Run Wordpress website behind nGinx, on Docker, with SSL via Lets Encrypt

.env

# normally (on Linux) your user / group has the ID 1000
UID=1000
GID=1000
WEBUSER=host-user
WEBGROUP=host-group

APP_PORT=9000
APP_NAME="My WordPress Website"
APP_SERVER_PORT=3000
APP_PREFIX=my-website
APP_HOST=${APP_PREFIX}.uk
APP_EMAIL=your-email@gmail.com

DB_PORT=3306
DB_HOST=${APP_PREFIX}db
DB_NAME=the-name-of-the-database
DB_DATABASE=${DB_NAME}
DB_USERNAME=user-with-access-to-db
DB_PASSWORD=your-password
DB_CHARSET=utf8mb4
DB_COLLATE=
WORDPRESS_TABLE_PREFIX=wp_
MYSQL_ROOT_PASSWORD=S0meRand0mPass0rd

WORDPRESS_DEBUG=1
WP_AUTO_UPDATE_CORE=0

docker-compose.yml

version: '3'

services:
  frontend:
    container_name: wordpress
    image: wordpress:6.4-fpm
    restart: unless-stopped
    build:
      context: .
      dockerfile: wp.Dockerfile
      args:
        - UID=${UID:-(id -u)}
        - GID=${GID:-(id -g)}
        - WEBUSER=${WEBUSER:-(id -un)}
        - WEBGROUP=${WEBGROUP:-(id -gn)}
    ports:
      - 9000:9000
    links:
      - database
    depends_on:
      - database
    networks:
      - backend
      - frontend
    volumes:
      - wordpress:/var/www/html
      #- ./wp/wp-content/uploads:/var/www/html/wp-content/uploads:rw
      #- ./wp/wp-content/themes:/var/www/html/wp-content/themes:rw
      #- ./wp/wp-content/plugins:/var/www/html/wp-content/plugins:rw
      #- ./wp/wp-content/wflogs:/var/www/html/wp-content/wflogs:rw
      #- ./php/:/usr/local/etc/php/conf.d/
    environment:
      - WORDPRESS_DOMAIN="https://${APP_HOST:-website.uk}/"
      - WORDPRESS_DB_HOST=${DB_HOST:-database}
      - WORDPRESS_DB_PORT=${DB_PORT:-3306}
      - WORDPRESS_DB_NAME=${DB_NAME:-wordpress}
      - WORDPRESS_DB_USER=${DB_USERNAME:-wpdbuser}
      - WORDPRESS_DB_PASSWORD=${DB_PASSWORD:-wpdbpassword}
      #- WORDPRESS_DEBUG=true
      #- WP_DEBUG_LOG=true
      - WORDPRESS_CONFIG_EXTRA=
          define('FS_METHOD', 'direct');
          define('WP_HOME', 'https://${APP_HOST:-website.uk}/');
          define('WP_SITEURL', 'https://${APP_HOST:-website.uk}/');
      - TZ=Europe/London

  database:
    container_name: database
    image: mysql:latest
    restart: unless-stopped
    networks:
      - internal
    command: [
      "--explicit_defaults_for_timestamp"
    ]
    volumes:
      - ./db:/docker-entrypoint-initdb.d/
      - dbdata:/var/lib/mysql
    environment:
      - MYSQL_ROOT_PASSWORD=${MYSQL_ROOT_PASSWORD}
      - MYSQL_DATABASE=${DB_NAME:-wordpress}
      - MYSQL_USER=${DB_USERNAME:-wpdbuser}
      - MYSQL_PASSWORD=${DB_PASSWORD:-wpdbpassword}
      - TZ=Europe/London

  proxy:
    container_name: proxy
    image: nginx:latest
    restart: unless-stopped
    tty: true
    ports:
      - 80:80
      - 443:443
    networks:
      - public
    depends_on:
      - frontend
    volumes_from:
      - frontend
    volumes:
      - ./nginx:/etc/nginx/conf.d/:ro
      - ./ssl/letsencrypt/live/website.uk:/etc/letsencrypt/live/website.uk:delegated
    environment:
      - TZ=Europe/London

volumes:
  wordpress:
  dbdata:

networks:
  public:
    driver: bridge
  internal:
    driver: bridge

wp.Dockerfile

FROM wordpress:6.4-fpm

RUN cp /usr/local/etc/php/php.ini-production /usr/local/etc/php/php.ini

WORKDIR /var/www/html

ARG UID
ARG GID
ARG WEBUSER
ARG WEBGROUP

ARG WEBUSER=${WEBUSER:-phpfpm}
ARG WEBGROUP=${WEBGROUP:-phpfmp}
ARG UID=${UID:-1000}
ARG GID=${GID:-1000}

# create matching user and group
RUN addgroup --gid ${GID} --system ${WEBUSER}
RUN adduser --disabled-password --gecos '' --uid ${UID} --ingroup ${WEBGROUP} ${WEBUSER}
RUN chown -R ${WEBUSER}:${WEBGROUP} .

# update PHP-FPM user
RUN sed -ri -e "s!user = www-data!user = ${WEBUSER}!g" /usr/local/etc/php-fpm.d/www.conf
RUN sed -ri -e "s!group = www-data!group = ${WEBGROUP}!g" /usr/local/etc/php-fpm.d/www.conf

RUN echo "Front-End Ready!"