# --- Stage 1: Runtime ---
FROM alpine:latest

# Install Nginx, Curl, Supervisor
RUN apk add --no-cache nginx curl supervisor

# --- Install Chisel ---
RUN curl -L -o /tmp/chisel.gz https://github.com/jpillora/chisel/releases/download/v1.9.1/chisel_1.9.1_linux_amd64.gz \
    && gzip -d /tmp/chisel.gz \
    && mv /tmp/chisel /usr/bin/chisel \
    && chmod +x /usr/bin/chisel

# Create User
RUN adduser -D -u 1000 appuser
WORKDIR /home/appuser

# --- CONFIGURATION ---

# 1. Nginx Config
RUN echo ' \
worker_processes auto; \
daemon off; \
pid /home/appuser/nginx.pid; \
error_log /dev/stderr info; \
\
events { \
    worker_connections 1024; \
} \
\
http { \
    access_log /dev/stdout; \
    client_body_temp_path /home/appuser/client_body_temp; \
    proxy_temp_path /home/appuser/proxy_temp; \
    fastcgi_temp_path /home/appuser/fastcgi_temp; \
    uwsgi_temp_path /home/appuser/uwsgi_temp; \
    scgi_temp_path /home/appuser/scgi_temp; \
    \
    map $http_upgrade $connection_upgrade { \
        default upgrade; \
        ""      close; \
    } \
    \
    server { \
        listen 7860 default_server; \
        \
        # The Tunnel Endpoint \
        location /_tunnel { \
            proxy_pass http://127.0.0.1:7777/; \
            proxy_http_version 1.1; \
            proxy_set_header Upgrade $http_upgrade; \
            proxy_set_header Connection $connection_upgrade; \
            proxy_read_timeout 86400; \
        } \
        \
        # The Public View \
        location / { \
            proxy_pass http://127.0.0.1:8080; \
            proxy_set_header Host $host; \
            proxy_set_header X-Real-IP $remote_addr; \
        } \
    } \
} ' > /home/appuser/nginx.conf

# 2. Start Script
RUN echo "#!/bin/sh" > start.sh && \
    echo "echo '--- Starting Chisel Server ---'" >> start.sh && \
    echo "chisel server --port 7777 --reverse &" >> start.sh && \
    echo "echo '--- Starting Nginx ---'" >> start.sh && \
    echo "nginx -c /home/appuser/nginx.conf &" >> start.sh && \
    echo "echo '--- Running. Waiting for client connection... ---'" >> start.sh && \
    echo "tail -f /dev/null" >> start.sh && \
    chmod +x start.sh

# 3. Permissions (The Fix for the log warning)
# We create the log directory and give ownership to appuser
RUN mkdir -p /var/lib/nginx/logs \
    && touch /var/lib/nginx/logs/error.log \
    && chown -R appuser:appuser /var/lib/nginx \
    && mkdir -p /home/appuser/client_body_temp \
                /home/appuser/proxy_temp \
                /home/appuser/fastcgi_temp \
                /home/appuser/uwsgi_temp \
                /home/appuser/scgi_temp \
    && chown -R appuser:appuser /home/appuser \
    && chmod -R 777 /home/appuser

# Switch User
USER appuser

EXPOSE 7860
CMD ["./start.sh"]