How to secure Mattermost on docker and a few more questions

Troubleshooting
1

Summary
I have installed Mattermost on Ubuntu server and planing to run it in production with a small team. I have followed the official guide and use Nginx as reverse proxy. I am getting stuck in chaging the postgresql password in the env file. Whenever I do it, nginx stops working with an error (502). Hoq should I do that? Is there anything else from a security perspective I should consider?

Also, how would I simply update Mattermost to a new version with this setup now?

Thank you a lot
Stefano

2

Hi Stefano! It’s great to hear that you’re setting up Mattermost for your team!

To change the PostgreSQL password in the .env file without disrupting Nginx, make sure to update the corresponding database credentials in your Mattermost configuration file as well.

You can refer to the Mattermost documentation on database setup for more details. For updating Mattermost, here’s a guide on deploying to Docker.

Hope this helps!

3

thank you John for the reply! So to clarify should I change also the password in the service or just the env and update the compose file? or do you mean the config file of Postgres?

I was thinking of changing the password in the env file and then use the postgres command inside the container to update it but I am not sure that’s enough and it’s not 100% clear from the documentation.

I followed the official doc to install it with docker so I have nginx as well as a container

thanks again

1 Like
4

Hi Stefano, you’re on the right track! After updating the password in the .env file, you’ll also need to change the PostgreSQL password inside the container to ensure everything aligns. You can use the PostgreSQL command within the container to update it, but make sure to also update the Mattermost configuration file (config.json) to match the new credentials.

5

Thank you John, I tried changing it on the postgres command line and on the env file (docker compose file uses the env variables). Still not working because what I see in the config.json is the following:

CONFIG JSON:

“SqlSettings”: {
“DriverName”: “postgres”,
“DataSource”: “postgres://mmuser:mostest@localhost/mattermost_test?sslmode=disable\u0026connect_timeout=10\u0026binary_parameters=yes”,
“DataSourceReplicas”: ,
“DataSourceSearchReplicas”: ,
“MaxIdleConns”: 20,
“ConnMaxLifetimeMilliseconds”: 3600000,
“ConnMaxIdleTimeMilliseconds”: 300000,
“MaxOpenConns”: 300,
“Trace”: false,
“AtRestEncryptKey”: “ruskdddxc4yao8osghji9e1yfng4facs”,
“QueryTimeout”: 30,
“DisableDatabaseSearch”: false,
“MigrationsStatementTimeoutSeconds”: 100000,
“ReplicaLagSettings”: ,
“ReplicaMonitorIntervalSeconds”: 5
},

ENV FILE:
POSTGRES_IMAGE_TAG=13-alpine

POSTGRES_DATA_PATH=./volumes/db/var/lib/postgresql/data

POSTGRES_USER=mmuser

POSTGRES_PASSWORD=mmuser_password

POSTGRES_DB=mattermost

while on the env file I have different username and database. Where is the mistake? Which database am I really using?

6

UPDATE: I checked the data and the database I am really using is the one inside the ENV file. But if I change the password to it I still get a 502 bad gateway, so it means that the config file is really not a reference. What should I do?

this is the command I am using for starting and stopping everything:

sudo docker compose -f docker-compose.yml -f docker-compose.nginx.yml up -d
sudo docker compose -f docker-compose.yml -f docker-compose.without-nginx.yml down