kurosabo/docker-compose.yml

## docker-compose.yml
version: "3.9"

services:
  lego-init:
    image: goacme/lego:latest
    entrypoint: '
      sh -c "
        /lego --path /certs list --names | grep -F ${LEGO_DOMAIN}
        || /lego
          --path /certs
          --dns route53
          --email ${LEGO_MAIL}
          --domains "*.${LEGO_DOMAIN}"
          --domains "${LEGO_DOMAIN}"
          --accept-tos
          run" '
    command: ""
    volumes:
      - certs:/certs
    environment:
      - AWS_CONFIG_FILE=/run/secrets/aws_config
      - AWS_SHARED_CREDENTIALS_FILE=/run/secrets/aws_credentials
    secrets:
      - aws_config
      - aws_credentials


  lego-renew:
    image: goacme/lego:latest
    entrypoint: '
      sh -c "trap exit TERM;
        while :;
        do
          /lego
            --path /certs
            --dns route53
            --email ${LEGO_MAIL}
            --domains "*.${LEGO_DOMAIN}"
            --domains "${LEGO_DOMAIN}"
            --accept-tos
            renew
            --days 15 ;
          sleep 12h & wait $${!};
        done;" '
    command: ""
    volumes:
      - certs:/certs
    environment:
      - AWS_CONFIG_FILE=/run/secrets/aws_config
      - AWS_SHARED_CREDENTIALS_FILE=/run/secrets/aws_credentials
    secrets:
      - aws_config
      - aws_credentials
    restart: unless-stopped
    depends_on:
      lego-init:
        condition: service_completed_successfully

  nginx:
    image: nginx:stable
    ports:
    - 80:80
    - 443:443
    volumes:
      - certs:/certs
      - ./nginx/conf.d:/etc/nginx/conf.d:ro
    restart: unless-stopped
    depends_on:
      lego-init:
        condition: service_completed_successfully


volumes:
  certs:


secrets:
  aws_config:
    file: aws_config
  aws_credentials:
    file: secret_aws_credentials


## memo.md

      
    Raw
  

              memo.md
            
          
    depends_on condition: service_completed_successfully を docker-compose.yml で使う
nginxで証明書がないと起動しない問題をservice_completed_successfullyでinitコンテナ風に使うことで回避する。
たぶんhttp認証でも使える方法。
while loopのアイデア元 : https://pentacent.medium.com/nginx-and-lets-encrypt-with-docker-in-less-than-5-minutes-b4b8a60d3a71
	version: "3.9"

	services:
	lego-init:
	image: goacme/lego:latest
	entrypoint: '
	sh -c "
	/lego --path /certs list --names \| grep -F ${LEGO_DOMAIN}
	\|\| /lego
	--path /certs
	--dns route53
	--email ${LEGO_MAIL}
	--domains "*.${LEGO_DOMAIN}"
	--domains "${LEGO_DOMAIN}"
	--accept-tos
	run" '
	command: ""
	volumes:
	- certs:/certs
	environment:
	- AWS_CONFIG_FILE=/run/secrets/aws_config
	- AWS_SHARED_CREDENTIALS_FILE=/run/secrets/aws_credentials
	secrets:
	- aws_config
	- aws_credentials


	lego-renew:
	image: goacme/lego:latest
	entrypoint: '
	sh -c "trap exit TERM;
	while :;
	do
	/lego
	--path /certs
	--dns route53
	--email ${LEGO_MAIL}
	--domains "*.${LEGO_DOMAIN}"
	--domains "${LEGO_DOMAIN}"
	--accept-tos
	renew
	--days 15 ;
	sleep 12h & wait $${!};
	done;" '
	command: ""
	volumes:
	- certs:/certs
	environment:
	- AWS_CONFIG_FILE=/run/secrets/aws_config
	- AWS_SHARED_CREDENTIALS_FILE=/run/secrets/aws_credentials
	secrets:
	- aws_config
	- aws_credentials
	restart: unless-stopped
	depends_on:
	lego-init:
	condition: service_completed_successfully

	nginx:
	image: nginx:stable
	ports:
	- 80:80
	- 443:443
	volumes:
	- certs:/certs
	- ./nginx/conf.d:/etc/nginx/conf.d:ro
	restart: unless-stopped
	depends_on:
	lego-init:
	condition: service_completed_successfully



	volumes:
	certs:


	secrets:
	aws_config:
	file: aws_config
	aws_credentials:
	file: secret_aws_credentials