Skip to content

Commit a104bfb

Browse files
RookieANDclaude
andcommitted
fix: certbot 컨테이너 제거 후 호스트 certbot 방식으로 전환
- certbot-dev, certbot-prod 컨테이너 및 named volume 제거 - nginx volume을 호스트 bind mount(/etc/letsencrypt, /var/www/certbot)로 변경 - nginx 인증서 경로를 단일 /etc/letsencrypt 경로로 통일 - nginx Dockerfile에서 불필요한 certbot webroot 디렉토리 생성 제거 Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
1 parent 94a2320 commit a104bfb

4 files changed

Lines changed: 8 additions & 47 deletions

File tree

docker-compose.yml

Lines changed: 2 additions & 38 deletions
Original file line numberDiff line numberDiff line change
@@ -51,10 +51,8 @@ services:
5151
- 80:80
5252
- 443:443
5353
volumes:
54-
- certbot_conf_dev:/etc/letsencrypt-dev
55-
- certbot_www_dev:/var/www/certbot-dev
56-
- certbot_conf_prod:/etc/letsencrypt-prod
57-
- certbot_www_prod:/var/www/certbot-prod
54+
- /etc/letsencrypt:/etc/letsencrypt:ro
55+
- /var/www/certbot:/var/www/certbot
5856
depends_on:
5957
- client-dev
6058
- client-prod
@@ -66,42 +64,8 @@ services:
6664
- "mode=unified"
6765
restart: on-failure
6866

69-
# Development Certbot
70-
certbot-dev:
71-
image: certbot/certbot:latest
72-
container_name: yogieat-certbot-dev
73-
volumes:
74-
- certbot_conf_dev:/etc/letsencrypt
75-
- certbot_www_dev:/var/www/certbot
76-
networks:
77-
- yogieat-dev-network
78-
entrypoint: "/bin/sh -c 'trap exit TERM; while :; do certbot renew; sleep 12h & wait $${!}; done;'"
79-
labels:
80-
- "name=certbot-dev"
81-
- "mode=development"
82-
83-
# Production Certbot
84-
certbot-prod:
85-
image: certbot/certbot:latest
86-
container_name: yogieat-certbot-prod
87-
volumes:
88-
- certbot_conf_prod:/etc/letsencrypt
89-
- certbot_www_prod:/var/www/certbot
90-
networks:
91-
- yogieat-prod-network
92-
entrypoint: "/bin/sh -c 'trap exit TERM; while :; do certbot renew; sleep 12h & wait $${!}; done;'"
93-
labels:
94-
- "name=certbot-prod"
95-
- "mode=production"
96-
9767
networks:
9868
yogieat-dev-network:
9969
driver: bridge
10070
yogieat-prod-network:
10171
driver: bridge
102-
103-
volumes:
104-
certbot_conf_dev:
105-
certbot_www_dev:
106-
certbot_conf_prod:
107-
certbot_www_prod:

docker/nginx/Dockerfile

Lines changed: 0 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -11,7 +11,4 @@ COPY ./config/nginx.conf /etc/nginx/nginx.conf
1111
# 로그 디렉토리 생성 (환경별)
1212
RUN mkdir -p /var/log/nginx/client-dev /var/log/nginx/client-prod
1313

14-
# Certbot webroot 디렉토리 생성 (환경별)
15-
RUN mkdir -p /var/www/certbot-dev /var/www/certbot-prod
16-
1714
CMD ["nginx", "-g", "daemon off;"]

docker/nginx/config/client-dev.conf

Lines changed: 3 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -6,7 +6,7 @@ server {
66

77
# Certbot ACME challenge
88
location /.well-known/acme-challenge/ {
9-
root /var/www/certbot-dev;
9+
root /var/www/certbot;
1010
}
1111

1212
# HTTP to HTTPS redirect
@@ -23,8 +23,8 @@ server {
2323
server_name dev.yogieat.com;
2424

2525
# SSL Certificates
26-
ssl_certificate /etc/letsencrypt-dev/live/dev.yogieat.com/fullchain.pem;
27-
ssl_certificate_key /etc/letsencrypt-dev/live/dev.yogieat.com/privkey.pem;
26+
ssl_certificate /etc/letsencrypt/live/dev.yogieat.com/fullchain.pem;
27+
ssl_certificate_key /etc/letsencrypt/live/dev.yogieat.com/privkey.pem;
2828

2929
# SSL Configuration
3030
ssl_protocols TLSv1.2 TLSv1.3;

docker/nginx/config/client-prod.conf

Lines changed: 3 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -6,7 +6,7 @@ server {
66

77
# Certbot ACME challenge
88
location /.well-known/acme-challenge/ {
9-
root /var/www/certbot-prod;
9+
root /var/www/certbot;
1010
}
1111

1212
# HTTP to HTTPS redirect
@@ -23,8 +23,8 @@ server {
2323
server_name yogieat.com www.yogieat.com;
2424

2525
# SSL Certificates
26-
ssl_certificate /etc/letsencrypt-prod/live/yogieat.com/fullchain.pem;
27-
ssl_certificate_key /etc/letsencrypt-prod/live/yogieat.com/privkey.pem;
26+
ssl_certificate /etc/letsencrypt/live/yogieat.com/fullchain.pem;
27+
ssl_certificate_key /etc/letsencrypt/live/yogieat.com/privkey.pem;
2828

2929
# SSL Configuration
3030
ssl_protocols TLSv1.2 TLSv1.3;

0 commit comments

Comments
 (0)