Improve docs about CA root life cycle

[nevmerzhitsky]

Hello!

IDK what for, but in the default configuration from the repo docs, the mkcert container will recreate the content of the /app/ca directory at the container recreation (docker compose down + up). This produces totally new root certificate. In my case, this root cert will not autoinstall into Firefox and other trust repos (I run the docker inside WSL2 on a Windows 11 machine). So I need to manually install this new root cert.

I propose you add a section into the docs about an ability to add a volume to the mkcert service to stop the re-generation:

  mkcert:
    volumes:
      ...
      - /host-dir/certs/:/app/ca:rw

In this context, this is meaningful only if /etc/nginx/certs is also mounted as bind-mount, not as named volume.

[aegypius]

Thanks @nevmerzhitsky for your interest, you can totally propose a pull-request to improve the documentation. I no longer use nginx and mkcert, the default behavior might have change because I do not recall having this kind of problems.