# ────────────────────────────────────────────────────────────────── # Production ingress = the HOST's nginx + Let's Encrypt. No caddy. # ────────────────────────────────────────────────────────────────── # docker compose -f docker-compose.yml -f docker-compose.nginx.yml up -d # # nginx (on the host, already installed) terminates TLS with the LE certs from # tooling/issue-letsencrypt.sh and: # - serves apex + pack.${BASE_DOMAIN} as static files (./www, ./pack, ./custom) # - reverse-proxies auth.${BASE_DOMAIN} -> 127.0.0.1:25585 (drasl) # See nginx/ulicraft.conf.tmpl. # # This override: # - publishes drasl on localhost so the host nginx can reach it # - points the minecraft container at the host (extra_hosts) over HTTPS, so it # fetches the pack and validates sessions through the same public names the # LE certs cover (JVM trusts Let's Encrypt out of the box) services: drasl: ports: - "127.0.0.1:25585:25585" minecraft: # Make the public names resolve to the host running nginx. extra_hosts: - "auth.${BASE_DOMAIN}:host-gateway" - "pack.${BASE_DOMAIN}:host-gateway" environment: # Use HTTPS now that nginx terminates TLS with a publicly-trusted cert. JVM_OPTS: "-javaagent:/extras/authlib-injector.jar=https://auth.${BASE_DOMAIN}/authlib-injector" PACKWIZ_URL: "https://pack.${BASE_DOMAIN}/pack.toml"