WIP Use nginx to serve a self-signed cert

compose.yaml

@@ -39,5 +39,32 @@ services:
         ports:
             - "18920:18920"
 
+    nginx:
+        image: nginx:alpine
+        restart: always
+        depends_on:
+            - bot
+        ports:
+            - "80:80"
+            - "443:443"
+        volumes:
+            - ./nginx/selfsigned.conf:/etc/nginx/conf.d/default.conf:ro
+            - nginx_certs:/etc/nginx/certs
+        entrypoint:
+            - "/bin/sh"
+            - "-c"
+        command: |
+            set -e
+            apk add --no-cache openssl
+            mkdir -p /etc/nginx/certs
+            if [ ! -f /etc/nginx/certs/selfsigned.key ] || [ ! -f /etc/nginx/certs/selfsigned.crt ]; then
+              openssl req -x509 -nodes -days 365 -newkey rsa:2048 \
+                -keyout /etc/nginx/certs/selfsigned.key \
+                -out /etc/nginx/certs/selfsigned.crt \
+                -subj "/CN=localhost"
+            fi
+            exec nginx -g 'daemon off;'
+
 volumes:
     reminders:
+    nginx_certs: