https://www.youtube.com/watch?v=ctiktCoqFoc

https://docs.docker.com/engine/install/debian/#install-using-the-repository

sudo apt update
sudo apt install ca-certificates curl
sudo install -m 0755 -d /etc/apt/keyrings
sudo curl -fsSL https://download.docker.com/linux/debian/gpg -o /etc/apt/keyrings/docker.asc
sudo chmod a+r /etc/apt/keyrings/docker.asc

sudo tee /etc/apt/sources.list.d/docker.sources <<EOF
Types: deb
URIs: https://download.docker.com/linux/debian
Suites: $(. /etc/os-release && echo "$VERSION_CODENAME")
Components: stable
Signed-By: /etc/apt/keyrings/docker.asc
EOF

sudo apt update
sudo apt install docker-ce docker-ce-cli containerd.io docker-buildx-plugin docker-compose-plugin

systemctl enable docker
systemctl status docker
docker run hello-world

https://github.com/stonith404/pingvin-share

cd /opt
git clone https://github.com/stonith404/pingvin-share.git
cd pingvin-share

pingvin-share/
├── docker-compose.yml
├── data/
│   └── images/
├── nginx/
│   └── conf.d/
└── certbot/
    ├── conf/
    └── www/

services:
  pingvin-share:
    image: stonith404/pingvin-share
    restart: unless-stopped
    environment:
      - TRUST_PROXY=true
    ports:
      - "3000:3000"
    volumes:
      - "./data:/opt/app/backend/data"
      - "./data/images:/opt/app/frontend/public/img"
    networks:
      - pingvin-net

  nginx:
    image: nginx:latest
    container_name: nginx-reverse
    restart: unless-stopped
    ports:
      - "80:80"
      - "443:443"
    volumes:
      - ./nginx/conf.d:/etc/nginx/conf.d:ro
      - ./certbot/www:/var/www/certbot:rw
      - ./certbot/conf:/etc/letsencrypt:rw
    depends_on:
      - pingvin-share
    networks:
      - pingvin-net

  certbot:
    image: certbot/certbot
    volumes:
      - ./certbot/www:/var/www/certbot:rw
      - ./certbot/conf:/etc/letsencrypt:rw
    depends_on:
      - nginx

networks:
  pingvin-net:
    driver: bridge
    

mkdir -p nginx/conf.d
cd nginx/conf.d
touch yourconf.conf
nano yourconf.conf

server {
    listen 80;

    server_name yourdomain.com;
    server_tokens off;

    location /.well-known/acme-challenge/ {
        root /var/www/certbot;
    }

    location / {
        return 301 https://yourdomain.com$request_uri;
    }
}


#HASH BEFORE RUNNING CERTBOT
server {
    listen 443 default_server ssl http2;

    server_name yourdomain.com;

    ssl_certificate /etc/letsencrypt/live/yourdomain.com/fullchain.pem;
    ssl_certificate_key /etc/letsencrypt/live/yourdomain.com/privkey.pem;
    
    location / {
    	proxy_pass http://pingvin-share:3000;
        proxy_set_header Host $host;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header X-Forwarded-Proto $scheme;
    }
}

• run docker compose up -d

docker compose run --rm certbot certonly \
  --webroot \
  --webroot-path /var/www/certbot \
  -d yourdomain.com \
  --email mail@yourdomain.com \
  --agree-tos \
  --no-eff-email

• unhash nginx/conf.d/yourconf.conf
• run commands

docker compose restart nginx
docker ps