version: '3.9' x-dls-variables: &dls-variables DLS_URL: localhost # REQUIRED DLS_PORT: 443 # must match nginx listen port LEASE_EXPIRE_DAYS: 90 DATABASE: sqlite:////app/database/db.sqlite DEBUG: false services: web: image: nginx ports: # thees are ports where nginx (!) is listen to - "80:80" # for "/leasing/v1/lessor/shutdown" used by windows guests, can't be changed! - "443:443" # first part must match "DLS_PORT" volumes: - /opt/docker/fastapi-dls/cert:/opt/cert healthcheck: test: [ "CMD", "curl", "--insecure", "--fail", "https://localhost/-/health" ] interval: 10s timeout: 5s retries: 3 start_period: 30s command: | bash -c 'bash -s <<"EOF" cat > /etc/nginx/nginx.conf <<"EON" daemon off; user root; worker_processes auto; events { worker_connections 1024; } http { gzip on; gzip_disable "msie6"; include /etc/nginx/mime.types; upstream dls-backend { server dls:443; } server { listen 443 ssl http2 default_server; listen [::]:443 ssl http2 default_server; root /var/www/html; index index.html; server_name _; ssl_certificate "/opt/cert/webserver.crt"; ssl_certificate_key "/opt/cert/webserver.key"; ssl_session_cache shared:SSL:1m; ssl_session_timeout 10m; ssl_protocols TLSv1.3 TLSv1.2; # ssl_ciphers "ECDHE-ECDSA-CHACHA20-POLY1305"; # ssl_ciphers PROFILE=SYSTEM; ssl_prefer_server_ciphers on; location / { proxy_ssl_verify off; proxy_set_header Host $$http_host; proxy_set_header X-Real-IP $$remote_addr; proxy_set_header X-Forwarded-For $$proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto $$scheme; proxy_pass https://dls-backend$$request_uri; } } server { listen 80; listen [::]:80; root /var/www/html; index index.html; server_name _; location /leasing/v1/lessor/shutdown { proxy_ssl_verify off; proxy_set_header Host $$http_host; proxy_set_header X-Real-IP $$remote_addr; proxy_set_header X-Forwarded-For $$proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto $$scheme; proxy_pass https://dls-backend/leasing/v1/lessor/shutdown; } location / { return 301 https://dls-backend$$request_uri; } } } EON cat /etc/nginx/nginx.conf nginx EOF' dls: image: collinwebdesigns/fastapi-dls:latest restart: always environment: <<: *dls-variables volumes: - /opt/docker/fastapi-dls/cert:/app/cert - db:/app/database volumes: db: