services: nginx-apply: build: ./apply # 只有 80 的 Nginx container_name: nginx_cert_apply ports: - "80:80" volumes: - certbot-www:/var/www/certbot - certbot-conf:/etc/letsencrypt - apply-nginx-log:/var/log/nginx restart: unless-stopped networks: - anfioonet logging: driver: "json-file" options: max-size: "100m" max-file: "3" nginx-domain-proxy: build: ./domain-proxy # 完整 HTTPS Nginx container_name: nginx-domain-proxy ports: - "443:443" volumes: - certbot-www:/var/www/certbot - certbot-conf:/etc/letsencrypt - proxy-nginx-log:/var/log/nginx # 日志挂载 networks: - anfioonet depends_on: - nginx-apply - certbot logging: driver: "json-file" options: max-size: "100m" max-file: "3" certbot: image: certbot/certbot:latest container_name: certbot_apply volumes: - certbot-www:/var/www/certbot - certbot-conf:/etc/letsencrypt depends_on: - nginx-apply environment: - DOMAIN_MAIN=${DOMAIN_MAIN} - DOMAIN_1=${DOMAIN_1} - DOMAIN_2=${DOMAIN_2} - DOMAIN_3=${DOMAIN_3} - DOMAIN_4=${DOMAIN_4} - APPLY_EMAIL=${APPLY_EMAIL} entrypoint: - "/bin/sh" - "-c" - | # 首次申请证书 if [ ! -d "/etc/letsencrypt/live/${DOMAIN_MAIN}" ]; then echo "初次申请证书..." certbot certonly \ --webroot -w /var/www/certbot \ -d ${DOMAIN_1} -d ${DOMAIN_2} -d ${DOMAIN_3} -d ${DOMAIN_4} \ --email ${APPLY_EMAIL} --agree-tos --no-eff-email --non-interactive fi echo "启动每月检查续期循环..." while true; do certbot renew \ --webroot -w /var/www/certbot \ --quiet \ --deploy-hook "docker exec nginx-domain-proxy nginx -s reload" echo "证书续期检查完成,等待30天..." sleep $((30*24*60*60)) # 每30天检查一次 done logging: driver: "json-file" options: max-size: "100m" max-file: "3" volumes: certbot-www: driver: local driver_opts: type: none device: ${SSL_USE}/certbot-www o: bind certbot-conf: driver: local driver_opts: type: none device: ${SSL_USE}/certbot-conf o: bind apply-nginx-log: driver: local driver_opts: type: none device: ${SSL_USE}/apply-nginx-log o: bind proxy-nginx-log: driver: local driver_opts: type: none device: ${SSL_USE}/proxy-nginx-log o: bind networks: anfioonet: name: anfioonet external: true