--- services: server: environment: B23_ALLOW_UP: "true" networks: - backend - frontend nginx: build: context: ./docker/nginx dockerfile: Dockerfile args: IMAGE: "nginxinc/nginx-unprivileged:${NGINX_UNPRIVILEGED_TAG:?NGINX_UNPRIVILEGED_TAG is not configured}" IMG_TITLE: "nginx-unprivileged-base23" IMAGE_VERSION: "COMPOSE" depends_on: server: condition: service_healthy environment: - NGINX_HTTP_PORT=${NGINX_HTTP_PORT:-8080} - NGINX_HTTPS_PORT=${NGINX_HTTPS_PORT:-8443} - NGINX_RESOLVER=${NGINX_RESOLVER:-127.0.0.11} - NGINX_SERVERNAME=${NGINX_SERVERNAME:?Server name is required} - NGINX_SSL_SESSION_TIMEOUT=${NGINX_SSL_SESSION_TIMEOUT:-1d} - NGINX_SSL_SESSION_CACHE=${NGINX_SSL_SESSION_CACHE:-shared:MozSSL:10m} - NGINX_SSL_PROTOCOLS=${NGINX_SSL_PROTOCOLS:-TLSv1.2 TLSv1.3} - NGINX_SSL_CIPHERS=${NGINX_SSL_CIPHERS:-ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-CHACHA20-POLY1305} - NGINX_SSL_PREFER_SERVER_CIPHERS=${NGINX_SSL_PREFER_SERVER_CIPHERS:-off} - NGINX_HEADER_STRICT_TRANSPORT_SECURITY=${NGINX_HEADER_STRICT_TRANSPORT_SECURITY:-'"max-age=63072000" always'} - NGINX_SSL_STAPLING=${NGINX_SSL_STAPLING:-on} - NGINX_SSL_STAPLING_VERIFY=${NGINX_SSL_STAPLING_VERIFY:-on} volumes: - ./data/nginx/default.conf.template:/etc/nginx/templates/default.conf.template:ro - ./data/nginx/dhparams.pem:/etc/nginx/ssl/dhparams.pem:ro - ./data/nginx/certs:/etc/nginx/ssl/certs:ro - ./data/nginx/acme:/var/www/letsencrypt:ro ports: - target: 8080 published: "80" protocol: tcp app_protocol: http # Docker Compose 2.26.0 mode: ingress - target: 8443 published: "443" protocol: tcp app_protocol: https # Docker Compose 2.26.0 mode: ingress networks: - frontend networks: frontend: