diff --git a/docker-compose.yml b/docker-compose.yml index 9515395..d0706db 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -3,17 +3,23 @@ services: image: demo-app:latest container_name: demo-app restart: unless-stopped - nginx: - image: nginx:alpine # Switch to plain Nginx (no Certbot) + image: jonasal/nginx-certbot:latest container_name: demo-nginx restart: unless-stopped ports: - 8008:80 - 4433:443 + environment: + - CERTBOT_EMAIL=the.dark.mist23@gmail.com + - ENVSUBST_TEMPLATE_SUFFIX=.tmpl # Enables template processing if needed + - CERTBOT_DISABLED=true # Disable auto Certbot to use manual certs volumes: - ./nginx_user_conf.d:/etc/nginx/conf.d/ - - /home/devroot/demo/certs/fullchain.pem:/etc/nginx/ssl/fullchain.pem:ro # Mount cert - - /home/devroot/demo/certs/prvkey.pem:/etc/nginx/ssl/privkey.pem:ro # Mount key + - letsencrypt:/etc/letsencrypt + - /home/devroot/demo/certs/fullchain.pem:/etc/nginx/ssl/origin_cert.pem:ro # Mount cert + - /home/devroot/demo/certs/prvkey.pem:/etc/nginx/ssl/origin_key.key:ro # Mount key depends_on: - app +volumes: + letsencrypt: diff --git a/nginx_user_conf.d/server.conf b/nginx_user_conf.d/server.conf index 981e5ef..3e7da65 100644 --- a/nginx_user_conf.d/server.conf +++ b/nginx_user_conf.d/server.conf @@ -2,7 +2,7 @@ server { listen 80; server_name demo.networkwizard.xyz; - # Optional: Redirect HTTP to HTTPS (access via external port 8008 redirects to 4433) + # Optional: Redirect HTTP to HTTPS (adjust port if needed) location / { return 301 https://$host:4433$request_uri; } @@ -12,8 +12,8 @@ server { listen 443 ssl; server_name demo.networkwizard.xyz; - ssl_certificate /etc/nginx/ssl/fullchain.pem; - ssl_certificate_key /etc/nginx/ssl/privkey.pem; + ssl_certificate /etc/nginx/ssl/origin_cert.pem; + ssl_certificate_key /etc/nginx/ssl/origin_key.key; # Optional: Enhance security ssl_protocols TLSv1.2 TLSv1.3;