FROM node:lts-alpine3.15 as base
LABEL Author="Nanahira <nanahira@momobako.com>"

WORKDIR /etc/nginx/generator
COPY ./package*.json ./

FROM base as builder
RUN npm ci && npm cache clean --force
COPY . ./
RUN npm run build

FROM base
ENV NODE_ENV production

RUN set -x && \
    addgroup -g 101 -S nginx && \
    adduser -S -D -H -u 101 -h /var/cache/nginx -s /sbin/nologin -G nginx -g nginx nginx && \
    apk add --no-cache wget && \
    wget -O /etc/apk/keys/nginx_signing.rsa.pub https://cs.nginx.com/static/keys/nginx_signing.rsa.pub && \
    printf "https://minio.momobako.com/nginx-plus/alpine/v`egrep -o '^[0-9]+\.[0-9]+' /etc/alpine-release`/main\n" | tee -a /etc/apk/repositories && \
    apk add --no-cache \
        nginx-plus \
        nginx-plus-module-auth-spnego \
        nginx-plus-module-brotli \
        nginx-plus-module-encrypted-session \
        nginx-plus-module-fips-check \
        nginx-plus-module-geoip2 \
        nginx-plus-module-geoip \
        nginx-plus-module-headers-more \
        nginx-plus-module-image-filter \
        nginx-plus-module-lua \
        nginx-plus-module-ndk \
        nginx-plus-module-njs \
        nginx-plus-module-opentracing \
        nginx-plus-module-passenger \
        nginx-plus-module-perl \
        nginx-plus-module-prometheus \
        nginx-plus-module-rtmp \
        nginx-plus-module-set-misc \
        nginx-plus-module-subs-filter \
        nginx-plus-module-xslt \
        curl ca-certificates tzdata \
    && \
    ln -sf /dev/stdout /var/log/nginx/access.log && \
    ln -sf /dev/stderr /var/log/nginx/error.log && \
    rm -rf /etc/nginx/sites-enabled/* /etc/nginx/conf.d/default.conf /etc/nginx/nginx.conf && \
    mkdir /etc/nginx/stream /etc/nginx/generated /etc/nginx/certs && \
    openssl dhparam 4096 > /etc/nginx/generated/dhparam.pem && \
    openssl rand 80 > /etc/nginx/generated/ticket.key

RUN npm ci && npm cache clean --force

COPY --from=builder /etc/nginx/generator/dist ./dist
COPY ./views ./views
COPY ./views/dummy /usr/lib/nginx-plus/check-subscription

EXPOSE 80 443
STOPSIGNAL SIGQUIT
ENTRYPOINT [ "./views/entrypoint.sh" ]
CMD ["nginx", "-g", "daemon off;"]
