Improve doc for docker installations

[HarHarLinks]

Add some documentation for docker as well as general installations.

See also discussion in chat: #slack_bridge:matrix.org

See also #304

[HarHarLinks]

Signed-off-by: Kim Brose kim.brose@rwth-aachen.de

[Half-Shot]

Thanks, this looks useful. Can you add a newsfile as this doc

[auscompgeek]

Your newsfile needs to be a single line.

[Half-Shot]

In general this is a big improvement. But I am concerned about telling people to use --network=host from a security and general grossness pov.

[Half-Shot]

I'm worried about opening up the docker image to the hosts' network. I think I would rather suggest creating a seperate postgres contaienr and using --link?

[HarHarLinks]

I agree, and I note and explain this later. But afaik the communication also needs to be able to reach the homeserver (which might be in another container, host, or other) and vice versa. I do not know of a stable way to route this, except outgoing via domain. Can you reserve/bind an IP to a container?

[HarHarLinks]

I have continued experimenting and created this docker-compose.yaml for setups running the bridge with docker, but postgres and homeserver natively.
It works for me right now, except for receiving messages from slack (however when i call the webhook url manually, it shows up in log).
This configuration can be started using docker-compose up -d.

version: "2.4" # version 2 is needed to support setting gateway

services:

  slack:
    container_name: appservice-slack
    image: matrixdotorg/matrix-appservice-slack
    restart: always
    volumes:
      - "~synapse/bridges/slack/:/config/" # mount your config folder (where you keep config.yaml)
    ports:
      - "127.0.0.1:5858:5858" # must be reachable from homeserver, so variate this accordingly
      - "9898:9898" # must be reachable from the internet. remember to open your firewall
    networks:
      default:
        ipv4_address: 172.19.0.2 # bind to this ip to allow precise psql config and firewalling

# this network setup is for dockered appservice + native homeserver and db.
# if you docker these or other matrix services, you should consider joining them on the same virtual network.
networks:
  default:
    driver: bridge
    ipam:
      driver: default
      config:
        - subnet: "172.19.0.0/16"
          gateway: 172.19.0.1
# note the absence of a dash on the gateway line
# https://github.com/docker/compose/issues/4456

In addition to this, postgres must be configured to listen and allow connections from docker.
edit postgresql.conf:

listen_addresses = 'localhost,172.19.0.1' # include docker slack: this is the gateway IP from docker-compose.yaml
# also check the configured port to use in config.yaml connectionString

append to pg_hba.conf:

# allow password authenticated connections from docker: this is the subnet from docker-compose.yaml
host    all             all             172.19.0.1/16           md5

Notable changes in appservice-slack config.yaml:

homeserver:
  url: http://172.19.0.1:8008 # can also use the public facing IP and port, e.g. https://homeserver.domain:8448
db:
# connectionString: "postgresql://user:password@gateway:port/slack_bridge?sslmode=require" # A postgres connection string
# for example:
  connectionString: "postgresql://slackbridge_user:password@172.19.0.1:5433/slack_bridge?sslmode=require" # A postgres connection string

[Half-Shot]

I'll let you off, but this should have been a seperate PR because it's not really relevant to the context :p