docker-compose.yml

services:
  # Plain HTTP proxy
  http-proxy:
    image: hightemp/https_proxy:latest
    container_name: https_proxy_http
    restart: unless-stopped
    ports:
      - "8080:8080"
    environment:
      PROXY_ADDR: 0.0.0.0:8080
      PROXY_PROTO: http
      PROXY_USERNAME: ${PROXY_USERNAME:-}
      PROXY_PASSWORD: ${PROXY_PASSWORD:-}
      PROXY_UPSTREAM_PROXY: ${PROXY_UPSTREAM_PROXY:-}

  # HTTPS proxy with Let's Encrypt certificates (read from shared volume)
  https-proxy:
    image: hightemp/https_proxy:latest
    container_name: https_proxy_https
    restart: unless-stopped
    ports:
      - "8443:8443"
    environment:
      PROXY_ADDR: 0.0.0.0:8443
      PROXY_PROTO: https
      PROXY_USERNAME: ${PROXY_USERNAME:-}
      PROXY_PASSWORD: ${PROXY_PASSWORD:-}
      PROXY_CERT_PATH: /etc/letsencrypt/live/${DOMAIN:?DOMAIN must be set in .env}/fullchain.pem
      PROXY_KEY_PATH: /etc/letsencrypt/live/${DOMAIN}/privkey.pem
      PROXY_UPSTREAM_PROXY: ${PROXY_UPSTREAM_PROXY:-}
    volumes:
      - letsencrypt:/etc/letsencrypt:ro
    depends_on:
      - certbot

  # Let's Encrypt certificate manager.
  # First-time issue:
  #   docker compose run --rm --service-ports certbot issue
  # Then `docker compose up -d` runs auto-renewal in a loop.
  certbot:
    image: certbot/certbot:latest
    container_name: https_proxy_certbot
    restart: unless-stopped
    environment:
      DOMAIN: ${DOMAIN:?DOMAIN must be set in .env}
      EMAIL: ${EMAIL:?EMAIL must be set in .env}
    ports:
      - "80:80"
    volumes:
      - letsencrypt:/etc/letsencrypt
      - certbot-www:/var/www/certbot
    entrypoint:
      - /bin/sh
      - -c
      - |
        if [ "$$1" = "issue" ]; then
          exec certbot certonly --standalone \
            -d "$$DOMAIN" -m "$$EMAIL" --agree-tos --no-eff-email --non-interactive
        fi
        trap exit TERM
        while :; do
          certbot renew --quiet
          sleep 12h & wait $${!}
        done
      - --

volumes:
  letsencrypt:
  certbot-www: