From 22538dcde5231c5d2194bd01ab0b02076f1afc27 Mon Sep 17 00:00:00 2001 From: erjemin Date: Fri, 14 Feb 2025 15:57:31 +0300 Subject: [PATCH] add: docker-compose.yml --- docker/docker-nginx-w-certbot.md | 62 +++++++++++++++++++++++++++++++- 1 file changed, 61 insertions(+), 1 deletion(-) diff --git a/docker/docker-nginx-w-certbot.md b/docker/docker-nginx-w-certbot.md index 48fd7cb..659283f 100644 --- a/docker/docker-nginx-w-certbot.md +++ b/docker/docker-nginx-w-certbot.md @@ -594,4 +594,64 @@ fi Тем не менее можно добавить `healthcheck` в `portainer`, проверять, что он отвечает внутри себя по порту 9000, а затем установить зависимость `nginx` от здоровья `portainer`. -Но, кажется, это уже перебор. \ No newline at end of file +Но, кажется, это уже перебор. + +## Итоговый docker-compose.yml + +```yaml +version: '3' +services: + portainer: + image: portainer/portainer-ce:latest + container_name: portainer + volumes: + - /var/run/docker.sock:/var/run/docker.sock + - /home/web/docker-data/portainer:/data + restart: always + networks: + - web + + nginx: + image: nginx:latest + container_name: nginx + ports: + - "80:80" + - "443:443" + volumes: + - /home/web/docker-data/nginx/conf.d:/etc/nginx/conf.d + - /home/web/docker-data/letsencrypt/_cert:/etc/letsencrypt + - /home/web/docker-data/letsencrypt/_ownership_check:/var/www/letsencrypt + restart: always + healthcheck: + # test: ["CMD", "curl", "-f", "http://localhost/.well-known/acme-challenge/"] + # test: ["CMD", "sh", "-c", "netstat -tln | grep -q ':80'"] + test: ["CMD", "sh", "/etc/letsencrypt/healthcheck-nginx.sh"] + interval: 10s + timeout: 3s + retries: 3 + start_period: 10s + networks: + - web + + certbot: + image: certbot/certbot:latest + container_name: letsencrypt-certbot + volumes: + - /home/web/docker-data/letsencrypt/_ownership_check:/var/www/html + - /home/web/docker-data/letsencrypt/_cert:/etc/letsencrypt + - /var/run/docker.sock:/var/run/docker.sock + depends_on: + nginx: + condition: service_healthy + networks: + - web + # entrypoint: "/bin/sh -c 'trap exit TERM; while :; do sleep 12h & wait $${!}; certbot renew; done'" + entrypoint: "/bin/sh -c 'apk add --no-cache curl && trap exit TERM; while :; do sleep 12h & wait $${!}; certbot renew --deploy-hook /etc/letsencrypt/renewal-hooks/deploy/restart-nginx.sh; done'" + +networks: + web: + driver: bridge + ipam: + config: + - subnet: 172.20.0.0/24 # Подсеть для пользовательской сети +``` \ No newline at end of file