# --- Stage 1: Build remotemoe ---
FROM golang:1.21-alpine AS builder

# Install git
RUN apk add --no-cache git

WORKDIR /app

# Clone the repo
RUN git clone https://github.com/fasmide/remotemoe.git .
RUN go mod download

# Build statically
RUN CGO_ENABLED=0 GOOS=linux go build -a -installsuffix cgo -o remotemoe main.go

# --- Stage 2: Runtime ---
FROM alpine:latest

# Install Nginx, Supervisor, and curl
RUN apk add --no-cache nginx supervisor curl

# Install websocat (Bridge for SSH over WebSocket)
RUN curl -L -o /usr/bin/websocat https://github.com/vi/websocat/releases/download/v1.13.0/websocat.x86_64-unknown-linux-musl \
    && chmod +x /usr/bin/websocat

# Create a non-root user
RUN adduser -D -u 1000 appuser

WORKDIR /home/appuser

# Copy binary
COPY --from=builder /app/remotemoe .

# --- CONFIGURATION SECTION ---

# 1. Create a custom Nginx Config (Non-root compliant)
# We write this to the user's home directory to avoid permission errors in /etc/nginx
RUN echo ' \
worker_processes auto; \
daemon off; \
pid /home/appuser/nginx.pid; \
error_log /home/appuser/nginx_error.log warn; \
\
events { \
    worker_connections 1024; \
} \
\
http { \
    access_log /home/appuser/nginx_access.log; \
    client_body_temp_path /home/appuser/client_body_temp; \
    proxy_temp_path /home/appuser/proxy_temp; \
    fastcgi_temp_path /home/appuser/fastcgi_temp; \
    uwsgi_temp_path /home/appuser/uwsgi_temp; \
    scgi_temp_path /home/appuser/scgi_temp; \
    \
    map $http_upgrade $connection_upgrade { \
        default upgrade; \
        ""      close; \
    } \
    \
    server { \
        listen 7860 default_server; \
        \
        # Route 1: SSH Tunnel via WebSocket \
        location /ssh { \
            proxy_pass http://127.0.0.1:9999; \
            proxy_http_version 1.1; \
            proxy_set_header Upgrade $http_upgrade; \
            proxy_set_header Connection $connection_upgrade; \
            proxy_read_timeout 86400; \
        } \
        \
        # Route 2: Web Dashboard \
        location / { \
            proxy_pass http://127.0.0.1:8080; \
            proxy_set_header Host $host; \
            proxy_set_header X-Real-IP $remote_addr; \
        } \
    } \
} ' > /home/appuser/nginx.conf

# 2. Configure Supervisor
RUN mkdir -p /etc/supervisor.d/ && echo ' \
[supervisord] \
nodaemon=true \
logfile=/home/appuser/supervisord.log \
pidfile=/home/appuser/supervisord.pid \
\
[program:remotemoe] \
command=/home/appuser/remotemoe --ssh-addr :2222 --http-addr :8080 \
stdout_logfile=/dev/stdout \
stderr_logfile=/dev/stderr \
directory=/home/appuser \
\
[program:websocat] \
command=/usr/bin/websocat --binary --exit-on-eof -s 9999 tcp:127.0.0.1:2222 \
stdout_logfile=/dev/stdout \
stderr_logfile=/dev/stderr \
\
[program:nginx] \
command=nginx -c /home/appuser/nginx.conf \
stdout_logfile=/dev/stdout \
stderr_logfile=/dev/stderr \
' > /etc/supervisord.conf

# 3. Create necessary temp directories and set permissions
RUN mkdir -p /home/appuser/client_body_temp \
             /home/appuser/proxy_temp \
             /home/appuser/fastcgi_temp \
             /home/appuser/uwsgi_temp \
             /home/appuser/scgi_temp \
    && chown -R appuser:appuser /home/appuser

# Switch to non-root user
USER appuser

# Expose the HF App Port
EXPOSE 7860

# Start Supervisor
CMD ["supervisord", "-c", "/etc/supervisord.conf"]