compose.yml

services:
  certbot:
    build: .
    command:
      - certonly
      - --non-interactive
      - --agree-tos
      - --email
      - ${CERTBOT_EMAIL:-transcodegroupdeveloper@gmail.com}
      - --authenticator=dns-multi
      - --dns-multi-credentials=/etc/letsencrypt/dns-multi.ini
      # 四个域名可以同时申请, 故不要求必填
      - --domains=${SERVER_HOSTNAME}
      - --domains=${TRACK_HOSTNAME}
      - --domains=${BUS_HOSTNAME}
      - --domains=${VIDEO_HOSTNAME}
      - --deploy-hook
      - "sh -c 'COMPOSE_PROJECT_NAME=${COMPOSE_PROJECT_NAME} DATA=${DATA_DIR:-/data} /home/docker/certbot/deploy-hook.sh'"
    volumes:
      - /var/run/docker.sock:/var/run/docker.sock
      - ${DATA_DIR:-/data}/certbot:/etc/letsencrypt
    configs:
      - source: certbot-deploy-hook.sh
        target: /home/docker/certbot/deploy-hook.sh
      - source: certbot-dns-multi.ini
        target: /etc/letsencrypt/dns-multi.ini
        mode: 0600
  

  ofelia:
    image: mcuadros/ofelia
    restart: always
    command: daemon --docker
    volumes:
      - /var/run/docker.sock:/var/run/docker.sock:ro
    labels:
      # 通过ofelia重启其他服务, 需要这样绕一道
      # https://github.com/mcuadros/ofelia/issues/280#issuecomment-2561863012
      ofelia.job-run.certbot-renew.schedule: "@daily"
      ofelia.job-run.certbot-renew.command: "sh -c 'docker compose -p ${COMPOSE_PROJECT_NAME} restart certbot'"
      ofelia.job-run.certbot-renew.image: "docker:cli"
      ofelia.job-run.certbot-renew.volume: "/var/run/docker.sock:/var/run/docker.sock"

configs:
  certbot-deploy-hook.sh:
    file: ./deploy-hook.sh
  # certbot-dns-multi的配置文件
  # https://github.com/alexzorin/certbot-dns-multi#usage
  certbot-dns-multi.ini:
    content: |
      dns_multi_provider = ${CERTBOT_DNS_PROVIDER:-dnspod}
      DNSPOD_API_KEY = "${CERTBOT_DNS_API_KEY:?required}"
      CLOUDFLARE_DNS_API_TOKEN = "${CERTBOT_DNS_API_KEY:?required}"
      TENCENTCLOUD_SECRET_KEY = "${CERTBOT_DNS_API_KEY:?required}"
      TENCENTCLOUD_SECRET_ID = "${CERTBOT_TENCENTCLOUD_SECRET_ID}"