# Use Ubuntu as the base image
FROM ubuntu:24.04

# Set environment variables to avoid interactive prompts during installation
ENV DEBIAN_FRONTEND=noninteractive

# Install Squid and sudo (needed to run command as proxy user during build)
RUN apt-get update && \
    apt-get install -y squid sudo && \
    apt-get clean && \
    rm -rf /var/lib/apt/lists/*

# Create squid configuration with high anonymity features
# Note: cache_dir is set to /tmp to avoid permission issues with root /tmp
RUN echo 'cache_dir ufs /tmp 100 16 256\n\
http_port 7860\n\
pid_filename /tmp/squid.pid\n\
cache_mem 128 MB\n\
maximum_object_size 4096 KB\n\
cache_swap_high 95\n\
cache_swap_low 90\n\
forwarded_for delete\n\
via off\n\
follow_x_forwarded_for deny all\n\
request_header_access X-Forwarded-For deny all\n\
request_header_access Via deny all\n\
visible_hostname squid-proxy-hf\n\
acl SSL_ports port 443\n\
acl Safe_ports port 80\n\
acl Safe_ports port 443\n\
acl CONNECT method CONNECT\n\
http_access allow all\n\
http_access deny !Safe_ports\n\
http_access deny CONNECT !SSL_ports\n\
http_access deny all\n\
access_log stdio:/dev/stdout\n\
cache_log stdio:/dev/stderr\n\
cache_store_log stdio:/dev/stdout\n\
refresh_pattern ^ftp: 1440 20% 10080\n\
refresh_pattern ^gopher: 1440 0% 1440\n\
refresh_pattern -i (/cgi-bin/|\?) 0 0% 0\n\
refresh_pattern . 0 20% 4320\n\
pipeline_prefetch 1\n\
half_closed_clients off' > /etc/squid/squid.conf

# Set proper permissions for configuration
RUN chown root:proxy /etc/squid/squid.conf && \
    chmod 644 /etc/squid/squid.conf

# Create cache directory with correct ownership and initialize it as proxy user
# This is a workaround for permission issues in HuggingFace Spaces
RUN sudo -u proxy squid -z

# Expose HTTP port
EXPOSE 7860

# Health check
HEALTHCHECK --interval=30s --timeout=10s --start-period=5s --retries=3 \
    CMD squid -k check

USER proxy

# Start Squid proxy server
CMD ["squid", "-NYC"]