# syntax=docker/dockerfile:1

##
## Build
##
FROM harbor.repository.lb.home.dc.internal.amuz.es/infrastructure/alpine-base:3.19-latest AS build

WORKDIR /usr/local/src
ARG VERSION="1.25.4"

### Fetch Build Dependencies
COPY patch /usr/local/src/patch

RUN set -xeu && \
    apk --no-cache add \
                autoconf \
                automake \
                build-base \
                libtool \
                musl-utils \
                util-linux \
                util-linux-dev \
                tar \
                openssl-dev \
                pcre2-dev \
                linux-headers \
                libatomic_ops-dev \
                zlib-dev \
                libaio-dev \
                bash \
                alpine-sdk \
                cmake \
                git \
                findutils


RUN set -xeu && \
    git clone --recurse-submodules -j8 https://github.com/google/ngx_brotli && \
    cd ngx_brotli/deps/brotli && \
    mkdir out && \
    cd out && \
    #    -DCMAKE_CXX_FLAGS="-O3 -march=native -mtune=native -flto -funroll-loops -ffunction-sections -fdata-sections -Wl,--gc-sections" \
    cmake \
        -DCMAKE_BUILD_TYPE=Release \
        -DBUILD_SHARED_LIBS=OFF \
        -DCMAKE_C_FLAGS="-O3 -march=native -mtune=native -flto -funroll-loops -ffunction-sections -fdata-sections -Wl,--gc-sections" \
        -DCMAKE_INSTALL_PREFIX=./installed .. \
        && \
    cmake --build . --config Release --target brotlienc

    # git clone https://github.com/yaoweibin/nginx_upstream_check_module && \
RUN set -xeu && \
    git clone https://github.com/openresty/headers-more-nginx-module

RUN set -xeu && \
    mkdir -p /usr/local/src/nginx && \
    wget -O - "https://nginx.org/download/nginx-${VERSION}.tar.gz" | tar -zxf - --strip-components=1 -C /usr/local/src/nginx && \
    cd /usr/local/src/nginx && \
    for i in /usr/local/src/patch/*.patch; do \
      echo "Applying ${i}..." && \
      patch -Np1 -i "$i"; \
    done && \
    # patch -Np1 -i /usr/local/src/nginx_upstream_check_module/check_1.16.1+.patch
    # --add-module=/usr/local/src/nginx_http_upstream_check_module \
    ./configure \
    --build="amazing from here" \
    --with-cc-opt="-Wno-error -DTCP_FASTOPEN=23 -O2 -flto -ffat-lto-objects -funsafe-math-optimizations -fstack-protector  -fcode-hoisting -funroll-loops -ffunction-sections -fdata-sections -Wl,--gc-sections --param=ssp-buffer-size=4 -Wformat -Werror=format-security -Wp,-D_FORTIFY_SOURCE=2" \
    --with-ld-opt='-Wl,-Bsymbolic-functions -flto=auto -Wl,--as-needed -pie -Wl,-z,relro -Wl,-z,now -Wl,-Bsymbolic -Wl,--gc-sections -fPIC -flto=auto -ffat-lto-objects' \
    --prefix=/opt/nginx \
    --add-module=/usr/local/src/headers-more-nginx-module \
    --add-module=/usr/local/src/ngx_brotli \
    --conf-path=etc/nginx.conf \
    --pid-path=tmp/nginx.pid \
    --lock-path=tmp/nginx.lock \
    --without-select_module \
    --without-poll_module \
    --with-threads \
    --with-file-aio \
    --with-http_ssl_module \
    --with-http_v2_module \
    --with-http_v3_module \
    --with-http_realip_module \
    --with-http_gzip_static_module \
    --without-http_ssi_module \
    --without-http_userid_module \
    --without-http_auth_basic_module \
    --without-http_fastcgi_module \
    --without-http_uwsgi_module \
    --without-http_scgi_module \
    --without-http_memcached_module \
    --without-http_browser_module \
    --http-client-body-temp-path=tmp/client_body \
    --http-proxy-temp-path=tmp/proxy \
    --without-mail_smtp_module \
    --without-mail_imap_module \
    --without-mail_pop3_module \
    --with-stream \
    --with-stream_ssl_module \
    --with-stream_realip_module \
    --with-stream_ssl_preread_module \
    --with-pcre \
    --with-pcre-jit \
    --with-libatomic && \
    make -j `nproc` && \
    make install && \
    ldd /opt/nginx/sbin/nginx && \
    find /opt/nginx && \
    cat /opt/nginx/etc/nginx.conf && \
    rm -r /opt/nginx/html/ && \
    mkdir /opt/nginx/etc/conf.d/ && \
    mkdir -p /opt/nginx/html/ && \
    install -m644 html/index.html /opt/nginx/html/ && \
    install -m644 html/50x.html /opt/nginx/html/ && \
    ln -sf /dev/stdout /opt/nginx/logs/access.log && \
    ln -sf /dev/stderr /opt/nginx/logs/error.log && \
    cd /opt/nginx && \
    rm \
        etc/fastcgi_params \
        etc/fastcgi_params.default \
        etc/fastcgi.conf \
        etc/fastcgi.conf.default \
        etc/uwsgi_params \
        etc/uwsgi_params.default \
        etc/scgi_params \
        etc/scgi_params.default && \
    ldd sbin/nginx && \
    strip -X -x -s -v  sbin/nginx

##
## PKG
##
FROM harbor.repository.lb.home.dc.internal.amuz.es/infrastructure/alpine-base:3.19-latest AS pkg

RUN set -xeu && \
    mkdir pkgs output &&\
    apk --no-cache \
        fetch -R -o pkgs \
            openssl \
            pcre2 \
            zlib \
            musl-utils \
            && \
    rm -f \
        pkgs/busybox-*.apk \
        pkgs/ca-certificates-*.apk \
        pkgs/libcrypto3-*.apk \
        pkgs/libssl3-*.apk \
        pkgs/ssl_client-*.apk && \
    find pkgs -type f -name '*.apk' -print0 |awk -F'\0' '{printf("echo \"extracting %s\";tar -zxf \"%s\" -C output || exit 1\n",$0,$0)}' |sh && \
    find output -type f -name '.*'  -delete

##
## Deploy
##
FROM harbor.repository.lb.home.dc.internal.amuz.es/infrastructure/minimal-toolbox:3.19-latest

COPY --from=build /opt/nginx /opt/nginx
COPY --from=pkg output /pkg


RUN set -xeu && \
    cp -af /pkg/* / && \
    rm -rf /pkg
    
RUN set -xeu && \
    mkdir /docker-entrypoint.d

COPY nginx.conf /opt/nginx/etc/nginx.conf
COPY nginx.vh.no-default.conf /opt/nginx/etc/conf.d/default.conf
COPY docker-entrypoint.sh /
COPY /docker-entrypoint.d /docker-entrypoint.d

RUN set -xeu && \
    mkdir -p  /usr/local/sbin && \
    ln -sf /opt/nginx/sbin/nginx /usr/local/sbin/nginx && \
    mkdir -p /opt/nginx/etc/templates \
        /opt/nginx/etc/stream-conf.d \
        /opt/nginx/etc/conf.d \
        /opt/nginx/tmp \
        /opt/nginx/logs && \
    chown -R 1000:1000 \
        /opt/nginx/etc \
        /opt/nginx/tmp \
        /opt/nginx/logs


WORKDIR /opt/nginx

LABEL org.opencontainers.image.authors="Sangbum Kim <sangbumkim@amuz.es>"

EXPOSE 8080 8443 8443/udp

STOPSIGNAL SIGQUIT


ENTRYPOINT [ "/sbin/tini", "-s", "--", "/docker-entrypoint.sh"]

USER 1000:1000

VOLUME ["/opt/nginx/etc/conf.d", "/opt/nginx/html", "/opt/nginx/tmp", "/opt/nginx/logs"]
ENV PATH="/opt/nginx/sbin:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin"
CMD ["nginx", "-g", "daemon off;"]ca