version: '3' services: nginx-terminate: build: ./nginx-terminate/ restart: unless-stopped volumes: - ./data/nginx-terminate:/etc/nginx/conf.d - ./data/certbot/conf:/etc/letsencrypt - ./data/certbot/www:/var/www/certbot ports: - "443:443" command: "/bin/sh -c 'while :; do sleep 6h & wait $${!}; /opt/nginx/sbin/nginx -s reload; done & /opt/nginx/sbin/nginx -c /etc/nginx/conf.d/nginx.conf -g \"daemon off;\"'" security_opt: - no-new-privileges:true cap_drop: - ALL cap_add: - CAP_NET_BIND_SERVICE - CHOWN - SETUID - SETGID nginx-relay: build: ./nginx-relay/ restart: unless-stopped volumes: - ./data/nginx-relay:/etc/nginx/conf.d command: "/bin/sh -c 'while :; do sleep 6h & wait $${!}; /opt/nginx/sbin/nginx -s reload; done & /opt/nginx/sbin/nginx -c /etc/nginx/conf.d/nginx.conf -g \"daemon off;\"'" security_opt: - no-new-privileges:true cap_drop: - ALL cap_add: - SETUID - SETGID certbot: image: certbot/certbot restart: unless-stopped volumes: - ./data/certbot/conf:/etc/letsencrypt - ./data/certbot/www:/var/www/certbot entrypoint: "/bin/sh -c 'trap exit TERM; while :; do certbot renew; sleep 12h & wait $${!}; done;'" security_opt: - no-new-privileges:true