54 lines
1.5 KiB
YAML
54 lines
1.5 KiB
YAML
services:
|
|
nginx:
|
|
image: nginx:latest
|
|
container_name: nginx-main
|
|
ports:
|
|
- "80:80"
|
|
- "443:443"
|
|
volumes:
|
|
- ./config/nginx/:/etc/nginx/:ro # Nginx should only read its config
|
|
- ./data/auth/:/etc/nginx/auth:ro
|
|
- ./data/certbot:/var/www/certbot/:ro
|
|
- ./config/certbot:/etc/letsencrypt/:ro
|
|
- ./data/www/html/:/var/www/html/:ro
|
|
- ./logs/nginx/:/var/log/nginx/:rw
|
|
networks:
|
|
- fast-services
|
|
restart: always
|
|
|
|
certbot:
|
|
image: certbot/certbot
|
|
container_name: certbot
|
|
# The container will not run automatically; it's used for one-off commands
|
|
entrypoint: "/bin/sh -c 'trap exit TERM; while :; do certbot renew; sleep 12h & wait $!; done;'"
|
|
volumes:
|
|
# Must be read-write for certbot to place challenge files
|
|
- ./data/certbot/:/var/www/certbot/:rw
|
|
# Must be read-write for certbot to store and renew certificates
|
|
- ./config/certbot/:/etc/letsencrypt/:rw
|
|
# Only runs when explicitly called or for renewal cronjob
|
|
restart: unless-stopped
|
|
networks:
|
|
- fast-services
|
|
|
|
fail2ban:
|
|
image: crazymax/fail2ban:latest
|
|
container_name: fail2ban
|
|
# Required for Fail2Ban to modify host firewall rules
|
|
network_mode: host
|
|
cap_add:
|
|
- NET_ADMIN
|
|
- NET_RAW
|
|
# Ensure it always restarts
|
|
restart: always
|
|
volumes:
|
|
- ./logs/nginx:/var/log/nginx:ro
|
|
- ./data/fail2ban:/data
|
|
environment:
|
|
# Optional: set timezone
|
|
- TZ=Europe/Berlin
|
|
|
|
networks:
|
|
fast-services:
|
|
external: true
|