olsch01
42767e3119
- nginx/ssl.conf: full HTTPS config with HTTP→HTTPS redirect, modern TLS settings, HSTS header, and ACME challenge passthrough for renewals - nginx/certbot-init.conf: minimal HTTP config for initial cert provisioning - docker-compose.ssl.yml: compose override adding port 443, certbot volumes, and auto-renewal sidecar container - docs/DEPLOYMENT.md: comprehensive 3-phase SSL walkthrough (obtain cert, enable SSL, auto-renewal) with day-to-day usage and revert instructions Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
29 lines
819 B
YAML
29 lines
819 B
YAML
# SSL override — use with: docker compose -f docker-compose.yml -f docker-compose.ssl.yml up -d
|
|
#
|
|
# This adds port 443, certbot volumes, and a certbot renewal service
|
|
# to the base docker-compose.yml configuration.
|
|
|
|
services:
|
|
nginx:
|
|
ports:
|
|
- "80:80"
|
|
- "443:443"
|
|
volumes:
|
|
- ./nginx/ssl.conf:/etc/nginx/conf.d/default.conf:ro
|
|
- certbot_www:/var/www/certbot:ro
|
|
- certbot_conf:/etc/letsencrypt:ro
|
|
|
|
certbot:
|
|
image: certbot/certbot:latest
|
|
volumes:
|
|
- certbot_www:/var/www/certbot
|
|
- certbot_conf:/etc/letsencrypt
|
|
networks:
|
|
- hoanet
|
|
# Auto-renew: check twice daily, only renews if < 30 days remain
|
|
entrypoint: "/bin/sh -c 'trap exit TERM; while :; do certbot renew --quiet; sleep 12h & wait $${!}; done'"
|
|
|
|
volumes:
|
|
certbot_www:
|
|
certbot_conf:
|