{ ... }:

{
  image = "jwilder/nginx-proxy:alpine";
  ports = [
    "80:80"
    "443:443"
  ];
  volumes = [
    # So that we can watch new containers come up
    "/var/run/docker.sock:/tmp/docker.sock:ro"
    # So that we can access generated certs
    "nginx-certs:/etc/nginx/certs:ro"
    # So that we can write challenge files for letsencrypt auth
    "nginx-challenges:/usr/share/nginx/html"
    # So that we can modify config on-the-fly to set up challenge
    # files
    "nginx-conf:/etc/nginx/vhost.d"
  ];
  environment = {
    DHPARAM_GENERATION = "false"; # Provided by nginx-proxy-letsencrypt
  };
  extraDockerOptions = [
    "--network=webproxy"
  ];
}