feat(nginx): add nginx + functionality to toggle between letsencrypt, custom-ssl and http-only modes in .env file

docker-compose.yml

@@ -21,7 +21,6 @@ services:
     restart: always
     depends_on:
       - db
-
     environment:
       USER_UID: 1000
       USER_GID: 1000
@@ -37,7 +36,7 @@ services:
       GITEA__database__USER: ${GITEA_DB_USER}
       GITEA__database__PASSWD: ${GITEA_DB_PASSWORD}
 
-      GITEA__security__INSTALL_LOCK: true
+      GITEA__security__INSTALL_LOCK: "true"
 
       GITEA__mailer__ENABLED: ${SMTP_ENABLE}
       GITEA__mailer__HOST: ${SMTP_HOST}:${SMTP_PORT}
@@ -45,17 +44,43 @@ services:
       GITEA__mailer__PASSWD: ${SMTP_PASS}
       GITEA__mailer__FROM: ${SMTP_FROM}
       GITEA__mailer__SKIP_VERIFY: ${SMTP_SKIP_VERIFY}
-
     volumes:
       - gitea_data:/data
-
+    expose:
+      - "3000"
     ports:
-      - "${HTTP_PORT}:3000"
       - "${SSH_PORT}:22"
-
     networks:
       - gitea_net
 
+  nginx:
+    image: nginx:alpine
+    container_name: gitea-nginx
+    restart: always
+    depends_on:
+      - gitea
+    ports:
+      - "80:80"
+      - "443:443"
+    volumes:
+      - ./nginx/conf.d:/etc/nginx/conf.d:ro
+      - ./nginx/ssl:/etc/nginx/ssl:ro
+      - certbot_webroot:/var/www/certbot:ro
+      - certbot_certs:/etc/letsencrypt:ro
+    networks:
+      - gitea_net
+
+  # Only used when SSL_MODE=letsencrypt; harmless otherwise
+  certbot:
+    image: certbot/certbot
+    container_name: gitea-certbot
+    volumes:
+      - certbot_webroot:/var/www/certbot
+      - certbot_certs:/etc/letsencrypt
+    entrypoint: "/bin/true"
+    profiles:
+      - letsencrypt
+
 networks:
   gitea_net:
     driver: bridge
@@ -63,3 +88,5 @@ networks:
 volumes:
   gitea_data:
   gitea_postgres_data:
+  certbot_webroot:
+  certbot_certs: