# apt -y install certbot

# certbot certonly --standalone -d ドメイン名
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Enter email address or hit Enter to skip.
 (Enter 'c' to cancel): メールアドレス

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Please read the Terms of Service at:
https://letsencrypt.org/documents/LE-SA-v1.6-August-18-2025.pdf
You must agree in order to register with the ACME server. Do you agree?
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
(Y)es/(N)o: y

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Would you be willing, once your first certificate is successfully issued, to
share your email address with the Electronic Frontier Foundation, a founding
partner of the Let's Encrypt project and the non-profit organization that
develops Certbot? We'd like to send you email about our work encrypting the web,
EFF news, campaigns, and ways to support digital freedom.
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
(Y)es/(N)o: n
Account registered.
Requesting a certificate for ドメイン名

Successfully received certificate.
Certificate is saved at: /etc/letsencrypt/live/ドメイン名/fullchain.pem
Key is saved at:         /etc/letsencrypt/live/ドメイン名/privkey.pem
This certificate expires on 2026-02-12.
These files will be updated when the certificate renews.

NEXT STEPS:
- The certificate will need to be renewed before it expires. Certbot can automatically renew the certificate in the background, but you may need to take steps to enable that functionality. See https://certbot.org/renewal-setup for instructions.

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
If you like Certbot, please consider supporting our work by:
 * Donating to ISRG / Let's Encrypt:   https://letsencrypt.org/donate
 * Donating to EFF:                    https://eff.org/donate-le
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

services:
  nginx:
    image: nginx:latest
    container_name: revproxy
    ports:
      - "80:80"
      - "443:443"
    restart: always

# docker compose up -d

# mkdir -p nginx/conf.d
# docker cp revproxy:/etc/nginx/nginx.conf nginx/
# docker cp revproxy:/etc/nginx/conf.d/default.conf nginx/conf.d

services:
  nginx:
    image: nginx:latest
    container_name: revproxy
    ports:
      - "80:80"
      - "443:443"
    volumes:
      - ./nginx/nginx.conf:/etc/docker/nginx.conf:ro
      - ./nginx/conf.d/default.conf:/etc/nginx/conf.d/default.conf:ro
      - /etc/letsencrypt/live/ドメイン名:/etc/letsencrypt:ro
    restart: always

# http
server {
    listen              80;
    listen              [::]:80;
    server_name         _;

    # httpアクセスは全てhttpsへリダイレクト
    location / {
        return 301 https://$host$request_uri;
    }
}

# https
server {
    listen              443 ssl;
    listen              [::]:443 ssl;
    ssl_certificate     /etc/nginx/server.crt;
    ssl_certificate_key /etc/nginx/server.key;
    server_name         _;

    # エラーページ
    error_page   500 502 503 504  /50x.html;
    location = /50x.html {
        root   /usr/share/nginx/html;
    }

    # リバースプロキシ設定
    proxy_redirect                          off;
    proxy_set_header Host                   $host;
    proxy_set_header X-Real-IP              $remote_addr;
    proxy_set_header X-Forwarded-Host       $host;
    proxy_set_header X-Forwarded-Server     $host;
    proxy_set_header X-Forwarded-Proto      $scheme;
    proxy_set_header X-Forwarded-For        $proxy_add_x_forwarded_for;

    # WordPressへリバースプロキシ
    location / {
        client_max_body_size 512M;↲
        proxy_pass http://172.17.0.1:21080/;
    }

    # GitLabへリバースプロキシ
    location /gitlab {
        client_max_body_size 1000M;
        proxy_pass http://172.17.0.1:22080/gitlab;
    }
}