disabled auto certbot, switched to nginx:alpine

docker-compose.yml

@@ -3,17 +3,23 @@ services:
     image: demo-app:latest
     container_name: demo-app
     restart: unless-stopped
-
   nginx:
-    image: nginx:alpine  # Switch to plain Nginx (no Certbot)
+    image: jonasal/nginx-certbot:latest
     container_name: demo-nginx
     restart: unless-stopped
     ports:
       - 8008:80
       - 4433:443
+    environment:
+      - CERTBOT_EMAIL=the.dark.mist23@gmail.com
+      - ENVSUBST_TEMPLATE_SUFFIX=.tmpl # Enables template processing if needed
+      - CERTBOT_DISABLED=true  # Disable auto Certbot to use manual certs
     volumes:
       - ./nginx_user_conf.d:/etc/nginx/conf.d/
-      - /home/devroot/demo/certs/fullchain.pem:/etc/nginx/ssl/fullchain.pem:ro  # Mount cert
-      - /home/devroot/demo/certs/prvkey.pem:/etc/nginx/ssl/privkey.pem:ro  # Mount key
+      - letsencrypt:/etc/letsencrypt
+      - /home/devroot/demo/certs/fullchain.pem:/etc/nginx/ssl/origin_cert.pem:ro # Mount cert
+      - /home/devroot/demo/certs/prvkey.pem:/etc/nginx/ssl/origin_key.key:ro # Mount key
     depends_on:
       - app
+volumes:
+  letsencrypt:

nginx_user_conf.d/server.conf

@@ -2,7 +2,7 @@ server {
     listen 80;
     server_name demo.networkwizard.xyz;
 
-    # Optional: Redirect HTTP to HTTPS (access via external port 8008 redirects to 4433)
+    # Optional: Redirect HTTP to HTTPS (adjust port if needed)
     location / {
         return 301 https://$host:4433$request_uri;
     }
@@ -12,8 +12,8 @@ server {
     listen 443 ssl;
     server_name demo.networkwizard.xyz;
 
-    ssl_certificate /etc/nginx/ssl/fullchain.pem;
-    ssl_certificate_key /etc/nginx/ssl/privkey.pem;
+    ssl_certificate /etc/nginx/ssl/origin_cert.pem;
+    ssl_certificate_key /etc/nginx/ssl/origin_key.key;
 
     # Optional: Enhance security
     ssl_protocols TLSv1.2 TLSv1.3;