I have a docker container that manages all of the SSL certificates for my services with Letsencrypt. When the certificate for a certain service is renewed, a post-hook script copies the certificate and key to the folder where the SSL certificate and key for the other container uses are located. This other container then needs to be restarted to use the new, renewed certificate. My current solution is exposing the docker host to the letsencrypt container like this in docker compose:
extra_hosts:
- "host.docker.internal:host-gateway"
and I can then place my private SSH key in the letsencrypt container, and run the docker compose command to restart the other container from an SSH session in the post-hook script.
However, I realise that this isn't ideal as it allows root access to the docker host from the letsencrypt container, which wouldn't be good if it was compromised.
My question is: is there any better way to make the docker host restart a container from inside another container?
