version: '3'

services:
  webserver:
    image: nginx:latest # 1.25.2-bookworm
    ports:
      - 80:80
      - 443:443
    restart: always
    volumes:
      - ./nginx/conf/:/etc/nginx/conf.d/:ro
      - ./certbot/www/:/var/www/certbot/:ro
  certbot:
    image: certbot/certbot:latest
    volumes:
      - ./certbot/www/:/var/www/certbot/:rw
      - ./certbot/conf/:/etc/letsencrypt/:rw

# 1. sudo nano /etc/nginx/conf.d/academyspielwiese.conf
# 2. docker-compose run --rm certbot certonly --webroot --webroot-path /var/www/certbot/ --dry-run -d sca.spielwiese.domain
# When prompted, enter your email for notices from Let's Encrypt. This step is optional, and you can skip it by typing c and pressing Enter.
# Wait for the procedure to finish. If Docker reports no errors, run the command without the --dry-run flag:
# 3. docker-compose run --rm certbot certonly --webroot --webroot-path /var/www/certbot/ -d [domain-name]
#
# 4. docker-compose exec webserver nginx -s reload
# Let's Encrypt certificates last for three months, after which it is necessary to renew them.
# [5.] docker-compose run --rm certbot renew