2021-01-28 13:34:53 -05:00
|
|
|
version: '3'
|
|
|
|
|
|
|
|
services:
|
|
|
|
nginx-terminate:
|
2022-09-11 10:10:44 -04:00
|
|
|
image: nginx:alpine
|
2021-01-28 13:34:53 -05:00
|
|
|
restart: unless-stopped
|
|
|
|
volumes:
|
2022-09-11 10:10:44 -04:00
|
|
|
- ./data/nginx-terminate/nginx.conf:/etc/nginx/nginx.conf:Z
|
|
|
|
- ./data/certbot/conf:/etc/letsencrypt:Z
|
|
|
|
- ./data/certbot/www:/var/www/certbot:Z
|
2022-09-13 03:35:07 -04:00
|
|
|
read_only: true
|
2021-01-28 13:34:53 -05:00
|
|
|
ports:
|
|
|
|
- "443:443"
|
2022-09-22 15:40:24 -04:00
|
|
|
- "80:80"
|
2022-09-11 11:03:17 -04:00
|
|
|
security_opt:
|
|
|
|
- no-new-privileges:true
|
|
|
|
cap_drop:
|
|
|
|
- ALL
|
|
|
|
cap_add:
|
|
|
|
- CAP_NET_BIND_SERVICE
|
|
|
|
- CHOWN
|
2022-09-13 03:35:07 -04:00
|
|
|
tmpfs:
|
|
|
|
- /var/run:size=50M,mode=0770,noexec,nosuid,nodev
|
2021-01-28 13:34:53 -05:00
|
|
|
nginx-relay:
|
2022-09-11 10:10:44 -04:00
|
|
|
image: nginx:alpine
|
2021-01-28 13:34:53 -05:00
|
|
|
restart: unless-stopped
|
|
|
|
volumes:
|
2022-09-11 10:10:44 -04:00
|
|
|
- ./data/nginx-relay/nginx.conf:/etc/nginx/nginx.conf:Z
|
2022-09-13 03:35:07 -04:00
|
|
|
read_only: true
|
2022-09-11 11:03:17 -04:00
|
|
|
security_opt:
|
|
|
|
- no-new-privileges:true
|
|
|
|
cap_drop:
|
|
|
|
- ALL
|
2022-09-13 03:35:07 -04:00
|
|
|
tmpfs:
|
|
|
|
- /var/run:size=50M,mode=0770,noexec,nosuid,nodev
|
2021-01-28 13:34:53 -05:00
|
|
|
certbot:
|
|
|
|
image: certbot/certbot
|
|
|
|
restart: unless-stopped
|
|
|
|
volumes:
|
2022-09-11 10:10:44 -04:00
|
|
|
- ./data/certbot/conf:/etc/letsencrypt:Z
|
|
|
|
- ./data/certbot/www:/var/www/certbot:Z
|
|
|
|
ports:
|
|
|
|
- "80:80"
|
2022-09-11 11:03:17 -04:00
|
|
|
entrypoint: "/bin/sh -c 'trap exit TERM; while :; do certbot renew; sleep 12h & wait $${!}; done;'"
|
|
|
|
security_opt:
|
|
|
|
- no-new-privileges:true
|
|
|
|
cap_drop:
|
|
|
|
- ALL
|
|
|
|
cap_add:
|
|
|
|
- CAP_NET_BIND_SERVICE
|