1
0
mirror of https://github.com/ArcticFoxes-net/Signal-TLS-Proxy synced 2024-11-17 17:41:32 -05:00
Signal-TLS-Proxy/docker-compose.yml
samsepi0l cea65fe055
Set volumes to read-only (#6)
P.S. I also forgot to mention line 10 in the issue in which I also set ro.

Signed-off-by: samsepi0l <contact@simpleprivacy.fr>
2023-12-01 05:44:21 -07:00

46 lines
1.3 KiB
YAML

version: '3'
services:
nginx-terminate:
image: nginx:alpine
restart: unless-stopped
volumes:
- ./data/nginx-terminate/nginx.conf:/etc/nginx/nginx.conf:ro,Z
- ./data/certbot/conf:/etc/letsencrypt:ro,z
- ./data/certbot/www:/var/www/certbot:ro,z
ports:
- "443:443"
- "80:80"
security_opt:
- no-new-privileges:true
cap_drop:
- ALL
cap_add:
- CHOWN
- SETUID
- SETGID
- NET_BIND_SERVICE
command: "/bin/sh -c 'while :; do sleep 6h & wait $${!}; /usr/sbin/nginx -s reload; done & /usr/sbin/nginx -c /etc/nginx/nginx.conf -g \"daemon off;\"'"
nginx-relay:
image: nginx:alpine
restart: unless-stopped
volumes:
- ./data/nginx-relay/nginx.conf:/etc/nginx/nginx.conf:ro,Z
security_opt:
- no-new-privileges:true
cap_drop:
- ALL
cap_add:
- SETUID
- SETGID
command: "/bin/sh -c 'while :; do sleep 6h & wait $${!}; /usr/sbin/nginx -s reload; done & /usr/sbin/nginx -c /etc/nginx/nginx.conf -g \"daemon off;\"'"
certbot:
image: certbot/certbot
restart: unless-stopped
volumes:
- ./data/certbot/conf:/etc/letsencrypt:z
- ./data/certbot/www:/var/www/certbot:z
entrypoint: "/bin/sh -c 'trap exit TERM; while :; do certbot renew; sleep 12h & wait $${!}; done;'"
security_opt:
- no-new-privileges:true