More ssl conf attempt.

nginx/Dockerfile

@@ -3,11 +3,6 @@ FROM nginx:1.15.0-alpine
 RUN rm /etc/nginx/conf.d/default.conf
 
 ARG NGINX_CONF=nginx.conf
-ARG ACME_FILE
-ARG SSL_CERT
-ARG SSL_KEY
 
 COPY ${NGINX_CONF} /etc/nginx/conf.d/nginx.conf
-COPY ${SSL_CERT} /etc/certs/cert.pem
-COPY ${SSL_KEY} /etc/certs/key.pem
-COPY ${ACME_FILE} /usr/share/nginx/html/
+COPY ssl_certificates.conf* /etc/nginx/conf.d/

nginx/ssl.conf

@@ -15,13 +15,11 @@ server {
     charset     utf-8;
     client_max_body_size 150M;
 
-    ssl_certificate /etc/certs/cert.pem;
-    ssl_certificate_key /etc/certs/key.pem;
+    include conf.d/ssl_certificates.conf;
 
     # Performance + Privacy improvements
     ssl_stapling on;
     ssl_stapling_verify on;
-    ssl_trusted_certificate /etc/certs/cert.pem;
     resolver 8.8.8.8 208.67.222.222 valid=300s;
     resolver_timeout 5s;
 

nginx/ssl_certificates.conf_example

+ssl_certificate /etc/certs/fullchain.pem;
+ssl_certificate_key /etc/certs/privkey.pem;
+ssl_trusted_certificate /etc/certs/fullchain.pem;

production.yml_example

@@ -16,14 +16,15 @@ services:
        - "80:80"
       # - "443:443"
 
-      ### To enable SSL, generate keys with letsencrypt/certbot
+      ### To enable SSL, generate keys (eg with letsencrypt/certbot)
+      ### copy nginx/ssl_certificates.conf_example and edit it
+      ## if need be to correspond to the volume below
       ### and uncomment this block and the port 443
       # build:
       #   args:
       #     - NGINX_CONF=ssl.conf
-      #     - SSL_CERT=/etc/letsencrypt/live/$DOMAIN/fullchain.pem
-      #     - SSL_KEY=/etc/letsencrypt/live/$DOMAIN/privkey.pem
-      #     - ACME_FILE=./<some_hash>
+      # volumes:
+      #   - /etc/letsencrypt/live/<mydomain>:/etc/certs
 
     flower:
       restart: always