dluciano/docker-compose.yml

## docker-compose.yml
# webserver:
  #   image: nginx:latest
  #   ports:
  #     - 80:80
  #     - 443:443
  #   restart: always
  #   volumes:
  #     - ./prod/nginx/www/:/var/www/html:ro
  #     - ./prod/nginx/conf/:/etc/nginx/conf.d/:ro
  #   networks:
  #     - public_net
  #     - private_net

  nginx:
    image: jonasal/nginx-certbot:latest
    restart: unless-stopped
    # environment:
    #   - CERTBOT_EMAIL
    env_file:
      - ./prod/nginx/nginx-certbot.env
    ports:
      - 80:80
      - 443:443
    volumes:
      - ./prod/nginx/config:/etc/nginx/user_conf.d
      - ./prod/letsencrypt:/etc/letsencrypt
    networks:
      - public_net
      - private_net

## file.conf
# prod/nginx/config/www.vm-backend-courier-ip.eastus.cloudapp.azure.com.conf
server {
    # Listen to port 443 on both IPv4 and IPv6.
    listen 443 ssl default_server reuseport;
    listen [::]:443 ssl default_server reuseport;

    # Domain names this server should respond to.
    server_name vm-backend-courier-ip.eastus.cloudapp.azure.com;

    # Load the certificate files.
    ssl_certificate         /etc/letsencrypt/live/vm-backend-courier-ip.eastus.cloudapp.azure.com/fullchain.pem;
    ssl_certificate_key     /etc/letsencrypt/live/vm-backend-courier-ip.eastus.cloudapp.azure.com/privkey.pem;
    ssl_trusted_certificate /etc/letsencrypt/live/vm-backend-courier-ip.eastus.cloudapp.azure.com/chain.pem;

    # Load the Diffie-Hellman parameter.
    ssl_dhparam /etc/letsencrypt/dhparams/dhparam.pem;

    server_tokens off;
    location /api {
        proxy_pass http://courier-api:4545/api;
        proxy_http_version 1.1;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection 'upgrade';
        proxy_set_header Host $host;
        proxy_cache_bypass $http_upgrade;
    }
}

## nginx-certbot.env
# prod/nginx/nginx-certbot.env
# Required
CERTBOT_EMAIL=contact@ssd.com.do

# Optional (Defaults)
# DHPARAM_SIZE=2048
# ELLIPTIC_CURVE=secp256r1
# RENEWAL_INTERVAL=8d
# RSA_KEY_SIZE=2048
# STAGING=0
# USE_ECDSA=1

# Advanced (Defaults)
# CERTBOT_AUTHENTICATOR=webroot
# CERTBOT_DNS_PROPAGATION_SECONDS=""
# DEBUG=0
# USE_LOCAL_CA=0
	# webserver:
	# image: nginx:latest
	# ports:
	# - 80:80
	# - 443:443
	# restart: always
	# volumes:
	# - ./prod/nginx/www/:/var/www/html:ro
	# - ./prod/nginx/conf/:/etc/nginx/conf.d/:ro
	# networks:
	# - public_net
	# - private_net

	nginx:
	image: jonasal/nginx-certbot:latest
	restart: unless-stopped
	# environment:
	# - CERTBOT_EMAIL
	env_file:
	- ./prod/nginx/nginx-certbot.env
	ports:
	- 80:80
	- 443:443
	volumes:
	- ./prod/nginx/config:/etc/nginx/user_conf.d
	- ./prod/letsencrypt:/etc/letsencrypt
	networks:
	- public_net
	- private_net
	# prod/nginx/config/www.vm-backend-courier-ip.eastus.cloudapp.azure.com.conf
	server {
	# Listen to port 443 on both IPv4 and IPv6.
	listen 443 ssl default_server reuseport;
	listen [::]:443 ssl default_server reuseport;

	# Domain names this server should respond to.
	server_name vm-backend-courier-ip.eastus.cloudapp.azure.com;

	# Load the certificate files.
	ssl_certificate /etc/letsencrypt/live/vm-backend-courier-ip.eastus.cloudapp.azure.com/fullchain.pem;
	ssl_certificate_key /etc/letsencrypt/live/vm-backend-courier-ip.eastus.cloudapp.azure.com/privkey.pem;
	ssl_trusted_certificate /etc/letsencrypt/live/vm-backend-courier-ip.eastus.cloudapp.azure.com/chain.pem;

	# Load the Diffie-Hellman parameter.
	ssl_dhparam /etc/letsencrypt/dhparams/dhparam.pem;

	server_tokens off;
	location /api {
	proxy_pass http://courier-api:4545/api;
	proxy_http_version 1.1;
	proxy_set_header Upgrade $http_upgrade;
	proxy_set_header Connection 'upgrade';
	proxy_set_header Host $host;
	proxy_cache_bypass $http_upgrade;
	}
	}
	# prod/nginx/nginx-certbot.env
	# Required
	CERTBOT_EMAIL=contact@ssd.com.do

	# Optional (Defaults)
	# DHPARAM_SIZE=2048
	# ELLIPTIC_CURVE=secp256r1
	# RENEWAL_INTERVAL=8d
	# RSA_KEY_SIZE=2048
	# STAGING=0
	# USE_ECDSA=1

	# Advanced (Defaults)
	# CERTBOT_AUTHENTICATOR=webroot
	# CERTBOT_DNS_PROPAGATION_SECONDS=""
	# DEBUG=0
	# USE_LOCAL_CA=0