# alpine :
FROM alpine:3.15
# debian :
#FROM debian:buster

# alpine :
RUN apk add nginx openssl
# debian :
#RUN apt update && apt install -y nginx openssl && rm -rf /var/lib/apt/lists/*

# for debug
#RUN apt install -y procps vim

# alpine :
RUN mkdir -p /etc/ssl/private
RUN mkdir -p /etc/ssl/certs

# create ssl certificate
RUN openssl req -newkey rsa:2048 -nodes -x509 \
	-keyout /etc/ssl/private/hulamy.42.fr.key -out /etc/ssl/certs/hulamy.42.fr.crt \
	-subj "/C=fr/ST=ile-de-france/L=paris/O=42/OU=inception/CN=hulamy.42.fr"

# import sites conf files
COPY ./conf/nginx.conf /etc/nginx/
COPY ./conf/inception_nginx.conf /etc/nginx/conf.d/

# for test
COPY ./conf/index.html /data/www/
COPY ./conf/https/index.html /data/wwws/

CMD [ "nginx", "-g", "daemon off;" ]


#
# run nginx with alpine :
#   https://www.techtarget.com/searchitoperations/tutorial/Use-Docker-and-Alpine-Linux-to-build-lightweight-containers
#
# -g 'daemon off' :
#   daemon off, to avoid the main process of nginx to quit after creating its childs, and therefore make docker exit
#   https://stackoverflow.com/questions/18861300/how-to-run-nginx-within-a-docker-container-without-halting
#
# ssl certificate :
#   openssl faq : https://www.openssl.org/docs/faq.html
#   openssl req : create ertificate request, and optionally create self signed certificates
#   openssl req man : https://www.openssl.org/docs/man1.0.2/man1/openssl-req.html
#   exemple of openssl with nginx on docker : https://www.johnmackenzie.co.uk/posts/using-self-signed-ssl-certificates-with-docker-and-nginx/
#
#   usually the steps are :
#   - create a server private key : `openssl genrsa -out server.key 2048`
#   - create a CSR (certificate signing request) with the key : `openssl req -new -key server.key -out www.exemple.com.csr`
#   - it will ask for :
#     -  Country Name (2 letter code)
#     -  State or Province Name (full name)
#     -  Locality Name (eg, city)
#     -  Organization Name (eg, company)
#     -  Organizational Unit Name (eg, section)
#     -  Common Name (eg, fully qualified host name)
#     -  Email Address (put nothing)
#   - now ask to a CA (certificate authority) for a certificate.crt by giving them your request.csr
#
#   alternatively we can generate our self-signed certificate with the `openssl req` command :
#     - `x509` option is used to output a certificate instead of a certificate request
#     - a request is created from scratch, if it is not given with `-in`
#     - `newkey` generate a new private key, unless `-key` is given
#     - `nodes` create a private key without encryption (no passphrase needed)
#
# SO discussion about becomming a real CA to have a certificate that works in deployement : https://stackoverflow.com/questions/10175812/how-to-generate-a-self-signed-ssl-certificate-using-openssl
#