docker-compose setup for static nginx site with SSL certificates

Target user must be in a docker group. We will create everything in its home directory:

cd
mkdir -p domain_tld/{nginx,ssl,website}
cd domain_tld

Create docker-compose.yml:

services:
  web:
    image: nginx:alpine
    container_name: domain_tld
    ports:
      - "80:80"
      - "443:443"
    volumes:
      - ./website:/usr/share/nginx/html:ro
      - ./nginx:/etc/nginx/conf.d:ro
      - ./ssl:/etc/nginx/ssl:ro
    restart: unless-stopped

Move the private key and certificate into domain_tld/ssl directory - under names cert.pem, privkey.pem, this might be a Cloudflare SSL certificates.

Create nginx confguration under domain_tld/nginx/domain.tld.conf:

# HTTP to HTTPS Redirect
server {
    listen 80;                          # Handle HTTP
    server_name domain.tld www.domain.tld;

    # Redirect all HTTP requests to HTTPS
    return 301 https://$host$request_uri;
}

# HTTPS Server Block
server {
    listen 443 ssl;                     # Listen on HTTPS
    http2 on;

    server_name domain.tld www.domain.tld;

    # SSL Certificates
    ssl_certificate     /etc/nginx/ssl/cert.pem;
    ssl_certificate_key /etc/nginx/ssl/privkey.pem;

    # SSL Settings
    ssl_protocols       TLSv1.2 TLSv1.3;
    ssl_ciphers         ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256;
    ssl_prefer_server_ciphers on;

    # Security Headers
    add_header Strict-Transport-Security "max-age=63072000; includeSubDomains; preload" always;
    add_header X-Content-Type-Options "nosniff" always;
    add_header X-Frame-Options "DENY" always;

    # Serve Static Content
    root /usr/share/nginx/html;
    index index.html;

    # Default Location
    location / {
        try_files $uri $uri/ =404;
    }
}

Place static files under domain_tld/website directory.

finally run:

docker compose up -d

Check your domain at https://www.domain.tld