-
Notifications
You must be signed in to change notification settings - Fork 1
Expand file tree
/
Copy pathdocker-compose.prod.yml
More file actions
48 lines (47 loc) · 1.69 KB
/
docker-compose.prod.yml
File metadata and controls
48 lines (47 loc) · 1.69 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
# Production-only overrides: HTTPS with Let's Encrypt via nginx reverse proxy
services:
# Nginx reverse proxy with HTTPS termination
nginx-proxy:
image: nginx:1.25-alpine
container_name: snippetly-nginx-proxy
ports:
- "80:80"
- "443:443"
volumes:
- ./infra/nginx/prod-nginx.conf:/etc/nginx/nginx.conf:ro
- ./infra/nginx/snippetly.codes.conf:/etc/nginx/conf.d/snippetly.codes.conf:ro
- ./infra/nginx/default.conf:/etc/nginx/conf.d/default.conf:ro
- /opt/app-data/certbot/conf:/etc/letsencrypt:ro
- /opt/app-data/certbot/www:/var/www/certbot:ro
depends_on:
frontend:
condition: service_started
networks:
- default
restart: unless-stopped
healthcheck:
test: ["CMD-SHELL", "wget --no-verbose --tries=1 --spider --header='Host: snippetly.codes' http://127.0.0.1:80/health || exit 1"]
interval: 30s
timeout: 10s
retries: 3
start_period: 10s
# Certbot for Let's Encrypt certificate management
certbot:
image: certbot/certbot:v2.11.0
container_name: snippetly-certbot
volumes:
- /opt/app-data/certbot/conf:/etc/letsencrypt
- /opt/app-data/certbot/www:/var/www/certbot
networks:
- default
# Runs certificate renewal check twice daily
entrypoint: "/bin/sh"
command: >
-c "trap exit TERM;
while :; do
echo 'Running certbot renewal check...';
certbot renew --webroot --webroot-path=/var/www/certbot --quiet --deploy-hook 'docker exec snippetly-nginx-proxy nginx -s reload' || echo 'Certbot renew failed or not needed';
echo 'Next renewal check in 12 hours...';
sleep 12h & wait $$!;
done"
restart: unless-stopped