FROM lopsided/archlinux:devel

RUN set -x \
    && echo 'Server = https://mirrors.aliyun.com/archlinux/$repo/os/$arch' > /etc/pacman.d/mirrorlist \
    && groupadd --gid 101 --system nginx \
    && useradd --uid 101 --gid nginx --system --create-home --home-dir /var/cache/nginx --shell /sbin/nologin nginx \
    && echo "nginx ALL=(ALL) NOPASSWD:ALL" > /etc/sudoers.d/nginx \
    && pacman --noconfirm -Sy glibc git \
    && mkdir -m 777 /aur \
    && su nginx -s /bin/sh -c " \
        cd /aur \
        && git clone https://aur.archlinux.org/nginx-quic.git \
        && cd nginx-quic \
        && makepkg -scri --noconfirm \
    " \
    && rm -f /etc/sudoers.d/nginx \
    && rm -rf /aur \
    && rm -rf /var/cache/pacman/pkg/*
RUN openssl req -x509 -newkey rsa:4096 -days 365 -subj '/CN=localhost/O=localhost/C=US' \
      -nodes -keyout /etc/nginx/cert.key -out /etc/nginx/cert.pem \
    && ln -sf /dev/stdout /var/log/nginx/access.log \
    && ln -sf /dev/stderr /var/log/nginx/error.log

COPY nginx.conf /etc/nginx/nginx.conf

EXPOSE 80
EXPOSE 443/tcp
EXPOSE 443/udp

STOPSIGNAL SIGQUIT

CMD ["nginx", "-g", "daemon off;"]
