FROM nginx:stable
LABEL maintainer="Yaltik - Fabien Bourgeois <fabien@yaltik.com>"

# Default variables
ENV NGINX_HOST="localhost 127.0.0.1" NGINX_PORT="8080" NGINX_SSL_PORT="8443" NGINX_EXTERNAL_PORT="80" NGINX_EXTERNAL_SSL_PORT="443" CERTIFICATE_PATH="/etc/nginx/certs/req.pem" CERTIFICATE_KEY_PATH="/etc/nginx/certs/cert.key" SSL_PROTOCOLS="TLSv1.2 TLSv1.3" SSL_CIPHERS="ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384" CLIENT_BODY_BUFFER_SIZE="1K" CLIENT_HEADER_BUFFER_SIZE="1k" CLIENT_MAX_BODY_SIZE="1k" LARGE_CLIENT_HEADER_BUFFERS="4 8k"

# Create usefull directories
RUN mkdir /etc/nginx/certs && mkdir /etc/nginx/templates
# Create sensible CERTS
COPY req.pem cert.key dhparams.pem /etc/nginx/certs/
#
# Clean, copy templates and usefull files
RUN rm /etc/nginx/conf.d/*
COPY launch.sh /launch.sh
COPY nginx.conf /etc/nginx/
COPY root.conf /etc/nginx/templates/

# Dot not daemonize nginx
RUN echo 'daemon off;' >> /etc/nginx/nginx.conf

# nginx user (no root)
RUN touch /var/run/nginx.pid && \
  chown -R nginx:nginx /var/run/nginx.pid && \
  chown -R nginx:nginx /var/cache/nginx && \
  chown -R nginx:nginx /etc/nginx/

USER nginx

CMD ["bash", "/launch.sh"]