# multi-stage build for dockerized nginx

# set up nginx build container
FROM alpine:latest AS nginx
RUN apk add gcc g++ git curl make linux-headers tar gzip geoip-dev gd-dev libxslt-dev pcre-dev perl-dev

# download pcre library
WORKDIR /src/pcre
ARG PCRE_VER="8.44"
RUN curl -L -O "https://cfhcable.dl.sourceforge.net/project/pcre/pcre/$PCRE_VER/pcre-$PCRE_VER.tar.gz"
RUN tar xzf "/src/pcre/pcre-$PCRE_VER.tar.gz"

# download fancy-index module
RUN git clone https://github.com/aperezdc/ngx-fancyindex.git /src/ngx-fancyindex

# download ngx_http_hs_challenge module
RUN git clone https://github.com/simon987/ngx_http_js_challenge_module.git /src/ngx_http_js_challenge_module

# download nginx source
WORKDIR /src/nginx
ARG NGINX_VER
RUN curl -L -O "http://nginx.org/download/nginx-$NGINX_VER.tar.gz"
RUN tar xzf "nginx-$NGINX_VER.tar.gz"

# configure and build nginx
WORKDIR /src/nginx/nginx-"$NGINX_VER"
RUN ./configure --prefix=/usr/share/nginx \
                --sbin-path=/usr/sbin/nginx \
                --conf-path=/etc/nginx/nginx.conf \
                --error-log-path=/var/log/nginx/error.log \
                --http-log-path=/var/log/nginx/access.log \
                --pid-path=/run/nginx.pid \
                --lock-path=/run/lock/subsys/nginx \
                --http-client-body-temp-path=/tmp/nginx/client \
                --http-proxy-temp-path=/tmp/nginx/proxy \
                --user=www-data \
                --group=www-data \
                --with-threads \
                --with-file-aio \
                --with-pcre="/src/pcre/pcre-$PCRE_VER" \
                --with-pcre-jit \
                --with-http_addition_module \
                --add-module=/src/ngx-fancyindex \
                --add-dynamic-module=/src/ngx_http_js_challenge_module \
                --without-http_fastcgi_module \
                --without-http_uwsgi_module \
                --without-http_scgi_module \
                --without-http_gzip_module \
                --without-select_module \
                --without-poll_module \
                --without-mail_pop3_module \
                --without-mail_imap_module \
                --without-mail_smtp_module \
                --with-cc-opt="-Wl,--gc-sections -static -static-libgcc -O2 -ffunction-sections -fdata-sections -fPIC -fstack-protector-all -D_FORTIFY_SOURCE=2 -Wformat -Werror=format-security"
ARG CORE_COUNT
RUN make -j"$CORE_COUNT"
RUN make install

# set up the final container
FROM alpine:latest

# copy in default nginx configs
COPY nginx/ /etc/nginx/

# setup nginx folders and files
RUN adduser www-data -D -H -G www-data
RUN chown -R www-data:www-data /etc/nginx
RUN mkdir -p /tmp/nginx/{client,proxy} && chown -R www-data:www-data /tmp/nginx/
RUN mkdir -p /var/log/nginx && chown -R www-data:www-data /var/log/nginx
RUN mkdir -p /var/www/html && chown -R www-data:www-data /var/www/html
RUN touch /run/nginx.pid && chown www-data:www-data /run/nginx.pid
RUN mkdir -p /etc/nginx 

# add nginx binary
COPY --from=nginx /usr/sbin/nginx /usr/sbin/nginx

# add ngx-http-js-challenge module
ARG NGINX_VER
COPY --from=nginx /src/nginx/nginx-"$NGINX_VER"/objs/ngx_http_js_challenge_module.so /etc/nginx/modules/ngx_http_js_challenge_module.so

# add test index file
COPY index.html /usr/share/nginx/html/index.html

# add loading file
COPY loading.html /etc/nginx/loading.html

# configure entrypoint
ENTRYPOINT ["/usr/sbin/nginx","-g","daemon off;"]