.

 

[David Borrink]

Thanks for writing back, scsa20. My variables I used were the ones you have in your example of what you changed them to. So instead of this in the env file example file you first shared...

MATTERMOST_CONFIG_PATH=./volumes/app/mattermost/config MATTERMOST_DATA_PATH=./volumes/app/mattermost/data MATTERMOST_LOGS_PATH=./volumes/app/mattermost/logs MATTERMOST_PLUGINS_PATH=./volumes/app/mattermost/plugins MATTERMOST_CLIENT_PLUGINS_PATH=./volumes/app/mattermost/client/plugins MATTERMOST_BLEVE_INDEXES_PATH=./volumes/app/mattermost/bleve-indexes MM_BLEVESETTINGS_INDEXDIR=/mattermost/bleve-indexes

I did this like the example you said you changed it to. So that would be the paths I thought I set them up as....

MATTERMOST_CONFIG_PATH=/data/mattermost/config MATTERMOST_DATA_PATH=/data/mattermost/data MATTERMOST_LOGS_PATH=/data/mattermost/logs MATTERMOST_PLUGINS_PATH=/data/mattermost/plugins MATTERMOST_CLIENT_PLUGINS_PATH=/data/mattermost/client/plugins MATTERMOST_BLEVE_INDEXES_PATH=/data/mattermost/bleve-indexesMM_BLEVESETTINGS_INDEXDIR=/mattermost/bleve-indexes

That's why when you gave the info to go in to change permissions with this...

sudo chown -R 2000:2000 ./volumes/app/mattermost

I changed it to this...

sudo chown -R 2000:2000 /data/mattermost

Hmmm.... I just noticed that my last line of the changed paths contains a bunch of extra code that you didn't have in yours.

 

[David Borrink]

I guess as a "bigger picture" question.... should I start over since I was stopped due to a server issue and got out of sequence? Should I delete the containers for the team edition and server and install new ones and run them again since I'll have clear sudo abilities again? See above where I have the plesk panels not showing all the same items that you have in your examples. I'll be glad to go either way. Being a newbie at Docker, I appreciate your taking the time to advise.