services:
  openresty:
    image: openresty/openresty:alpine
    container_name: openresty-gateway
    network_mode: host
    restart: unless-stopped
    volumes:
      # 主配置
      - ./conf/nginx.conf:/usr/local/openresty/nginx/conf/nginx.conf:ro
      # HTTP 配置
      - ./conf/conf.d:/usr/local/openresty/nginx/conf/conf.d:ro
      # Stream 配置
      - ./conf/stream.d:/usr/local/openresty/nginx/conf/stream.d:ro
      # 静态网站 + acme challenge
      - ./www:/var/www
      # SSL 证书
      - ./certs:/etc/letsencrypt
      # 日志
      - ./logs:/usr/local/openresty/nginx/logs

  # Certbot 是给脚本或手动命令使用的工具容器，不是常驻服务。
  # ./www 用于 ACME HTTP-01 域名验证，./certs 用于持久化保存签发的证书。
  certbot:
    image: certbot/certbot
    container_name: certbot
    volumes:
      - ./www:/var/www
      - ./certs:/etc/letsencrypt