hoto17296/Dockerfile

## docker-compose.yml
version: '3'

services:

  app:
    image: hoto17296/minimum-httpd

  proxy:
    build: .
    ports:
      - 80:80
      - 443:443
    environment:
      DOMAIN: example.com
      EMAIL: mail@example.com
      UPSTREAM_HOST: app
      UPSTREAM_PORT: 80
    volumes:
      - certs:/etc/letsencrypt
    depends_on:
      - app

volumes:

  certs:
    driver: local

## Dockerfile
FROM python:3-alpine

EXPOSE 80 443

RUN apk add --no-cache --virtual .certbot-deps \
        libffi libssl1.0 openssl ca-certificates binutils

RUN apk add --no-cache --virtual .build-deps \
        gcc linux-headers openssl-dev musl-dev libffi-dev \
    && pip install --no-cache-dir certbot \
    && apk del .build-deps

RUN apk add --no-cache nmap-ncat

COPY run.sh /

CMD ["sh", "/run.sh"]

## run.sh
KEY=/etc/letsencrypt/live/${DOMAIN}/privkey.pem
CERT=/etc/letsencrypt/live/${DOMAIN}/fullchain.pem

if [[ $(certbot certificates -d ${DOMAIN} 2>/dev/null | grep -c "Certificate Name: ${DOMAIN}") -eq 0 ]]
then
  certbot certonly --standalone -d ${DOMAIN} -n --agree-tos --email ${EMAIL}
else
  certbot renew
fi

ncat -lk -p 80 -c "echo -e 'HTTP/1.1 301 Moved Permanently\nLocation: https://${DOMAIN}'" &

ncat -lk -p 443 --ssl-cert ${CERT} --ssl-key ${KEY} \
  -c "ncat ${UPSTREAM_HOST} ${UPSTREAM_PORT:-80}"
	version: '3'

	services:

	app:
	image: hoto17296/minimum-httpd

	proxy:
	build: .
	ports:
	- 80:80
	- 443:443
	environment:
	DOMAIN: example.com
	EMAIL: mail@example.com
	UPSTREAM_HOST: app
	UPSTREAM_PORT: 80
	volumes:
	- certs:/etc/letsencrypt
	depends_on:
	- app

	volumes:

	certs:
	driver: local
	FROM python:3-alpine

	EXPOSE 80 443

	RUN apk add --no-cache --virtual .certbot-deps \
	libffi libssl1.0 openssl ca-certificates binutils

	RUN apk add --no-cache --virtual .build-deps \
	gcc linux-headers openssl-dev musl-dev libffi-dev \
	&& pip install --no-cache-dir certbot \
	&& apk del .build-deps

	RUN apk add --no-cache nmap-ncat

	COPY run.sh /

	CMD ["sh", "/run.sh"]
	KEY=/etc/letsencrypt/live/${DOMAIN}/privkey.pem
	CERT=/etc/letsencrypt/live/${DOMAIN}/fullchain.pem

	if [[ $(certbot certificates -d ${DOMAIN} 2>/dev/null \| grep -c "Certificate Name: ${DOMAIN}") -eq 0 ]]
	then
	certbot certonly --standalone -d ${DOMAIN} -n --agree-tos --email ${EMAIL}
	else
	certbot renew
	fi

	ncat -lk -p 80 -c "echo -e 'HTTP/1.1 301 Moved Permanently\nLocation: https://${DOMAIN}'" &

	ncat -lk -p 443 --ssl-cert ${CERT} --ssl-key ${KEY} \
	-c "ncat ${UPSTREAM_HOST} ${UPSTREAM_PORT:-80}"