SyaibanAhmadRamadhan/docker-compose.yaml

## docker-compose.yaml
version: '3'
services:
   nginx:
     image: nginx
     ports:
       - 80:80
       - 443:443
     volumes:
       # folder containing nginx conf
       - ./nginx-conf:/etc/nginx/conf.d
       - ./options-ssl-nginx.conf:/etc/nginx/conf.d/options-ssl-nginx.conf:ro
       - certbot-etc:/etc/letsencrypt
       - certbot-html:/var/www/certbot
   certbot:
     depends_on:
       - nginx
     image: certbot/certbot
     container_name: certbot
     volumes:
       - certbot-etc:/etc/letsencrypt
       - certbot-html:/var/www/certbot
     command: certonly --webroot --webroot-path /var/www/certbot --force-renewal --email yourmail@example.com -d yourdomain --agree-tos

volumes:
   nginx-config:
   certbot-etc:
   certbot-html:

## options-ssl-nginx.conf
# This file contains important security parameters. If you modify this file
# manually, Certbot will be unable to automatically provide future security
# updates. Instead, Certbot will print and log an error message with a path to
# the up-to-date file that you will need to refer to when manually updating
# this file. Contents are based on https://ssl-config.mozilla.org

ssl_session_cache shared:le_nginx_SSL:10m;
ssl_session_timeout 1440m;
ssl_session_tickets off;

ssl_protocols TLSv1.2 TLSv1.3;
ssl_prefer_server_ciphers off;

ssl_ciphers "ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384";
	version: '3'
	services:
	nginx:
	image: nginx
	ports:
	- 80:80
	- 443:443
	volumes:
	# folder containing nginx conf
	- ./nginx-conf:/etc/nginx/conf.d
	- ./options-ssl-nginx.conf:/etc/nginx/conf.d/options-ssl-nginx.conf:ro
	- certbot-etc:/etc/letsencrypt
	- certbot-html:/var/www/certbot
	certbot:
	depends_on:
	- nginx
	image: certbot/certbot
	container_name: certbot
	volumes:
	- certbot-etc:/etc/letsencrypt
	- certbot-html:/var/www/certbot
	command: certonly --webroot --webroot-path /var/www/certbot --force-renewal --email yourmail@example.com -d yourdomain --agree-tos

	volumes:
	nginx-config:
	certbot-etc:
	certbot-html:
	# This file contains important security parameters. If you modify this file
	# manually, Certbot will be unable to automatically provide future security
	# updates. Instead, Certbot will print and log an error message with a path to
	# the up-to-date file that you will need to refer to when manually updating
	# this file. Contents are based on https://ssl-config.mozilla.org

	ssl_session_cache shared:le_nginx_SSL:10m;
	ssl_session_timeout 1440m;
	ssl_session_tickets off;

	ssl_protocols TLSv1.2 TLSv1.3;
	ssl_prefer_server_ciphers off;

	ssl_ciphers "ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384";