Issue with Traefik reverse proxy setup for Mattermost in Docker container

giannencljsn · April 4, 2025, 3:06am

Hi Traefik community,

I'm currently trying to deploy Mattermost using Docker Compose, with Traefik as a reverse proxy to handle automatic SSL configuration and routing. The domain for the Mattermost service is mattermost.phonevillemobile.com. However, I'm encountering an issue where the Mattermost container is continuously restarting after running the following commands:

docker compose -f docker-compose.yml -f docker-compose.without-nginx.yml up -d

My docker-compose.yml :

name: mattermost
# https://docs.docker.com/compose/environment-variables/
services:
  postgres:
    image: postgres:${POSTGRES_IMAGE_TAG}
    restart: ${RESTART_POLICY}
    security_opt:
      - seccomp:unconfined
    pids_limit: 100
    read_only: true
    tmpfs:
      - /tmp
      - /var/run/postgresql
    volumes:
      - ${POSTGRES_DATA_PATH}:/var/lib/postgresql/data
    environment:
      - TZ
      - POSTGRES_USER
      - POSTGRES_PASSWORD
      - POSTGRES_DB

  mattermost:
    depends_on:
      - postgres
    image: mattermost/${MATTERMOST_IMAGE}:${MATTERMOST_IMAGE_TAG}
    container_name: mattermost
    restart: unless-stopped
    security_opt:
      - no-new-privileges:true
    pids_limit: 200
    read_only: ${MATTERMOST_CONTAINER_READONLY}
    tmpfs:
      - /tmp
    volumes:
      - ${MATTERMOST_CONFIG_PATH}:/mattermost/config:rw
      - ${MATTERMOST_DATA_PATH}:/mattermost/data:rw
      - ${MATTERMOST_LOGS_PATH}:/mattermost/logs:rw
      - ${MATTERMOST_PLUGINS_PATH}:/mattermost/plugins:rw
      - ${MATTERMOST_CLIENT_PLUGINS_PATH}:/mattermost/client/plugins:rw
      - ${MATTERMOST_BLEVE_INDEXES_PATH}:/mattermost/bleve-indexes:rw
    labels:
      - traefik.docker.network=traefik-public
      - traefik.enable=true
      - traefik.http.routers.mattermost-http.entrypoints=http
      - traefik.http.routers.mattermost-http.middlewares=https-redirect
      - traefik.http.routers.mattermost-http.rule=Host(`mattermost.phonevillemobile.com`)
      - traefik.http.routers.mattermost-http.service=mattermost
      - traefik.http.routers.mattermost-https.entrypoints=https
      - traefik.http.routers.mattermost-https.rule=Host(`mattermost.phonevillemobile.com`)
      - traefik.http.routers.mattermost-https.service=mattermost
      - traefik.http.routers.mattermost-https.tls=true
      - traefik.http.routers.mattermost-https.tls.certresolver=le
      - traefik.http.services.mattermost.loadbalancer.server.port=8065
      - traefik.http.routers.mattermost.rule=Host(`mattermost.phonevillemobile.com`)
    environment:
      - TZ
      - MM_SQLSETTINGS_DRIVERNAME
      - MM_SQLSETTINGS_DATASOURCE
      - MM_BLEVESETTINGS_INDEXDIR
      - MM_SERVICESETTINGS_SITEURL

   
networks:
  traefik_proxy:
    external: true

My docker-compose.without-nginx.yml:

services:
  mattermost:
    ports:
      - "8065:8065"

Help please?

bluepuma77 · April 4, 2025, 4:55am

What’s the log output?

giannencljsn · April 4, 2025, 5:24am

Mattermost logs:

exec /entrypoint.sh: operation not permitted
exec /entrypoint.sh: operation not permitted
exec /entrypoint.sh: operation not permitted
exec /entrypoint.sh: operation not permitted
exec /entrypoint.sh: operation not permitted
exec /entrypoint.sh: operation not permitted
exec /entrypoint.sh: operation not permitted
exec /entrypoint.sh: operation not permitted
exec /entrypoint.sh: operation not permitted
exec /entrypoint.sh: operation not permitted

bluepuma77 · April 4, 2025, 5:45am

You set read_only for the service/container?

giannencljsn · April 4, 2025, 5:48am

MATTERMOST_CONTAINER_READONLY=false

should i also set this thing to 'false' in the docker-compose.yml ?

bluepuma77 · April 4, 2025, 5:52am

I can only guess, but those settings are most rarely used. You could try to run without.

You could also try to add

    security_opt:
      - seccomp:unconfined

What OS are you using? How did you install Docker?

Also note that you would usually not publish ports: on the target service/container, as that might circumvent using Traefik security middlewares.

Instead Traefik and target service should share a common Docker network, within all ports are reachable anyway.

giannencljsn · April 4, 2025, 6:08am

Hi there, I'm using Ubuntu Server 22.04 on a VPS

I've followed this one when installing mattermost:

cd mattermost/docker

bluepuma77 · April 4, 2025, 10:03am

The without-nginx probably stands for "without reverse proxy", as it will open the ports of the container directly. So not needed with Traefik.

You use multiple ENV vars in your compose file, many things could be wrong. But we don't know.

And again the question: how did you install Docker? Root-less?

As a most basic test, you can try to run docker run -it mattermost/mattermost-team-edition (or whatever image you are using). But this really seems more like a Docker permission issue, has nothing to do with Traefik.

Topic		Replies	Views
Mattermost behind Treafik v2 Traefik v2 docker	1	2195	January 15, 2020
Newbie is lost with too many docker-compose.yml - do I have to copy the content of each service in a big single traefik dedicated docker-compose.yml? Traefik v2 docker	3	1440	January 11, 2020
Service Discovery with Multiple Networks Involved Traefik v2 docker	3	13569	December 26, 2020
Second http route keeps restarting Traefik v2 docker	1	1752	July 24, 2020
Trying to connect multiple app to one domain Traefik v3 (latest) docker	9	53	December 28, 2024

Issue with Traefik reverse proxy setup for Mattermost in Docker container

Related topics