FROM python:3.11-slim

WORKDIR /app

RUN apt-get update && apt-get install -y --no-install-recommends \
    build-essential \
    nginx \
    && rm -rf /var/lib/apt/lists/*

COPY requirements.txt .
RUN pip install --no-cache-dir -r requirements.txt

COPY . .

RUN chmod +x start.sh

# Allow non-root nginx: writable pid/log/cache dirs
RUN mkdir -p /tmp/nginx && \
    chmod -R 777 /var/log/nginx /var/lib/nginx /tmp/nginx

RUN useradd -m -u 1000 user
USER user

EXPOSE 7860

CMD ["./start.sh"]