# Use an Nginx base image
FROM nginx:alpine

# Create non-root user first
RUN adduser -D -u 1000 user

# Create required nginx directories with correct permissions
RUN mkdir -p /tmp/nginx/cache \
    /tmp/nginx/run \
    /tmp/nginx/client_temp \
    /tmp/nginx/proxy_temp \
    /tmp/nginx/fastcgi_temp \
    /tmp/nginx/uwsgi_temp \
    /tmp/nginx/scgi_temp && \
    chown -R user:user /tmp/nginx

# Set up the web root directory with correct permissions
RUN mkdir -p /usr/share/nginx/html && \
    chown -R user:user /usr/share/nginx/html

# Copy web files and set ownership
COPY --chown=user web /usr/share/nginx/html

# Set up user's home directory
WORKDIR /home/user/app
ENV HOME=/home/user \
    PATH=/home/user/.local/bin:$PATH

# Copy application files
COPY --chown=user . /home/user/app

# Switch to non-root user
USER user

# Nginx configurations remain accessible to root
RUN echo $'server {\n\
    listen 7860;\n\
    location / {\n\
        root   /usr/share/nginx/html;\n\
        index  index.html index.htm;\n\
        try_files $uri $uri/ /index.html;\n\
    }\n\
}\n' > /tmp/nginx.conf

# Use unprivileged port 7860
EXPOSE 7860

# Start Nginx with the custom config
CMD ["nginx", "-c", "/tmp/nginx.conf"]