FROM alpine:3.21
LABEL Maintainer="Christian Steinle <kontakt@steinle-computer.de>"
LABEL Description="Lightweight container with Nginx 1.22 & PHP 8.2 based on Alpine Linux."

WORKDIR /var/www/html

# Set environment variable to serve not from /var/www/html but subpath, for e.g. Laravel.
ENV SERVE_PATH=

RUN apk update && \
  apk upgrade && \
  apk add --no-cache \
    curl \
    nginx \
    php82 \
    php82-bcmath \
    php82-ctype \
    php82-curl \
    php82-dom \
    php82-fileinfo \
    php82-fpm \
    php82-gd \
    php82-mbstring \
    php82-mysqli \
    php82-openssl \
    php82-pdo \
    php82-pdo_mysql \
    php82-pdo_pgsql \
    php82-pdo_sqlite \
    php82-session \
    php82-tokenizer \
    php82-xml \
    php82-xsl \
    php82-zip \
    supervisor

# Link to php, for calling "php artisan serve".
RUN ln -s /usr/bin/php82 /usr/bin/php

# Copy configuration and entrypoint. Entrypoint is needed to change nginx's document root if environement variable is given.
COPY config/nginx.conf /etc/nginx/nginx.conf
COPY config/fpm-pool.conf /etc/php82/php-fpm.d/www.conf
COPY config/php.ini /etc/php82/conf.d/custom.ini
COPY config/supervisord.conf /etc/supervisor/conf.d/supervisord.conf
COPY config/entrypoint.sh /bin/entrypoint.sh

RUN chmod a+x /bin/entrypoint.sh

EXPOSE 8080

RUN chown -R nobody:nobody /var/www/html /run /var/lib/nginx /var/log/nginx /etc/nginx

ENTRYPOINT ["/bin/entrypoint.sh"]

# Use unpriviledged user for security.
USER nobody

# Add healthcheck to container.
HEALTHCHECK --timeout=10s CMD curl --silent --fail http://127.0.0.1:8080/fpm-ping